The Final Frontier for Quantum-Resilient Cybersecurity: Why We Need to Incorporate Post-Quantum Cybersecurity into Satellite Communication Architectures

Staring up into the sky on a clear night, you may be inclined to think that the small shining light moving gently across the black background is a shooting star or perhaps even a UFO. More likely, that tiny speck of light moving over your head is a satellite orbiting thousands of miles above the clouds.

The United Nations Office for Outer Space Affairs estimates that there are more than 7,390 individual satellites orbiting above the Earth, some of which have been up there for more than half a century. Today, satellite architectures are integrated with nearly every facet of our daily lives. We rely on satellites for communications, internet access, navigation, weather prediction, imaging, and even television. However, our increased reliance on satellite technologies has turned this vast network of hardware into a battleground for cyber-superiority.

A New Race for Space

Throughout the 1960s, the world witnessed the United States and the Soviet Union compete to conquer the final frontier in the First Space Race. Over the course of a decade, this race which pitted two opposing ideologies (communism and capitalism), took place high above the Cold War conflicts being fought on the ground. Most historians agree that the First Space Race culminated in 1969 when Neil Armstrong uttered his famous words and took his small step forward onto the cratered surface of the moon.

 

In the last decade we’ve seen the birth of the “Second Space Race” – this time between the Peoples Republic of China and a handful of competing U.S. companies, and the stakes for this race are even higher. The winner will be the one with the most cost-effective means to replace current commercial and national security systems, and establish a military and economic edge in communications, GPS, reconnaissance, and kinetic and cyber space warfare.

Satellite Vulnerabilities

Lost among the hundreds of new satellite launches now taking place every year and the spectacle of SpaceX’s Falcon landing – cybersecurity has become the unsung and most critical component of the Second Space Race. Satellites are particularly vulnerable to cyberattacks due to complex supply chains and layers of stakeholders. Multiple manufacturers are responsible for providing the highly specified components that go into each satellite, and once in space some organizations that own these satellites outsource the day-to-day management to someone else.

Every step of this complex chain of vendors presents an opportunity for bad actors to find and exploit weaknesses in the system. Additionally, most satellites are controlled by ground stations, which presents vulnerabilities for hackers to attack software and send malicious commands to satellites in orbit. For proof, look at this YouTube video of someone hacking a satellite with $300 worth of hardware. Today, we still rely on many satellites that were launched before cybersecurity was ever a concern, as they lack even the most basic levels of cybersecurity, such as encryption.

The risk of hackers taking control of these satellites presents enormous consequences. By exploiting any one of the attack vectors above, a hacker could easily deny service to a satellite, thereby disrupting data flow to critical infrastructure and national security systems. A more sophisticated attack may even overtake onboard thrusters to steer satellites off course or send them hurdling into other satellites.

For all the inherent danger that satellite hacks pose, there are still no cybersecurity standards for satellites and no government body in place to regulate or enforce cybersecurity on orbit.

While this lack of regulation is certainly a paramount concern, it also presents the unique opportunity to set standards that will provide security for the coming quantum age. As the Second Space Race moves forward above the clouds, on the ground there is another race growing rapidly – the Quantum Race.

The Quantum Threat

Quantum technologies promise to deliver computing power orders of magnitude faster than any super computers on the planet today. These quantum technologies are already being prototyped for space applications, such as quantum sensing and quantum key distribution, but the real potential and danger in quantum computing lies in the ability to break encryption. Currently, adversarial nation-states are spending billions of dollars to build a quantum computer that can break today’s encryption.

Due to their base computing structure (quantum computers compute using subatomic properties), quantum computers are very good at solving certain problems, one of which is factoring large numbers. Unfortunately, our entire world (anyone who uses the internet) relies on cryptography that uses factoring. This movement to post-quantum cybersecurity (PQC) will force the largest upgrade in computer history, and our satellites need to be at the forefront of this upgrade.

Advances in quantum computing have been increasing exponentially with billions of dollars invested in the quantum industry worldwide. As such, a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break today’s cryptography, may only be a single breakthrough away from realization.

While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Classical attacks already pose a national security risk for satellite infrastructures, but the ability to decrypt classified data in orbit could be catastrophic. If the United States intends to emerge victorious in the Second Space Race, the threat of quantum computing needs to be a serious consideration and measures must be taken to implement quantum-resilient cybersecurity on new and legacy satellites (some satellites can become quantum-secure even if they are already deployed).

A Crossroads for Space and Quantum Security

The recent conflict in Ukraine has put a spotlight on the importance of securing commercial satellite infrastructure. Following Russian cyberattacks on commercial satellite networks during the early weeks of the Ukrainian conflict, congress learned of the Satellite Cybersecurity Act. The bipartisan bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations for the commercial satellite industry to protect their networks. Additionally, the bill requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk.

The Satellite Cybersecurity Act is a monumental step forward, however as the framework for cybersecurity regulation in space begins to take shape, CISA and the GAO must work collaboratively with the National Institute of Standards and Technologies (NIST) as NIST finalizes a new suite of quantum-resilient algorithms for use on national security systems.

We have reached a critical crossroads where the U.S. can establish quantum-resilient standards on Earth and in space, but it will require diligence and collaboration on behalf of both lawmakers and commercial satellite companies to ensure that we are set up for success and security of satellites in the quantum-era. A secure U.S. future depends on it.

Featured

  • AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

    The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now

  • Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.