Space Force CIO Calls for Greater Collaboration, Secure Commercial Software

Whether it’s our navigation systems or systems that manage our everyday communications, the modern world is extremely dependent on satellites. That, of course, means satellites will increasingly become targets for attacks, including cyberattacks, as well as conduits of attack. In fact, it’s already happening.

For instance, in February 2022, a data wiper known as AcidRain targeted KA-SAT broadband service in an attempt to disable SATCOM modems in Ukraine. The attack did affect thousands of modems operating in Ukraine, according to this Viasat analysis. The attack also, apparently inadvertently, affected nearly 6,000 wind turbines operating within Germany.

Some have taken notice of the risks. Earlier this year, a bipartisan group of congressmen introduced the Satellite Cybersecurity Act. That act, if ever passed, would aim to consolidate satellite cybersecurity resources and best practices through a Cybersecurity and Infrastructure Security Agency (CISA)-created commercial system cybersecurity clearinghouse. The act would also direct CISA to study the current level of support for commercial satellite cybersecurity by the federal government.

“Hackers have already successfully attacked government satellites and it’s only a matter of time before they begin to more aggressively target commercial satellites. Vulnerabilities in these systems present an opportunity for foreign adversaries and cybercriminals to significantly disrupt American lives and livelihoods,” said U.S. Senator Gary Peters in a statement announcing the bill. “It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late. This bipartisan bill will help ensure these organizations–who often do not have enough resources–are able to protect their own networks,” he continued.

Satellite Security and Geopolitical Risk

Col. Jennifer Krolikowski, chief information officer, U.S. Space Systems Command, U.S. Space Force, detailed during the recent BlackBerry Security Summit China’s is tremendous strides in both the number of satellites and, perhaps, the cybersecurity skills needed to exploit satellite technology. She cited the rising number of satellites placed in orbit by the Chinese government. “They’re recognizing the amount of money within the space domain is going to be in the trillions. So they’re actually posturing a lot of their force and what they’re doing in order to go after the space environment and to be able to exert their power over into that and much, much more than we’ve seen in the past,” Krolikowski said.

Krolikowski suggested there won’t be an easy fix, but instead, there must be a cultural change and that industry should work on more agile, interoperable security toolsets.

How do we change the culture? How do we work in a more proactive way? “We need everybody from industry to also be working toward these things, too,” she said. She also called for more secure commercial software.

“I want to be able to use commercial as much as absolutely possible, but I can’t use it if it’s not secure,” she said. And if it’s vulnerable because of security issues or constraints or hasn’t been built with security in mind, then she’s not likely to use that software at all, or as much as she’d like to had the software been built with security in mind from the beginning.

Finally, she called for a flexible enough technology and security ecosystem to accommodate rapid change. “It’s only through collaboration and the work that we all do together that we can get after those problems,” she said.