Journal of Positioning, Navigation, and Timing (J Position Navig Timing; JPNT)
Indexed in KCI (Korea Citation Index)
OPEN ACCESS, PEER REVIEWED
pISSN 2288-8187
eISSN 2289-0866

Efforts against Cybersecurity Attack of Space Systems

PDF

CONTENTS

Research article

Citation: Hong, J.-K. 2023, Efforts against Cybersecurity Attack of Space Systems, Journal of Positioning, Navigation, and Timing, 12, 423-430.

Journal of Positioning, Navigation, and Timing (J Position Navig Timing) 2023 December, Volume 12, Issue 4, pages 423-430. https://doi.org/10.11003/JPNT.2023.12.4.423

Received on 06 September 2023, Revised on 10 October 2023, Accepted on 06 November 2023, Published on 15 December 2023.

License: Creative Commons Attribution Non-Commercial License (https://creativecommons.org/licenses/bync/4.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.

Efforts against Cybersecurity Attack of Space Systems

Jin-Keun Hong

Next Convergence Tech/Division of Advanced IT, Baekseok University, Cheonan 31065, Korea

Corresponding Author: E-mail, jkhong@bu.ac.kr; Tel, +82-41-550-2445; Fax, +82-41-550-9107

Abstract

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)’s standard documents, former U.S. President Trump’s executive orders, and presents risk management activities. This paper also explores cybersecurity’s tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.

Keywords

cybersecurity, ATT&CK, attack, space system, security threats

References

America’s Cyber Defense Agency 2022, Strengthening Cybersecurity of SATCOM Network Providers and Customers, [Internet], cited 2023 Nov 10, available from: https://www.cisa.gov/news-events/cybersecurityadvisories/aa22-076a

Bailey, B. 2021, Cybersecurity Protections for Spacecraft: A Threat Based Approach, Aerospace report, TOR2021-01333-REV A. https://aerospace.org/sites/ default/files/2022-07/DistroA-TOR-2021-01333Cybersecurity%20Protections%20for%20Spacecraft–A%20Threat%20Based%20Approach.pdf

Bartock, M., Brule, J., Li-Baboud, Y. S., Reczek, K., Northrip, D., et al.2022, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, NIST IR 8323r1 ipd. https://doi.org/10.6028/NIST. IR.8323r1.ipd

European Space Policy Institute (ESPI) 2022, The War in Ukraine from a Space Cybersecurity Perspective, Short report. https://www.espi.or.at/reports/new-espi-shortreport%e2%80%95the-war-in-ukraine-from-a-spacecybersecurity-perspective/

Federal Office for Information Security, Cyber Security for Air and Space Applications, [Internet], cited 2023 Nov 10, available from: https://www.bsi.bund.de/ EN/Themen/Unternehmen-und-Organisationen/ Informationen-und-Empfehlungen/IT-Sicherheitin-Luft-und-Raumfahrt/it-sicherheit-in-luft-undraumfahrt.html

Ingols, K. W. & Skowyra, R. W. 2019, Guidelines for Secure Small Satellite Design and Implementation: FY18 Cyber Security Line-Supported Program, Project Report LSP249 MIT. https://www.ll.mit.edu/sites/default/files/ publication/doc/guidelines-secure-small-satellitedesign-ingols-lsp-249.pdf

Leonardo DRS, [Internet], cited 2023 Nov 18, available from: https://www.leonardodrs.com/what-we-do/products-and-services/a-pnt/

Lightman, S., Suloway, T., & Brule, J. 2022, Satellite Ground Segment, NIST IR 8401. https://doi.org/10.6028/NIST. IR.8401

Manulis, M., Bridges, C. P., Harrison, R., Sekar, V., & Davis, A. 2021, Cyber security in New Space, International Journal of Information Security, 20, 287-311. https:// doi.org/10.1007/s10207-020-00503-w

Martin, M., Sunmola, F., & Lauder, D. 2023, A TEMPEST vulnerability prediction method for cyber security practitioners, Alexandria Engineering Journal, 78, 561575. https://doi.org/10.1016/j.aej.2023.07.059

McCarthy, J., Mamula, D., Brule, J., Meldorf, K., Jennings, R., et al. 2023, Cybersecurity Framework Profile for Hybrid Satellite Networks, NIST IR 8441. https://doi. org/10.6028/NIST.IR.8441

MOD 2020, Responses in the Domains of Space, Cyberspace and Electromagnetic Spectrum, Part 3, Three Pillars of Japan’s Defense (Means to Achieve the Objectives of Defense), Defense of Japan, pp.266-274. https://www. mod.go.jp/en/publ/w_paper/wp2020/pdf/R02030103. pdf

NIS2 Directive 2022, [Internet], cited 2023 Nov 10, available from: https://www.nis-2-directive.com/NIS_2_Directive_ Articles.html

NOAA 2022, Guidance for Licensees – Cybersecurity measures. Commercial Remote Sensing Regulatory Affairs, 16 August 2022, pp.1-58. https://www.nesdis. noaa.gov/s3/2022-10/960.9%20(a)%201-3%20and%20 960.10%20(a)(1)(i)%20(A%20&%20B)%20Guidance_%20 Cybersecurity%20Measures_10032022.pdf

Northern SKY Research (NSR) 2022, Space Cybersecurity – current state and future needs, [Internet], cited 2022 April 18, available from: https://www.nsr.com/nsrspace-cybersecurity-white-paper/

Pavur, J. & Martinovic, I. 2022, Building a Launchpad for satellite cyber-security research: lessons from 60 years of spaceflight, Journal of Cybersecurity, 8, 1-17. https:// doi.org/10.1093/cybsec/tyac008

Rajagopalan, R. P. 2019, Electronic and Cyber Warfare in Outer Space, Space Dossier 3, UNIDIR. https://unidir.org/sites/default/files/publication/pdfs//electronicand-cyber-warfare-in-outer-space-en-784.pdf

Schmitt, M. N. 2017, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, NATO Cooperative Cyber Defence Centre of Excellence (Cambridge: Cambridge University Press). https://doi.org/10.1017/9781316822524

Scholl, M. & Suloway, T. 2023, Introduction to Cybersecurity for Commercial Satellite Operations, NIST IR 8270. https://doi.org/10.6028/NIST.IR.8270

Starling, C. G., Massa, M. J., Mulder, L. C. C. P., & Siegel, J. T. 2021, The Future of Security in Space: A Thirty-Year US Strategy, Atlantic Council Strategy Papers. https://www. atlanticcouncil.org/wp-content/uploads/2021/04/ TheFutureofSecurityinSpace.pdf

Trump, D. 2020, Presidential Documents: Cybersecurity Principles for Space Systems. Space Policy Directive-5 of Sept. 4, 2020, Federal Register, Vol.85, No.176, [Internet], cited 2020 September 4, available from: https://trumpwhitehouse.archives.gov/presidentialactions/memorandum-space-policy-directive-5cybersecurity-principles-space-systems/

UK Space Agency 2020, Cyber Security Toolkit – Space Assets. https://assets.publishing.service.gov.uk/media/5ec298a3e90e071e2f955ebc/Space_cyber_ toolkit_final_v4.pdf

USSF, [Internet], cited 2023 Nov 10, available from: https://www.spaceforce.mil/News/Article/2230831/ussfcommercial-satcom-office-announces-developmentof-new-security-program/

Acknowledgments

This research was supported by Baekseok University.

Author contributIons

Conceptualization, J.K.; Investigation; writing – original draft preparation, J.K.; writing-review and editing, J.K.

Conflicts of interest

The authors declare no conflict of interest.