Vulnerabilities can keep you awake at night. Will your computer be hacked? Will your business computers be held for ransom? How safe are satellites that run just about everything?
A new webinar series is exploring the chaos and potential harm that could be unleashed by exploiting or destroying a critical link between millions of devices and systems.
Sponsored by the Baltimore Sun and Capitol Technical University of Laurel, the series focuses on how the security of individuals, businesses and entire industries are impacted by new platforms, software and hardware.
The inaugural presentation focused on Aerospace: A Critical Domain of Space and Cybersecurity on satellites and satellite warfare.
Diane Janosek, commandant and training director for the NSA’s National Cryptologic School, noted that many of the things taken for granted in everyday life significantly rely on satellites.
“They’re used for GPS, time, location, weather forecasting, traffic, ATMs, video conferencing, television, inventory control, broadband, air traffic control and sea navigation,” she said.
The military also relies on satellites for the entire spectrum of modern conflict.
Primary vulnerabilities exist at uplink and downlink points on the ground but satellites are now becoming vulnerable even in their relatively inaccessible location in Earth orbit.
Vulnerability in space is a big reason why the United States established both the Space Command and Space Force last year.
“It’s a critical domain … important to our economy, national security, national defense and the capabilities and daily freedoms it provides for us,” Janosek said. “People are starting to realize there’s a lot going on in space and we have a lot at stake.”
China successfully tested its ability to use one satellite to destroy another in 2007 and Russia also has this capability using satellite-launched projectiles.
According to an unclassified Competing in Space assessment released last year by the U.S. Air Force and the National Air and Space Intelligence Center, reduced satellite cost and increased access will drive more countries to integrate satellite systems into their military capabilities and commercial availability could enable terrorist groups to improve their capabilities.
The risk of collisions increases as more satellites enter low Earth orbit and dual-use capabilities could make it difficult to discern between legitimate and hostile satellites.
The United States currently operates 869 satellites, including 391 communications satellites, 31 navigation satellites and 94 technology and development satellites, Janosek said.
“Foreign competitors and adversaries are capable of conducting electronic attacks to disrupt, deny, deceive or degrade space services,” she said, through means that include signal jamming, denial of service attacks, malware, spoofing, hijacking and hacking.
In 2007 and 2008, Chinese hackers are suspected of having interfered with the U.S. Landsat 7 and Terra satellites through a commercial satellite station in Norway that is used by NASA to transmit data including instructions for orbit changes and maneuvers.
Although the hack caused no damage, it suggests how vulnerable satellites are to attack.
This year, the Air Force and the Defense Department’s Defense Digital Service went so far as to invite hackers virtually attending the 2020 Def Con hacker convention in August to participate in a game to see if they could successfully take control of an actual satellite.
The Hack-A-Sat exercise demonstrated just how seriously the Pentagon considers the threat.
“Letting experts hack an orbiting satellite will teach us how to build more secure systems in the future,” said Will Roper, assistant secretary of the Air Force for Acquisition, Technology and Logistics.
In 2019, the Center for Advanced Defense Studies in Washington, D.C., reported that 9,883 Global Navigation Satellite System spoofing events across 10 locations had affected 1,311 civilian vessel navigation systems since February 2016, constituting a safety hazard for both ocean vessels and aircraft.
“It took ships off course and kept drones out of sensitive airspace,” Janosek said, calling it an area ripe for innovation, collaboration and education.
“We need to be more deliberate … pulling together industry, academia and government,” she said. “There needs to be a broader consortium to come together and think more strategically how to address this so our everyday lives are not impacted by some of these cyber attacks that are occurring and evolving and becoming more sophisticated and deliberate.”
Janosek sees the need for an all-hands approach involving multiple disciplines.
“Technical, legal, policy, software integration, systems engineering, data science, AI and education all need to come together,” she said. “There’s lots of opportunity here.”
Other topics in the webinar series included a presentation on identity, credential and access management, the role of machine learning in emerging computing systems, and protecting construction workers through technology and innovation advancements.
The series is available for on-demand viewing at Capitol Technology University’s website, www.captechu.edu/webinar-series.
By George Berkheimer | Senior Writer | The Business Monthly | February 2021 Issue