Last week, academic researchers from the satellite world – not Black Hat or DEFCON – said small satellites with propulsion systems pose a potential threat for being hacked and used against other satellites. The grad student team from Yale, University of Colorado, Boulder and Stanford University suggest operators start encrypting communications now and adopt a “No Encryption, No Fly” rule.
“Evaluating the Risk Posed by Propulsive Small Satellites with Unencrypted Communications Channels to High-Value Orbital Regimes,” a formal paper written by Andrew Kurzok of Yale University, Manuel Diaz Ramos, University of Colorado, Boulder, and Flora Mechentel of Stanford,” was presented last week at the 32nd annual Small Satellite Conference at Utah State University, in Logan, Utah.
From the abstract: “Propulsion systems for small-satellites are approaching the market. At the same time, some operators do not encrypt their communications links, creating the near-term potential for an unauthorized actor to send spurious commands to a satellite. At worst, an unauthorized activation of the propulsion system could precipitate a conjunction.”
Put another way, a bad actor could send unauthorized commands to a small satellite, with the worst case to direct the satellite to crash into – conjunction – another one. Consider for a moment the United States operates “exquisite assets” using optical, radar, and RF sensors in low Earth orbit (LEO) – “spy satellites” for the Tom Clancy reader or “national technical means of verification” in arms control jargon. These satellites cost hundreds of millions of dollars to build and launch. A 10 kilogram (22 pound) CubeSat costs around a million dollars or less to put into orbit.
While this sounds like the annual panic candy annually generated out of the Black Hat/DEFCON conferences, some chords are true while others are emerging technologies. Some small satellite operators don’t encrypt their satellite tracking and control or mission communications data links – anyone surprised at this should look at the poor security track record of the Internet of Things (IoT) for about 20 seconds. Reasoning to not encrypt communications on small satellites boils down to the same as IoT, faster time-to-market in a competitive high-growth environment and lower cost.
Any satellite operator working with the U.S. Department of Defense (DoD), including small satellite operators, typically needs to have encrypted links, as well as commercial operators taking pictures (imagery) of the Earth. Imaging firms have built-in incentives to encrypt because they don’t want anyone to steal their data.
Kurzok’s team modeled various scenarios using different propulsion types on a theoretical 10 kilogram nanosatellite in LEO. Using chemical propulsion, the satellite could move from low to medium Earth Orbit (MEO) within two hours, while reaching geostationary orbit with electric propulsion would take about a year.
The paper points a finger at university teams “not bound by U.S. government or other governments’ encryption requirements” being an issue, with the expensive of adding dedicated cryptography chips not being a priority for a “low-budget, one-off” satellite being built by an academic research effort.
If there’s good news, propulsion systems for small satellites are just starting to be tested and integrated. Adding propulsion systems to a small satellite enables operators to alter orbits, raise altitude to extend the satellite lifetime in orbit, and/or more precisely move the satellite into an orbit of interest; to focus on a region, for example.
In addition, the paper notes a difference between a Cubesat and a dedicated military anti-satellite vehicle is the latter includes an onboard seeker to track, follow, and finally collide with the garget. A misappropriated satellite without such a system to purposefully hit a target in LEO “is improbably, but still possible.”
Kurzok is encouraging the space community to integrate protected communications onboard small satellites incorporating propulsion voluntarily. If they don’t do so, governments could consider regulation requiring encrypted comm links before issuing a launch license.