Spacecraft Face 'Sophisticated and Dangerous' Cybersecurity Threats (cnbc.com) 17
"Spacecraft, satellites, and space-based systems all face cybersecurity threats that are becoming increasingly sophisticated and dangerous," reports CNBC.
"With interconnected technologies controlling everything from navigation to anti-ballistic missiles, a security breach could have catastrophic consequences." Critical space infrastructure is susceptible to threats across three key segments: in space, on the ground segment and within the communication links between the two. A break in one can be a cascading failure for all, said Wayne Lonstein, co-founder and CEO at VFT Solutions, and co-author of Cyber-Human Systems, Space Technologies, and Threats. "In many ways, the threats to critical infrastructure on Earth can cause vulnerabilities in space," Lonstein said. "Internet, power, spoofing and so many other vectors that can cause havoc in space," he added. The integration of artificial intelligence into space projects has heightened the risk of sophisticated cyber attacks orchestrated by state actors and individual hackers. AI integration into space exploration allows more decision-making with less human oversight.
For example, NASA is using AI to target scientific specimens for planetary rovers. However, reduced human oversight could make these missions more prone to unexplained and potentially calamitous cyberattacks, said Sylvester Kaczmarek, chief technology officer at OrbiSky Systems, which specializes in the integration of AI, robotics, cybersecurity, and edge computing in aerospace applications. Data poisoning, where attackers feed corrupted data to AI models, is one example of what could go wrong, Kaczmarek said. Another threat, he said, is model inversion, where adversaries reverse-engineer AI models to extract sensitive information, potentially compromising mission integrity. If compromised, AI systems could be used to interfere with or take control of strategically important national space missions...
The U.S. government is tightening up the integrity and security of AI systems in space. The 2023 Cyberspace Solarium Commission report stressed the importance of designating outer space as a critical infrastructure sector, urging enhanced cybersecurity protocols for satellite operators... The rivalry between the U.S. and China includes the new battleground of space. As both nations ramp up their space ambitions and militarized capabilities beyond Earth's atmosphere, the threat of cyberattacks targeting critical orbital assets has become an increasingly pressing concern... Space-based systems increasingly support critical infrastructure back on Earth, and any cyberattacks on these systems could undermine national security and economic interests.
"With interconnected technologies controlling everything from navigation to anti-ballistic missiles, a security breach could have catastrophic consequences." Critical space infrastructure is susceptible to threats across three key segments: in space, on the ground segment and within the communication links between the two. A break in one can be a cascading failure for all, said Wayne Lonstein, co-founder and CEO at VFT Solutions, and co-author of Cyber-Human Systems, Space Technologies, and Threats. "In many ways, the threats to critical infrastructure on Earth can cause vulnerabilities in space," Lonstein said. "Internet, power, spoofing and so many other vectors that can cause havoc in space," he added. The integration of artificial intelligence into space projects has heightened the risk of sophisticated cyber attacks orchestrated by state actors and individual hackers. AI integration into space exploration allows more decision-making with less human oversight.
For example, NASA is using AI to target scientific specimens for planetary rovers. However, reduced human oversight could make these missions more prone to unexplained and potentially calamitous cyberattacks, said Sylvester Kaczmarek, chief technology officer at OrbiSky Systems, which specializes in the integration of AI, robotics, cybersecurity, and edge computing in aerospace applications. Data poisoning, where attackers feed corrupted data to AI models, is one example of what could go wrong, Kaczmarek said. Another threat, he said, is model inversion, where adversaries reverse-engineer AI models to extract sensitive information, potentially compromising mission integrity. If compromised, AI systems could be used to interfere with or take control of strategically important national space missions...
The U.S. government is tightening up the integrity and security of AI systems in space. The 2023 Cyberspace Solarium Commission report stressed the importance of designating outer space as a critical infrastructure sector, urging enhanced cybersecurity protocols for satellite operators... The rivalry between the U.S. and China includes the new battleground of space. As both nations ramp up their space ambitions and militarized capabilities beyond Earth's atmosphere, the threat of cyberattacks targeting critical orbital assets has become an increasingly pressing concern... Space-based systems increasingly support critical infrastructure back on Earth, and any cyberattacks on these systems could undermine national security and economic interests.
deep space will have to be differnt then local spa (Score:2)
deep space will have to be differnt then local space.
deep space will have to local auth as even 5 min round trip pings will not work with AD / ldap, oauth, some types of 2fa, google auth, etc.
Re:deep space will have to be differnt then local (Score:5, Insightful)
Why would 2FA not work in deep space? Methinks you have no clue what you are talking about. In fact, both TOTP and OTP should work just fine in deep space. But so will public-key based authentication.
Your mistake is that you think what commercial crap does is actually solid engineering.
Re: (Score:1)
Let's go for lower hanging fruit, perhaps SpaceX and its new T-Mobile partnership for rural IP coverage. Or maybe Apple's Sat feature for emergencies. Wouldn't that be fun to gnaw?
Yeah, NOAA. New pimples on your weather map.
Not fun enough? Let's destabilize GPS, just a teensy bit for grins.
Can't take it? How about some extra advertising during your ESPN game on that little dish screwed into your roof?
Sure. Auth. Yeah, that fixes everything.
Re: (Score:2)
Are you on drugs?
Re:deep space will have to be differnt then local (Score:4, Funny)
what kind of power budget do they have to run an l (Score:4, Interesting)
what kind of power budget do they have to run an local AI system?
And radiation hardened cpu / gpu have got to be at least an few years out of date.
Re: (Score:3)
I can see it now, AM goes berserk and tries to come back to Earth to eradicate all but a handful of people, which it conducts sadistic experiments on.
wargames! (Score:2)
wargames!
Re: (Score:2)
No. I Have No Mouth And I Must Scream by Harlan Ellison.
Man was a real jerk but he certainly could write.
Re: (Score:3)
It's an overly simplistic heuristic model.
The damn thing can't even reliably open the pod bay doors.
Legacy systems and limited hardware (Score:5, Interesting)
This is no surprise. It was not all that long ago that plaintext passwords were exchanged even when we knew that the medium upon which we were exchanging them was both commonly used by virtually everyone and where we knew that points on that medium were subject to easy tampering.
As space access grows and as nations look to space as another battleground, the old models where security took a backseat to convenience and low data rate considerations are going to have to change, and it wouldn't even be a surprise if old hardware that simply can't perform the software tasks required for heavy encryption, will have to be treated as untrusted and/or have to be retired.
Just to hazard a guess here, the one-time-pad model might be what they have to develop for the future. It might be the best way if the earthside 'pads' are kept sufficiently secure and are sufficiently large to allow for a lifetime of communications, since it wouldn't be necessary to cycle through ever-increasing encryption standards as old ones are deemed problematic along the lines of how diffie-hellman had to be retired from SSH. After all, these would be limited-access systems rather than open-access systems.
We all know.. (Score:4, Informative)
why Commander Adama didn't like networked systems on his battlestar.
Didn't we learn from this? We aren't getting any 6's or 8's for our pleasure, either.
What has happened before shall happen again.
So Say We All
Re: (Score:2)
Sorry, but while BSG was good entertainment, their portrayal of tech is not realistic. This can be done right. It just needs actually competent people to do it.
Only if designed by the IT-security-challenged (Score:4, Insightful)
We_know_ how to do this right. There really is not reason to apply the same incompetence that routinely gets applied to commercial software to something as expensive as a spacecraft.
Critical infrastructure and Cybersecurity (Score:3)
Hook Up All the Things (Score:3)
If we're talking modern systems and they're hooking them up to an Internet with a way to route out, they've already failed. Death is a matter of 'when' and I'll blame the person who put in the 'temporary' port forward.
If the bad guys are setting up huge antennas and they go and brick Voyager 2 - those guys are getting their asses beat.
Re:Hook Up All the Things - Don't Hook Them Up (Score:1)