Cybersecurity and Satellites
Our need for more data, information, and these in a timely manner have driven research through the years. Many years ago, this was accomplished through ye olde snail mail, with the 5 ¼ or 3 ½ discs/disks. Later this advanced with the thumb drives. The downloads over modem took forever, and you hoped there was not an issue with the phone line, otherwise you may need to start over. The internet and infrastructure sped downloads speeds to incredible rates by comparison. The advances continue not only with internet speeds, but also other transmission methods.
With the global economy and data requirements, satellites are a new focus. One area, in addition to communications, the satellites are used for is GPS. This is used with vehicles, ships, airplanes, commercial trucking, military, and any other industry moving freight or people. There are few industries not using this technology in one form or another. The satellite technology has provided for increased economic productivity and better user experience for the various use cases. An example is GPS used in our smartphones and vehicles. Gone are the days with the huge fold-out maps or purchasing a CD with maps and printing off the route.
While the benefits are clear, there is also an area not addressed fully. The cybersecurity with the systems required further attention. Just as with other electronics, this can be attacked. These aren’t theoretical forms of attack. These have been shown to work. In 2019, software used by satellites (VxWorks) was shown to have vulnerabilities to be exploited. When executed, the attacker could take control of the satellite from anywhere. In certain instances, the software is proprietary, which would shift the attack to alternative areas on the attack surface. With the increase in the number of satellites, this is going to continue to be an issue. It would be an understatement to state these need to be tested and use the current industry standard cybersecurity measures.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.