The Final Frontier for Quantum-Resilient Cybersecurity: Why We Need to Incorporate Post-Quantum Cybersecurity into Satellite Communication Architectures

Staring up into the sky on a clear night, you may be inclined to think that the small shining light moving gently across the black background is a shooting star or perhaps even a UFO. More likely, that tiny speck of light moving over your head is a satellite orbiting thousands of miles above the clouds.

The United Nations Office for Outer Space Affairs estimates that there are more than 7,390 individual satellites orbiting above the Earth, some of which have been up there for more than half a century. Today, satellite architectures are integrated with nearly every facet of our daily lives. We rely on satellites for communications, internet access, navigation, weather prediction, imaging, and even television. However, our increased reliance on satellite technologies has turned this vast network of hardware into a battleground for cyber-superiority.

A New Race for Space

Throughout the 1960s, the world witnessed the United States and the Soviet Union compete to conquer the final frontier in the First Space Race. Over the course of a decade, this race which pitted two opposing ideologies (communism and capitalism), took place high above the Cold War conflicts being fought on the ground. Most historians agree that the First Space Race culminated in 1969 when Neil Armstrong uttered his famous words and took his small step forward onto the cratered surface of the moon.

 

In the last decade we’ve seen the birth of the “Second Space Race” – this time between the Peoples Republic of China and a handful of competing U.S. companies, and the stakes for this race are even higher. The winner will be the one with the most cost-effective means to replace current commercial and national security systems, and establish a military and economic edge in communications, GPS, reconnaissance, and kinetic and cyber space warfare.

Satellite Vulnerabilities

Lost among the hundreds of new satellite launches now taking place every year and the spectacle of SpaceX’s Falcon landing – cybersecurity has become the unsung and most critical component of the Second Space Race. Satellites are particularly vulnerable to cyberattacks due to complex supply chains and layers of stakeholders. Multiple manufacturers are responsible for providing the highly specified components that go into each satellite, and once in space some organizations that own these satellites outsource the day-to-day management to someone else.

Every step of this complex chain of vendors presents an opportunity for bad actors to find and exploit weaknesses in the system. Additionally, most satellites are controlled by ground stations, which presents vulnerabilities for hackers to attack software and send malicious commands to satellites in orbit. For proof, look at this YouTube video of someone hacking a satellite with $300 worth of hardware. Today, we still rely on many satellites that were launched before cybersecurity was ever a concern, as they lack even the most basic levels of cybersecurity, such as encryption.

The risk of hackers taking control of these satellites presents enormous consequences. By exploiting any one of the attack vectors above, a hacker could easily deny service to a satellite, thereby disrupting data flow to critical infrastructure and national security systems. A more sophisticated attack may even overtake onboard thrusters to steer satellites off course or send them hurdling into other satellites.

For all the inherent danger that satellite hacks pose, there are still no cybersecurity standards for satellites and no government body in place to regulate or enforce cybersecurity on orbit.

While this lack of regulation is certainly a paramount concern, it also presents the unique opportunity to set standards that will provide security for the coming quantum age. As the Second Space Race moves forward above the clouds, on the ground there is another race growing rapidly – the Quantum Race.

The Quantum Threat

Quantum technologies promise to deliver computing power orders of magnitude faster than any super computers on the planet today. These quantum technologies are already being prototyped for space applications, such as quantum sensing and quantum key distribution, but the real potential and danger in quantum computing lies in the ability to break encryption. Currently, adversarial nation-states are spending billions of dollars to build a quantum computer that can break today’s encryption.

Due to their base computing structure (quantum computers compute using subatomic properties), quantum computers are very good at solving certain problems, one of which is factoring large numbers. Unfortunately, our entire world (anyone who uses the internet) relies on cryptography that uses factoring. This movement to post-quantum cybersecurity (PQC) will force the largest upgrade in computer history, and our satellites need to be at the forefront of this upgrade.

Advances in quantum computing have been increasing exponentially with billions of dollars invested in the quantum industry worldwide. As such, a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break today’s cryptography, may only be a single breakthrough away from realization.

While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Classical attacks already pose a national security risk for satellite infrastructures, but the ability to decrypt classified data in orbit could be catastrophic. If the United States intends to emerge victorious in the Second Space Race, the threat of quantum computing needs to be a serious consideration and measures must be taken to implement quantum-resilient cybersecurity on new and legacy satellites (some satellites can become quantum-secure even if they are already deployed).

A Crossroads for Space and Quantum Security

The recent conflict in Ukraine has put a spotlight on the importance of securing commercial satellite infrastructure. Following Russian cyberattacks on commercial satellite networks during the early weeks of the Ukrainian conflict, congress learned of the Satellite Cybersecurity Act. The bipartisan bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations for the commercial satellite industry to protect their networks. Additionally, the bill requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk.

The Satellite Cybersecurity Act is a monumental step forward, however as the framework for cybersecurity regulation in space begins to take shape, CISA and the GAO must work collaboratively with the National Institute of Standards and Technologies (NIST) as NIST finalizes a new suite of quantum-resilient algorithms for use on national security systems.

We have reached a critical crossroads where the U.S. can establish quantum-resilient standards on Earth and in space, but it will require diligence and collaboration on behalf of both lawmakers and commercial satellite companies to ensure that we are set up for success and security of satellites in the quantum-era. A secure U.S. future depends on it.

Featured

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3