Content

Satellite boom expands network capabilities, but brings new security considerations

CubeSat
STF1 CubeSats inside Rocket Lab facility, located at Huntington Beach California in 2018. (Photo via NASA/WikiMedia Commons)

The potential use cases of satellites have boomed in recent years with the introduction of low-cost, low earth orbit satellites at a price point attractive even to hobbyists. In a two-part report out Thursday, McAfee warns that the new satellite ecosystem also brings new security considerations. 

Currently, the small satellites are largely used for research purposes. But that’s bound to change, said Christiaan Beek, lead scientist and senior principal engineer at McAfee, who worked on the report, as enterprises begin to use these satellites for business purposes. There’s interest, for example, in using satellites in lieu of fiber to connect remote locations to networks. 

“The nature of scientists and low-orbit satellites right now is [about] a lot of fun and learning. Security isn’t even a discussion," Beek said.

At issue is the new layout of getting data to and from space. Historically, fears around satellite security centered around potential interception of radio communication to and from the satellites. That was largely due to the small number of satellites, combined with limited access to the broadcast stations that transmit to those satellites.

But the growing prevalence of satellites creates several new considerations. For example, since the most economical way to transmit to the smaller satellites appears to be cloud-based ground stations, McAfee notes that users of these satellites will have to implement the same security controls required of any cloud implementation.

Should someone opt to instead open a dedicated ground station, the security implications are more similar to those associated with industrial control systems. And in all cases, the small-and-cheap model of low orbit satellites can rely on off the shelf hardware, with well-publicized vulnerabilities. It’s an IoT-type problem in space, McAfee notes, though unlike IoT, a vendor could take a long time to patch patch, given the number of bespoke software and hardware satellites and the complications tied to downtime.

As more vendors enter the field and more businesses find uses, said Beek, it will become increasingly important for chief information security officers to have detailed conversations with satellite makers about patching protocols and ground stations on cloud security measures. And businesses have seen with bucket leakages and ICS security, it’s an issue that requires some hands-on protection posture, even if a satellite is many, many arms lengths away. 

"We need to take a small step backward before we take a giant leap forward in space," Beek said.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.