The threats to space assets are both kinetic and non-kinetic.

There is an array of capabilities adversaries may use to interfere with or disable satellites and ground-based systems. Satellite operations via Earth-bound entry points can offer cyber attackers with many vectors for hacking.

Space systems are focused on satellites (both information-gathering and backhaul data-processing) and includes the systems to launch them, is made up of ground station antennas or receptors, flight operations stations, data centers for housing transmitted data, and payload data processing facilities. The three main components of any space system architecture are ground segment, space segment, and communications. They are by design a mix of operational technologies (OT) and information technology (IT) elements. The complexity makes them intertwined with hardware and software operational challenges.

Read More: Hacking Space: Cyber-Securing the Vulnerable Space Enterprise Ecosystem

In this article, I will identify the most vulnerable elements of this puzzle.

1. Aircraft and spacecraft used by the military have software bugs that have been a problem on private computers for decades. Backdoors, hardcoded passwords, remote code execution (RCE), protocol flaws, faking, hijacking, SQL injection, and file upload flaws are the bugs that worry people the most. Small satellites often use real-time operating systems (RTOS) like VxWorks or a version of Linux like SpaceX’s Starlink. More off-the-shelf and open-source parts are being used now, and the control and information systems they connect to are a lot like business networks.
   
2. Terminals and ground stations are involved in the gathering of data and are often weak points for cybersecurity. They are therefore vulnerable to state-sponsored and non-state entities’ cyber espionage. The use of long-range telemetry for ground station communication is one of the shortcomings of satellite systems. Often, open protocols are used for the transmission of uplinks and downlinks, making them vulnerable to cyberattacks. Access to the satellite itself is granted to the attacker upon breaching the ground station network. The majority of cyberattacks targeting the ground segment make use of online vulnerabilities to trick employees of ground stations into downloading Trojan horses or malware onto their computers and networks.
   
3. Large data centers and data processing facilities are an invaluable resource for information and data captured from space. They are still a part of the ground segment. Last but not least, a mole inside the company might wreak havoc on space systems through exfiltration vulnerabilities. Malicious actors also need to be on the lookout for ways to socially engineer their way into the hearts and minds of organizations. This is especially crucial in space systems, as the larger the attack’s scope, the longer these actors are likely to still be hidden and give a plan time to come together. And to support such sleuthing, increased awareness and cybersecurity measures are needed, since space systems offer the potential to reach large areas of the world simultaneously.
   
4. The open-source software and commercial off-the-shelf hardware that are put aboard satellites, as well as the infrastructure of ground stations, pose the greatest risks. The ground-based infrastructure is by far the most vulnerable to attack because it will be internet-connected and run by people, who are far more easily “hacked” than computers through phishing and social engineering schemes.
   
5. There is an inherent supply chain risk to the security of the space system because the vendor environment and supply chain are so complicated in government-funded systems. The components that are needed for space systems are usually made by more than one company. Purchasing is often deliberately kept low by companies buying parts from global vendor catalog lists. As part of the clearance process for these companies, cyber security screening criteria may not always be made clear or enforced. There are risks of getting software from a vendor, which may be compromised or misconfigured.

Read More: What U.S. Businesses Can Learn from EU Cybersecurity Standards

The security risk management of satellites and space will continue to appear as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Our reliance on space, especially satellites, for business, security, communications, and intelligence makes satellite and space cybersecurity integral in this new digital age.