Space might be the final frontier, but it’s getting crowded up there. Nearly 8,000 satellites are currently orbiting our planet. About 60% of these are no longer functional — and have become space junk — while 40% are in operation. Euroconsult estimates that approximately 1,000 new satellites are being launched each year, which puts us on track to have 15,000 satellites in orbit by 2028.
Among the 3,372 satellites included in the Union of Concerned Scientists’ Satellite Database, just over half were launched for commercial purposes. 61% of these provide communication capabilities, supporting everything from satellite broadcast television to global internet connectivity and Internet of Things (IoT) device communications. Much of the world’s critical infrastructure relies at least partially on this communication backbone, which means that a cyberattack targeting the satellite sector could have significant downstream consequences for enterprises and individuals worldwide.
Mounting Cybersecurity Risks
As more and more satellites are launched into orbit, the potential attack surface that these satellites and their extended cyber ecosystem present is expanding correspondingly. Projects like SpaceX’s Starlink satellite constellation are making high-speed, low-latency broadband internet access available to every corner of the globe, including remote areas that have never before had reliable connectivity. But as growing numbers of users — including businesses — come to depend on this communication infrastructure, the potential harm that its disruption could cause is growing.
SpaceX’s role in launching and maintaining space-based assets marks a pivotal moment in the history of space flight. Initially a military endeavor supported primarily through public funds and tightly controlled by governments, space exploration is now becoming a commercial activity. However, the commercialization of space travel raises new questions about how to regulate the actions of private entities in space.
In years past, the majority of satellites in orbit were launched for military purposes including providing early warning of impending nuclear attacks and aiding navigation and reconnaissance. The U.S. government developed comprehensive encryption requirements to protect data transmitted to and from these military-grade satellites from interception by malicious actors.
Small commercial-grade satellites are at equal if not higher risk of cyberattack, however, and yet are subject to fewer regulations. Commercial entities are inherently constrained by the profit motive, and thus strongly incentivized to reduce costs wherever possible. Relying on commercial off-the-shelf (COTS) hardware, open-source software and newly available Ground Stations-as-a-Service initiatives is considerably cheaper than employing military-grade solutions but increases the probability that internet-facing satellite infrastructures will be vulnerable to attack.
Protecting Your Business from Satellite-Based Cyber Threats
As satellite systems become more and more integral to global communication networks, they’re playing a growing role in numerous downstream business use cases. This means that risk managers and decision-makers should become more aware of satellite-based cybersecurity risks alongside the more general risks posed by third-party vendors and suppliers providing infrastructure that’s mission-critical for their operations.
“What’s true of satellite-based risks is true of third-party cybersecurity risks overall,” says Ron Schlecht, Managing Partner at BTB Security. “When companies are breached, it often comes about because of a vendor.”
Managing satellite cybersecurity risks to your business is less about emerging technologies and more about ensuring that the providers you choose to work with are adhering to cybersecurity best practices and implementing strong governance. “Awareness is key,” says Schlecht. “Know the risks that are involved and quantify them if at all possible. Make sure your legal team or representative has carefully examined your vendor agreements so that you can understand exactly what degree of risk you are taking on.”
Whether they involve satellite ground station access or shared cloud resources, managed services from third-party providers are becoming more and more broadly consumed these days. “Any provider should stipulate how available their services will be, how secure they are, and by what means data confidentiality will be guaranteed,” says Schlecht. “It’s up to you to ask the right questions. That ability is only going to become more important in the years to come.”
Want to hear more of our expert insights into the latest trends, most recent threats, and smartest strategies for staying secure? Check out our newest blog articles, or contact us to set up a free consultation with a member of our team to learn more about our services.