This article is more than 1 year old
Uncle Sam: Rest of the world would love to steal our space blueprints – don't let 'em
If spies aren't swiping designs via joint ventures, they're breaking into IT networks and mulling sat hijackings
With America outspending the rest of the world on space technologies, those systems and their blueprints are a highly alluring and lucrative target for sticky-fingered spies, Uncle Sam has reminded industry.
As such, organizations designing and building hardware and software for deployment in orbit and beyond need to safeguard their technologies from intellectual property theft – whether that theft happens via cyber-attacks or cunning joint ventures and takeovers – and also from hijackings when that gear is deployed.
Compromised satellite constellations, for instance, could disrupt communications networks and critical infrastructure on the ground, it is feared.
In a joint alert on Friday, America's National Counterintelligence and Security Center, the FBI, and the US Air Force warned that "foreign intelligence entities (FIEs)" are poking around for security holes in commercial space tech, and their efforts to exploit these systems pose a risk to US national and economic security.
"FIEs use cyberattacks, strategic investment (including joint ventures and acquisitions), the targeting of key supply chain nodes, and other techniques to gain access to the US space industry," the alert [PDF] stated.
The Feds cite financial sector estimates that indicate growth in the global space economy will jump from $469 billion in 2021 to more than $1 trillion by 2030. And earlier this month, in a talk at the Black Hat security conference, an academic showed satellite hacking is relatively easy, particularly if the satellites use off-the-shelf components.
The US leads investment in this industry, the agencies said, with $133 billion in spending, or 47 percent of the market, between 2013 and 2023. China comes in second at $79 billion followed by "the rest of the world" (excluding Singapore, the UK, and India) at $35 billion.
Considering the amount of money US organizations are pumping into space, stealing their blueprints and other proprietary information can help foreign governments advance their space programs on America's dime, while also boosting their own national security and communications programs.
And in addition to economic costs, insecure or compromised space systems are also a threat to national security, according to the Feds. Anything could happen, or so Uncle Sam fears, including data theft from satellite payloads, and disruption to communications, remote sensing, and imaging capabilities.
Plus, vulnerabilities in space infrastructure could, if exploited by miscreants, limit first-responders in providing critical services during emergencies and hamper military coordination during conflicts.
We've already kinda seen the latter play out in real life with Russia's attack on Viasat satellite base stations at the beginning of its invasion of Ukraine.
- Want to pwn a satellite? Turns out it's surprisingly easy
- US National Cyber Director: Fending off cyber threats in space is 'urgent,' needs 'high level attention'
- US Space Force finally creates targeting unit – better late than never, right?
- Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space
The Feds list off several measures organizations should take to better protect themselves. These include nailing down the security protecting the crown jewels of their intellectual properly, and improving general security posture by vetting employees with access to sensitive data and setting up an insider threat monitoring program.
Organizations should also develop an "anomaly log" to track potentially malicious activities, which could be a sign of compromise or theft, and perform due diligence on potential suppliers and investors.
The government warning follows several efforts by US agencies to improve cybersecurity in space.
In March, the White House's Cybersecurity Strategy referenced the need to secure space-based systems, and a month later the Cyberspace Solarium Commission urged the government to officially designate space systems as critical infrastructure.
White House officials have also met space industry execs about threats to the industry and how to improve public-private partnerships to better secure the space world.
And at DEF CON's Aerospace Village this month, the US Air Force and Space Force co-hosted Hack-A-Sat, encouraging hackers to remotely hijack a Moonlighter satellite while it's in space to help improve the security of in-orbit systems. While the results haven't been announced as yet, all teams trying had at least some success. ®