Gearing up Space Cybersecurity for the IoT Era

The new Space ISAC held its first its first industry-government interchange forum in January 2020. The forum was created in 2019, when the U.S. space industry got together during the Space Symposium and announced its intention to set up a Space Information Sharing and Analysis Center (ISAC) at the behest of the interagency Science & Technology Partnership Forum and the National Space Council.

Founding members come from an interdisciplinary background and include Kratos Federal Space, Allen Hamilton, Lockheed Martin, Parsons Corporation, SES, Purdue University, University of Colorado-Colorado Springs, Johns Hopkins University Applied Physics Lab, and MITRE’s National Cybersecurity Center, among others that wish to remain anonymous. While the membership is varied, and global, it will be restricted to those countries currently deemed safe partners (as such, countries deemed hostile on a cyber level are not allowed to participate).

The first order of action of the Space ISAC is the creation of an unclassified portal to share threat information between members, which is to be launched later this year. Access will be limited to members, with a tiered payment structure for various levels of access. While expensive, the Space ISAC is also considering discounted rates for startups.

Created by the U.S. government in the late 1990s, ISACs have become a fundamental platform for information sharing on cyber and physical threats between the public and private sectors. They are highly valuable assets in many critical infrastructure sectors, notably finance, energy, and transport. A Space ISAC was becoming a necessary addition, especially with the increasing number of constellations being added to Earth’s orbit and especially Low Earth Orbit (LEO). This is because demand for Global Navigation Satellite Systems (GNSS), a constellation of satellite systems that transmit Positioning, Navigation, and Timing (PNT) data signals from space around the globe, is increasingly on the rise.

GNSS has become a key technology in modern societies, used across a broad number of sectors, including military, transportation (automotive and other road transport, aviation, and maritime), telecommunications, emergency services, law enforcement, energy, finance, agriculture, forestry, environmental protection, highway and construction, surveying, weather, and manufacturing, among others. With the growth of the Internet of Things (IoT), GNSS will increasingly be leveraged alongside cellular and other connectivity technologies to bridge digital divides, democratize connectivity, and bring in new services. And with 5G, considered as a network of networks, the 3rd Generation Partnership Project (3GPP) is debating to include satellite as an integral part of the 5G standard, and as such, closer scrutiny is being paid to its security.

Broadly speaking, GNSS threats can be classified in two broad categories: unintentional and intentional. Unintentional threats are primarily the result of natural and manmade elements, such as atmospheric conditions, solar radiation, electromagnetic interference, etc. A newer, and perhaps more worrying, phenomenon is the emergence of intentional threats, at least beyond classic military usage. These threats are the result of the modern strategic value of satellite PNT data and its widespread use across various industries. This makes it a target for malicious attack, notably through jamming and spoofing. While spoofing is a more complex threat than jamming, it is becoming more readily accessible (and affordable) through the availability of Software-Defined Radios (SDR).

It is becoming increasingly clear that spoofing will likely be able to defeat any number of legitimate uses in technologies using GNSS, such as geo-fencing, tracking in pay-as-you-go driving, toll fee collection, advanced diver assisted systems, Vehicle-to-Vehicle and Vehicle-to-Everything (V2V/V2X), automated insurance calculation, intelligent transportation systems, telematics, fleet management, ship and aircraft navigation systems, and many other IoT and M2M applications.

As such, the necessity of a Space ISAC is clear, and timely. While there are a number of various international forums where GNSS vulnerabilities are discussed, few actionable security solutions are available in the market today. A public-private forum for information sharing is a first start to raising awareness of the situation and will be key to driving the development of appropriate cybersecurity solutions and best practices in the space.