The potential use cases of satellites have boomed in recent years with the introduction of low-cost, low earth orbit satellites at a price point attractive even to hobbyists. In a two-part report out Thursday, McAfee warns that the new satellite ecosystem also brings new security considerations.
Currently, the small satellites are largely used for research purposes. But that’s bound to change, said Christiaan Beek, lead scientist and senior principal engineer at McAfee, who worked on the report, as enterprises begin to use these satellites for business purposes. There’s interest, for example, in using satellites in lieu of fiber to connect remote locations to networks.
“The nature of scientists and low-orbit satellites right now is [about] a lot of fun and learning. Security isn’t even a discussion," Beek said.
At issue is the new layout of getting data to and from space. Historically, fears around satellite security centered around potential interception of radio communication to and from the satellites. That was largely due to the small number of satellites, combined with limited access to the broadcast stations that transmit to those satellites.
But the growing prevalence of satellites creates several new considerations. For example, since the most economical way to transmit to the smaller satellites appears to be cloud-based ground stations, McAfee notes that users of these satellites will have to implement the same security controls required of any cloud implementation.
Should someone opt to instead open a dedicated ground station, the security implications are more similar to those associated with industrial control systems. And in all cases, the small-and-cheap model of low orbit satellites can rely on off the shelf hardware, with well-publicized vulnerabilities. It’s an IoT-type problem in space, McAfee notes, though unlike IoT, a vendor could take a long time to patch patch, given the number of bespoke software and hardware satellites and the complications tied to downtime.
As more vendors enter the field and more businesses find uses, said Beek, it will become increasingly important for chief information security officers to have detailed conversations with satellite makers about patching protocols and ground stations on cloud security measures. And businesses have seen with bucket leakages and ICS security, it’s an issue that requires some hands-on protection posture, even if a satellite is many, many arms lengths away.
"We need to take a small step backward before we take a giant leap forward in space," Beek said.