The EU Commission and High Representative recently announced the ‘European Space Strategy for Security and Defence’ for the first time. Within this strategy, the Commission outlined plans to provide a framework for safety, security, and sustainability of space-based technologies. The strategy also provided some insight regarding preparatory work aiming to enable autonomous access to space, and address critical security and defense needs.
In order to maximise the use of space for security purposes, the strategy incorporates projects designed to test both the delivery of space domain awareness services and a new observation governmental service as part of the evolution of Copernicus – the Earth Observation’s component of the EU space programme. This will better connect space, defense, and security at EU level and support co-operation in terms of research and development.
Security in the stars
The strategy reflects a growing awareness of the need for enhanced security when it comes to satellites and other space-based technologies. With demands for digital connectivity soaring, we continue to see a significant number of satellites being sent into orbit. There are currently over 10,000 satellites orbiting the Earth at present, with this technology becoming an essential tool for government operations. It enables them to gather key intelligence and carry out surveillance, with sensitive information quickly communicated back in real-time without putting lives at risk on the ground. This is especially important when governments are monitoring situations where tensions are high.
Not only can satellites help flag military movements or deployments, but they can also support navigational applications such as land surveys and urban planning. But ensuring the security of these technologies is paramount. As satellites continue to gather and transmit huge amounts of sensitive data, they have become a key target for hackers looking to exploit this information for financial gain.
It only takes one satellite to be corrupted in order to bring down a whole network. In 2022, alleged Russian hackers were able to disable key communications in Ukraine through an attack against Viasat, a US based satellite company. This resulted not only in a blackout of communications within Ukraine, but a disruption of internet connections across Europe. As a result, hundreds of thousands of people were cut off from the internet.
A growing threat landscape
Hackers can quickly gain access to satellites through routine IT management platforms or other basic networks. If given the chance to install malware into the system, sensitive information can soon be accessed. With the increasing sophistication of cybercrime, it is becoming increasingly difficult for anyone to unearth exactly how much data has been compromised, or track where an attack has come from. Should sensitive data fall into the wrong hands, the security of entire nations can be at stake.
The EU strategy has come along at the right time. The sheer number of Earth station access points makes it difficult to provide adequate security for all satellites. Data must be protected across all stages of transmission, as any device connected to a satellite can be compromised and give hackers access to the whole network. Cyber and supply chain problems should be considered common mode failures as it doesn’t matter how many satellites an organization has in operation; all it takes is a single attack to bring them all down. Only the latest industry standards and specifications can help support the entire satellite ecosystem to provide a strong line of defense against malicious attacks.
Ensuring a secure ecosystem
As satellite communications have advanced, so too have the security solutions available. With the satellite ecosystem ever-growing, it is vital the correct architectures, specifications, and technologies are in place to reduce the severity of cyberattacks. TCG is playing a crucial role in establishing strong security protocols and guidance for operators to follow. Adopting a trusted computing approach is crucial if governments and organizations are to attest the reliability and identity of their devices, as they form the building blocks required for secure systems.
Ensuring the authentication of communications should be at the forefront of any satellite operator’s mind, and checks should be carried out at every stage of data transmission. Through specifications designed by the TCG, satellites are empowered to ignore unauthorized information, no matter the number of devices communicating with it. This authentication process serves as a firewall against malicious attackers attempting to access sensitive data. Encrypting communication at the network level also provides strong protection for data as it traverses the satellite ecosystem.
Governments and agencies must also consider a satellite’s positioning within its supply chain. With supply chain attacks increasing by 600% in 2022 from the previous year, these types of threats are becoming commonplace, and more work can be done to ensure correct guidance and specifications are adopted to verify the integrity of equipment linked to satellite technologies. These standards and specifications not only benefit satellites specifically but have been designed to improve the security of all types of technology, and should these be followed universally, everyone involved in the design and manufacturing process will mutually reap the benefits.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.