Better Safe Than Starry: Cybersecurity for Spacecraft

Submitted by Henry Haswell on

When we think of space exploration images of rockets, astronauts, and distant planets come to mind. However, behind the scenes there's an invisible yet critical aspect of space systems: cybersecurity for flight software. For over 20 years, Southwest Research Institute® (SwRI®) has been at the forefront of this field, developing software and systems that control spacecraft. Now, our team has expanded to protect spacecraft from cyber threats.

When we think of space exploration images of rockets, astronauts, and distant planets come to mind. However, behind the scenes there's an invisible yet critical aspect of space systems: cybersecurity for flight software. For over 20 years, Southwest Research Institute® (SwRI®) has been at the forefront of this field, developing software and systems that control spacecraft. Now, our team has expanded to protect spacecraft from cyber threats.

Why Cybersecurity in Space Matters

The answer is simple, adversaries are everywhere – even in space. Just as we guard our IT systems from cybersecurity threats on earth, we must also apply rigorous defenses to our systems in space. As space technology advances, the risk of targeted cyberattacks only becomes increasingly prevalent.

There are more “targets” in space now than ever. Consider this, in 2010, a total of 120 objects were launched into space globally. A decade or so ago, with so few systems being launched each year, cybersecurity for spacecraft wasn't as significant of a concern. By 2023, this number had accelerated to over 2,600 objects, and the trend shows no signs of slowing down. (Reference: United Nations for Outer Space Affairs with processing by Our World in Data source).

“But really, how bad would it be?” Vulnerability exploitation of spacecraft can lead to the disruption of critical commercial and defense services. One of the largest examples of an attack on satellite services was executed in 2022. Satellites servicing Ukraine were disrupted through a combined malware and denial of service (DOS) attack on the network’s communications (Reference: BlackHat 2023 KA-SAT Cyberattack Presentation source). Our team has also performed research indicating that attacks on an unprotected satellite system could lead to total loss of a space asset (Reference: Satellite Cybersecurity, 10-R6221.) These emerging threats prove that the aerospace industry needs to assess and protect space assets from cyberattacks.

Many satellites flying over earth as seen from space. They connect and cover planet with digitalization network of information.

To support enhanced cybersecurity in space, SwRI is developing Zero Trust Architectures (ZTAs) for satellite embedded systems.

SwRI’s Role in Space Cybersecurity

In response to the increasingly complex and perilous spacecraft threat landscape, our team of cybersecurity experts at SwRI is focused on building Zero Trust Architectures (ZTAs) for embedded systems.

“What is Zero Trust?” Zero Trust is a robust information technology (IT) security solution, coined by John Kindervag in 2009, that is based on the principle “never trust, always verify.” This solution assumes that cyber adversaries can come from anywhere, both inside and outside a network. Zero Trust is an advancement from traditional perimeter security solutions (a.k.a. firewalls), because access is tightly controlled at every level of digital connectivity. By implementing a ZTA, an aggregate of cybersecurity solutions to ensure Zero Trust, system owners can ensure that no single component, node, network, user, or device is trusted by default.

While this sounds complex, and it is to some degree, that's where our expertise comes in. Not only are we space flight software veterans and experts, but we also excel in understanding and implementing complex systems and emerging cybersecurity methodologies.

A Zero Trust Architecture in Space

To illustrate our approach, we developed a proof-of-concept ZTA for embedded software. This prototype adapts Zero Trust Architecture pillars from the Cybersecurity & Infrastructure Security Agency’s (CISA’s) Zero Trust Maturity Model (See Figure 1 and Reference: Zero Trust Maturity Model Version 2.0 (cisa.gov)) to actual embedded software protections.

CISA's Zero Trust Maturity Model pillars with real-world protections.

Figure 1. A Stellar Defense - Aligning CISA's Zero Trust Maturity Model pillars with real-world protections.

The prototype (Figure 2) addresses the security of various systems, including power and thermal management, guidance, navigation and control, telemetry, fault detection and recovery, remote commanding, and the gateway. By integrating the ZTA within the system architecture, we demonstrated how Zero Trust could be applied at the hardware level, enhancing security across all aspects of the system. Most importantly, we proved that a ZTA for spacecraft is feasible.

This image depicts the transition from a traditional spacecraft communication architecture to a protected ZTA featuring encryption, secure boot, gateway intrusion detection, and zoning.

Figure 2. Launching into Zero Trust - This image depicts the transition from a traditional spacecraft communication architecture to a protected ZTA featuring encryption, secure boot, gateway intrusion detection, and zoning.

Planning Ahead with Digital Twins

Given the complexity in spacecraft design and development, we also recognized that our customers desire a way to develop their solutions for cybersecurity early in their design process. So, to complement our cybersecurity solutions, we developed a Digital Twin approach.

This realistic representation of spacecraft hardware allows us to fully test both system functions and ZTA protections before the spacecraft is built. This rapid prototyping approach saves resources and enables comprehensive testing of flight software and cybersecurity strategies early on.

By leveraging our design, analysis, and optimization expertise, spacecraft developers can address cybersecurity concerns from the outset, planning for robust protection against cyber threats. Our team and labs are specifically set up to accommodate a range of customer types, systems, and applications. We invite you to inquire and look forward to discussing your specific needs no matter what stage you are at in the development process.

To learn more, contact Henry Haswell or visit CyberSecurity Services and Space Robotics Engineering. And for more information about our range of services and capabilities in the space flight systems check out our brochure.