The Final Frontier for Quantum-Resilient Cybersecurity: Why We Need to Incorporate Post-Quantum Cybersecurity into Satellite Communication Architectures
- By Patrick Shore
- Sep 09, 2022
Staring up into the sky on a clear night, you may be inclined to think that the small shining light moving gently across the black background is a shooting star or perhaps even a UFO. More likely, that tiny speck of light moving over your head is a satellite orbiting thousands of miles above the clouds.
The United Nations Office for Outer Space Affairs estimates that there are more than 7,390 individual satellites orbiting above the Earth, some of which have been up there for more than half a century. Today, satellite architectures are integrated with nearly every facet of our daily lives. We rely on satellites for communications, internet access, navigation, weather prediction, imaging, and even television. However, our increased reliance on satellite technologies has turned this vast network of hardware into a battleground for cyber-superiority.
A New Race for Space
Throughout the 1960s, the world witnessed the United States and the Soviet Union compete to conquer the final frontier in the First Space Race. Over the course of a decade, this race which pitted two opposing ideologies (communism and capitalism), took place high above the Cold War conflicts being fought on the ground. Most historians agree that the First Space Race culminated in 1969 when Neil Armstrong uttered his famous words and took his small step forward onto the cratered surface of the moon.
In the last decade we’ve seen the birth of the “Second Space Race” – this time between the Peoples Republic of China and a handful of competing U.S. companies, and the stakes for this race are even higher. The winner will be the one with the most cost-effective means to replace current commercial and national security systems, and establish a military and economic edge in communications, GPS, reconnaissance, and kinetic and cyber space warfare.
Lost among the hundreds of new satellite launches now taking place every year and the spectacle of SpaceX’s Falcon landing – cybersecurity has become the unsung and most critical component of the Second Space Race. Satellites are particularly vulnerable to cyberattacks due to complex supply chains and layers of stakeholders. Multiple manufacturers are responsible for providing the highly specified components that go into each satellite, and once in space some organizations that own these satellites outsource the day-to-day management to someone else.
Every step of this complex chain of vendors presents an opportunity for bad actors to find and exploit weaknesses in the system. Additionally, most satellites are controlled by ground stations, which presents vulnerabilities for hackers to attack software and send malicious commands to satellites in orbit. For proof, look at this YouTube video of someone hacking a satellite with $300 worth of hardware. Today, we still rely on many satellites that were launched before cybersecurity was ever a concern, as they lack even the most basic levels of cybersecurity, such as encryption.
The risk of hackers taking control of these satellites presents enormous consequences. By exploiting any one of the attack vectors above, a hacker could easily deny service to a satellite, thereby disrupting data flow to critical infrastructure and national security systems. A more sophisticated attack may even overtake onboard thrusters to steer satellites off course or send them hurdling into other satellites.
For all the inherent danger that satellite hacks pose, there are still no cybersecurity standards for satellites and no government body in place to regulate or enforce cybersecurity on orbit.
While this lack of regulation is certainly a paramount concern, it also presents the unique opportunity to set standards that will provide security for the coming quantum age. As the Second Space Race moves forward above the clouds, on the ground there is another race growing rapidly – the Quantum Race.
The Quantum Threat
Quantum technologies promise to deliver computing power orders of magnitude faster than any super computers on the planet today. These quantum technologies are already being prototyped for space applications, such as quantum sensing and quantum key distribution, but the real potential and danger in quantum computing lies in the ability to break encryption. Currently, adversarial nation-states are spending billions of dollars to build a quantum computer that can break today’s encryption.
Due to their base computing structure (quantum computers compute using subatomic properties), quantum computers are very good at solving certain problems, one of which is factoring large numbers. Unfortunately, our entire world (anyone who uses the internet) relies on cryptography that uses factoring. This movement to post-quantum cybersecurity (PQC) will force the largest upgrade in computer history, and our satellites need to be at the forefront of this upgrade.
Advances in quantum computing have been increasing exponentially with billions of dollars invested in the quantum industry worldwide. As such, a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break today’s cryptography, may only be a single breakthrough away from realization.
While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Classical attacks already pose a national security risk for satellite infrastructures, but the ability to decrypt classified data in orbit could be catastrophic. If the United States intends to emerge victorious in the Second Space Race, the threat of quantum computing needs to be a serious consideration and measures must be taken to implement quantum-resilient cybersecurity on new and legacy satellites (some satellites can become quantum-secure even if they are already deployed).
A Crossroads for Space and Quantum Security
The recent conflict in Ukraine has put a spotlight on the importance of securing commercial satellite infrastructure. Following Russian cyberattacks on commercial satellite networks during the early weeks of the Ukrainian conflict, congress learned of the Satellite Cybersecurity Act. The bipartisan bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations for the commercial satellite industry to protect their networks. Additionally, the bill requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk.
The Satellite Cybersecurity Act is a monumental step forward, however as the framework for cybersecurity regulation in space begins to take shape, CISA and the GAO must work collaboratively with the National Institute of Standards and Technologies (NIST) as NIST finalizes a new suite of quantum-resilient algorithms for use on national security systems.
We have reached a critical crossroads where the U.S. can establish quantum-resilient standards on Earth and in space, but it will require diligence and collaboration on behalf of both lawmakers and commercial satellite companies to ensure that we are set up for success and security of satellites in the quantum-era. A secure U.S. future depends on it.
Patrick Shore is the program manager at QuSecure Inc.