The Final Frontier for Quantum-Resilient Cybersecurity: Why We Need to Incorporate Post-Quantum Cybersecurity into Satellite Communication Architectures

Staring up into the sky on a clear night, you may be inclined to think that the small shining light moving gently across the black background is a shooting star or perhaps even a UFO. More likely, that tiny speck of light moving over your head is a satellite orbiting thousands of miles above the clouds.

The United Nations Office for Outer Space Affairs estimates that there are more than 7,390 individual satellites orbiting above the Earth, some of which have been up there for more than half a century. Today, satellite architectures are integrated with nearly every facet of our daily lives. We rely on satellites for communications, internet access, navigation, weather prediction, imaging, and even television. However, our increased reliance on satellite technologies has turned this vast network of hardware into a battleground for cyber-superiority.

A New Race for Space

Throughout the 1960s, the world witnessed the United States and the Soviet Union compete to conquer the final frontier in the First Space Race. Over the course of a decade, this race which pitted two opposing ideologies (communism and capitalism), took place high above the Cold War conflicts being fought on the ground. Most historians agree that the First Space Race culminated in 1969 when Neil Armstrong uttered his famous words and took his small step forward onto the cratered surface of the moon.

 

In the last decade we’ve seen the birth of the “Second Space Race” – this time between the Peoples Republic of China and a handful of competing U.S. companies, and the stakes for this race are even higher. The winner will be the one with the most cost-effective means to replace current commercial and national security systems, and establish a military and economic edge in communications, GPS, reconnaissance, and kinetic and cyber space warfare.

Satellite Vulnerabilities

Lost among the hundreds of new satellite launches now taking place every year and the spectacle of SpaceX’s Falcon landing – cybersecurity has become the unsung and most critical component of the Second Space Race. Satellites are particularly vulnerable to cyberattacks due to complex supply chains and layers of stakeholders. Multiple manufacturers are responsible for providing the highly specified components that go into each satellite, and once in space some organizations that own these satellites outsource the day-to-day management to someone else.

Every step of this complex chain of vendors presents an opportunity for bad actors to find and exploit weaknesses in the system. Additionally, most satellites are controlled by ground stations, which presents vulnerabilities for hackers to attack software and send malicious commands to satellites in orbit. For proof, look at this YouTube video of someone hacking a satellite with $300 worth of hardware. Today, we still rely on many satellites that were launched before cybersecurity was ever a concern, as they lack even the most basic levels of cybersecurity, such as encryption.

The risk of hackers taking control of these satellites presents enormous consequences. By exploiting any one of the attack vectors above, a hacker could easily deny service to a satellite, thereby disrupting data flow to critical infrastructure and national security systems. A more sophisticated attack may even overtake onboard thrusters to steer satellites off course or send them hurdling into other satellites.

For all the inherent danger that satellite hacks pose, there are still no cybersecurity standards for satellites and no government body in place to regulate or enforce cybersecurity on orbit.

While this lack of regulation is certainly a paramount concern, it also presents the unique opportunity to set standards that will provide security for the coming quantum age. As the Second Space Race moves forward above the clouds, on the ground there is another race growing rapidly – the Quantum Race.

The Quantum Threat

Quantum technologies promise to deliver computing power orders of magnitude faster than any super computers on the planet today. These quantum technologies are already being prototyped for space applications, such as quantum sensing and quantum key distribution, but the real potential and danger in quantum computing lies in the ability to break encryption. Currently, adversarial nation-states are spending billions of dollars to build a quantum computer that can break today’s encryption.

Due to their base computing structure (quantum computers compute using subatomic properties), quantum computers are very good at solving certain problems, one of which is factoring large numbers. Unfortunately, our entire world (anyone who uses the internet) relies on cryptography that uses factoring. This movement to post-quantum cybersecurity (PQC) will force the largest upgrade in computer history, and our satellites need to be at the forefront of this upgrade.

Advances in quantum computing have been increasing exponentially with billions of dollars invested in the quantum industry worldwide. As such, a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break today’s cryptography, may only be a single breakthrough away from realization.

While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Classical attacks already pose a national security risk for satellite infrastructures, but the ability to decrypt classified data in orbit could be catastrophic. If the United States intends to emerge victorious in the Second Space Race, the threat of quantum computing needs to be a serious consideration and measures must be taken to implement quantum-resilient cybersecurity on new and legacy satellites (some satellites can become quantum-secure even if they are already deployed).

A Crossroads for Space and Quantum Security

The recent conflict in Ukraine has put a spotlight on the importance of securing commercial satellite infrastructure. Following Russian cyberattacks on commercial satellite networks during the early weeks of the Ukrainian conflict, congress learned of the Satellite Cybersecurity Act. The bipartisan bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations for the commercial satellite industry to protect their networks. Additionally, the bill requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk.

The Satellite Cybersecurity Act is a monumental step forward, however as the framework for cybersecurity regulation in space begins to take shape, CISA and the GAO must work collaboratively with the National Institute of Standards and Technologies (NIST) as NIST finalizes a new suite of quantum-resilient algorithms for use on national security systems.

We have reached a critical crossroads where the U.S. can establish quantum-resilient standards on Earth and in space, but it will require diligence and collaboration on behalf of both lawmakers and commercial satellite companies to ensure that we are set up for success and security of satellites in the quantum-era. A secure U.S. future depends on it.

Featured

  • Until We Meet Again

    A short three years ago we were all pondering whether to attend any tradeshows all thanks to COVID-19. Sorry to bring that nightmare up again, but it seems that little pandemic is in the rear-view mirror, and it’s time to meet again. Read Now

    • ISC West
  • Cyber Hygiene: What it Looks Like for IoT Devices

    Cyber Hygiene: What it Looks Like for IoT Devices

    For our second pillar about the Industrial Internet of Things (IIoT) Pillars of Security, we are going to discuss what cyber hygiene looks like for IoT devices. Read Now

  • ISC West Announces 2023 Keynote Series Speaker Lineup

    The International Security Conference (ISC), in collaboration with premier sponsor Security Industry Association (SIA), announced five of this year’s ISC West Keynote Series speakers. ISC West will kick off its annual conference on March 28 (SIA Education@ISC: March 28-30 | Exhibit Hall: March 29-31) at the Venetian Expo in Las Vegas, Nevada. Read Now

    • ISC West
  • Accelerating Security Modernization

    In recent years, the term “digital transformation” has been one of the most frequently used buzzwords across industries. On its most basic level, it refers to the reimagining of how an organization leverages its technology systems to improve business processes. Read Now

Featured Cybersecurity

New Products

  • Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    his app-based system is designed to provide ‘best in class’ security of doors and gates, with up to 2,000 users. The intuitive programming app is Apple® and Android® compatible, with easy to use system set-up, user administration, downloadable audit trail and data back-up. 3

  • ABLOY IP54-rated Integrated Dust Cover

    ABLOY IP54-rated Integrated Dust Cover

    One of the things that keep security managers on high alert is the real possibility the security locks used to safeguard their properties may unexpectedly fail due to environmental conditions. 3

  • Genetec Security Center

    Genetec Security Center

    This major new release allows more system components to run in the cloud, reducing the gap between cloud and on-premises security systems. It also makes it easier to connect external systems and tap external data for use in dashboards, maps and investigations without relying on complex, specialized integrations. 3