The Final Frontier for Quantum-Resilient Cybersecurity: Why We Need to Incorporate Post-Quantum Cybersecurity into Satellite Communication Architectures

Staring up into the sky on a clear night, you may be inclined to think that the small shining light moving gently across the black background is a shooting star or perhaps even a UFO. More likely, that tiny speck of light moving over your head is a satellite orbiting thousands of miles above the clouds.

The United Nations Office for Outer Space Affairs estimates that there are more than 7,390 individual satellites orbiting above the Earth, some of which have been up there for more than half a century. Today, satellite architectures are integrated with nearly every facet of our daily lives. We rely on satellites for communications, internet access, navigation, weather prediction, imaging, and even television. However, our increased reliance on satellite technologies has turned this vast network of hardware into a battleground for cyber-superiority.

A New Race for Space

Throughout the 1960s, the world witnessed the United States and the Soviet Union compete to conquer the final frontier in the First Space Race. Over the course of a decade, this race which pitted two opposing ideologies (communism and capitalism), took place high above the Cold War conflicts being fought on the ground. Most historians agree that the First Space Race culminated in 1969 when Neil Armstrong uttered his famous words and took his small step forward onto the cratered surface of the moon.

 

In the last decade we’ve seen the birth of the “Second Space Race” – this time between the Peoples Republic of China and a handful of competing U.S. companies, and the stakes for this race are even higher. The winner will be the one with the most cost-effective means to replace current commercial and national security systems, and establish a military and economic edge in communications, GPS, reconnaissance, and kinetic and cyber space warfare.

Satellite Vulnerabilities

Lost among the hundreds of new satellite launches now taking place every year and the spectacle of SpaceX’s Falcon landing – cybersecurity has become the unsung and most critical component of the Second Space Race. Satellites are particularly vulnerable to cyberattacks due to complex supply chains and layers of stakeholders. Multiple manufacturers are responsible for providing the highly specified components that go into each satellite, and once in space some organizations that own these satellites outsource the day-to-day management to someone else.

Every step of this complex chain of vendors presents an opportunity for bad actors to find and exploit weaknesses in the system. Additionally, most satellites are controlled by ground stations, which presents vulnerabilities for hackers to attack software and send malicious commands to satellites in orbit. For proof, look at this YouTube video of someone hacking a satellite with $300 worth of hardware. Today, we still rely on many satellites that were launched before cybersecurity was ever a concern, as they lack even the most basic levels of cybersecurity, such as encryption.

The risk of hackers taking control of these satellites presents enormous consequences. By exploiting any one of the attack vectors above, a hacker could easily deny service to a satellite, thereby disrupting data flow to critical infrastructure and national security systems. A more sophisticated attack may even overtake onboard thrusters to steer satellites off course or send them hurdling into other satellites.

For all the inherent danger that satellite hacks pose, there are still no cybersecurity standards for satellites and no government body in place to regulate or enforce cybersecurity on orbit.

While this lack of regulation is certainly a paramount concern, it also presents the unique opportunity to set standards that will provide security for the coming quantum age. As the Second Space Race moves forward above the clouds, on the ground there is another race growing rapidly – the Quantum Race.

The Quantum Threat

Quantum technologies promise to deliver computing power orders of magnitude faster than any super computers on the planet today. These quantum technologies are already being prototyped for space applications, such as quantum sensing and quantum key distribution, but the real potential and danger in quantum computing lies in the ability to break encryption. Currently, adversarial nation-states are spending billions of dollars to build a quantum computer that can break today’s encryption.

Due to their base computing structure (quantum computers compute using subatomic properties), quantum computers are very good at solving certain problems, one of which is factoring large numbers. Unfortunately, our entire world (anyone who uses the internet) relies on cryptography that uses factoring. This movement to post-quantum cybersecurity (PQC) will force the largest upgrade in computer history, and our satellites need to be at the forefront of this upgrade.

Advances in quantum computing have been increasing exponentially with billions of dollars invested in the quantum industry worldwide. As such, a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break today’s cryptography, may only be a single breakthrough away from realization.

While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Classical attacks already pose a national security risk for satellite infrastructures, but the ability to decrypt classified data in orbit could be catastrophic. If the United States intends to emerge victorious in the Second Space Race, the threat of quantum computing needs to be a serious consideration and measures must be taken to implement quantum-resilient cybersecurity on new and legacy satellites (some satellites can become quantum-secure even if they are already deployed).

A Crossroads for Space and Quantum Security

The recent conflict in Ukraine has put a spotlight on the importance of securing commercial satellite infrastructure. Following Russian cyberattacks on commercial satellite networks during the early weeks of the Ukrainian conflict, congress learned of the Satellite Cybersecurity Act. The bipartisan bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations for the commercial satellite industry to protect their networks. Additionally, the bill requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk.

The Satellite Cybersecurity Act is a monumental step forward, however as the framework for cybersecurity regulation in space begins to take shape, CISA and the GAO must work collaboratively with the National Institute of Standards and Technologies (NIST) as NIST finalizes a new suite of quantum-resilient algorithms for use on national security systems.

We have reached a critical crossroads where the U.S. can establish quantum-resilient standards on Earth and in space, but it will require diligence and collaboration on behalf of both lawmakers and commercial satellite companies to ensure that we are set up for success and security of satellites in the quantum-era. A secure U.S. future depends on it.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3