Securing Satellite Connectivity From the Ground Up

Photo: Via Satellite illustration

As the satellite industry aims to serve every connectivity need from global 5G networks to mission critical communications, the ever-present threat of a cyber attack is an integral consideration of engineering design both in space and on the ground.

 The growth of the satellite industry is requiring increasingly more bandwidth and capacity to operate new 5G use cases and applications now and into the future. To meet this demand, megaconstellations are being deployed, creating more satellites and data traffic that needs to be protected from potential vulnerabilities on the network. The consequence of failing to do this is high as many connected industries – such as the military, the emergency services, and government operations – rely on safe links to help industries, vessels, and aircraft operate securely.

Satellites need to therefore adapt by design. If an attack was successful, the trust to the satellite company would be damaged and potentially irreversible. 

The satellite industry is continuously adjusting to ensure that satellites can be flexible to meet future changing market demands such as 5G backhaul and Internet of Things (IoT). In addition, satellite ground technology is evolving with more innovation and scalability as it looks to leverage virtualization, orchestration, and network slicing to support 5G connectivity. Software-defined satellites that can be reprogrammed to dynamically move capacity around depending on the market need are now a must-have for the industry to enable future growth. However, they are more vulnerable to potential threats. This danger can be reduced if Earth ground station equipment is secure and can operate as a firewall to ensure data is authorized before it is sent up to the constellations.

The isolation of satellites is the biggest difficulty, as anyone can aim an antenna at a satellite and send communication to it. Satellite engineers need to make sure the data being sent to a satellite has full authentication before trusting it. Protecting Earth station antennas from unauthorized access or disruption to data traffic is a way to prevent a larger security issue in space. A level of trust must be established between Earth-bound devices and satellites.

For satellites in space, lightweight security solutions have always been an essential part of the design. By using network security architecture, communications can be authenticated at every stage of data transmission that gets sent to the Earth-bound devices before it gets sent up to the satellite. This enables the Earth-side devices to be very effective firewalls to prevent possible end of denial service attacks that can be sent up to satellites when it could be too late. Even with thousands of satellites and devices communicating, the satellite will ignore communication if the package has been authenticated.

This helps to establish overall satellite network visibility by ensuring the devices that are communicating meet compliance requirements, have access control, and provide orchestration. Communication can also be fully encrypted at the networking level, so any data is protected when travelling across the satellite ecosystem.

To prevent unauthorized access to the satellite, network security should be the first consideration during the design stage before deployment. It is necessary to maintain the reliability and integrity of the network as well as protect a company’s reputation, avoiding potentially significant damage and financial loss in the future. With billion-dollar satellite devices at stake, along with the safety of critical industries the network serves such as the military, healthcare and billions of IoT devices, security should not be left as an afterthought. 

Thorsten Stremlau is the marketing work group chair for Trusted Computing Group (TCG), a nonprofit formed to develop and promote open, vendor-neutral, global industry specifications and standards. Stremlau is a senior engineering staff member and CTO within Lenovo’s Intelligent Devices Group PC & Smart Devices business. His career has been dedicated to identifying solutions and strategic implementations for customers in all aspects of IT.