Cybersecurity in orbit

The internet doesn’t exist solely on Earth anymore. That means the cybersecurity industry has a new challenge: how do you protect networks that dance in the space between our planet and others?  

The answer, according to Dr. Wendy Ng (Principal Cloud Security Architect at OneWeb), might not be as complicated as it seems.

At Black Hat MEA 2022, she introduced the work that OneWeb is doing to give more people around the world access to a reliable internet connection. They’re using low Earth orbit satellites to transmit signals to Earth-based assets, enabling connectivity in hard-to-reach areas.

According to research by the International Telecoms Union, about 2.9 billion people still don’t have internet access. And for some regions, slow internet is almost as limiting as no internet: Turkmenistan’s average internet speed is 4.49 Mbps, and Yemen’s is around 6.14 Mbps. Compare that with Monaco’s speed of 319.59 Mbps and it’s clear that internet users have a very different experience in different parts of the world.

And “there are economic, educational and social disadvantages to that,” Dr. Ng pointed out. “For those of us who are fortunate enough to have it, we may take the ease at which we have access for granted.”

What does a low Earth orbit satellite do?

“Instead of going direct-to-consumer, we partner with service providers and government organisations so we can leverage our connectivity in the most accessible and sustainable way,” said Dr. Ng.

“The satellites act effectively as signal transmitters. They communicate with a range of terrestrial systems, including user terminals (which could be on land, on sea, in the air), and they connect to ground-based gateways which act as a concentrator to aggregate the signal and share with local networks — existing fiber or radio networks.”

Through those networks, customers can use OneWeb’s services or others.

How do you secure a network in orbit?

From a security perspective, the satellites themselves are only a small part of the picture. Dr. Ng and her team have to look at the system’s entire architecture and identify its vulnerable spots.

“In terms of satellites, it’s actually quite difficult to brute-force it. They’re in the air, they’re in orbit, so physical security is pretty strong.”

And the way the satellites move adds to their in-built protection:

“Because the satellites move across the Earth’s surface at quite a rapid speed, if somebody were to try to attack a satellite from the ground, they’d only have a limited time to do that.”

So as with any Earth-based network, the most vulnerable areas are often the endpoints.

“If I’m an attacker, my best bet actually is the terminals. Because these are lightweight, mass-manufactured, there’s probably not much processing power on them for very secure encryption, and once they are in the customer’s hand it’s not always easy to provide updates and patching to secure those areas.”

Every part of the satellite infrastructure, and every user application, runs on software. So along with the terminals, the software needs to be a key focus for protection. Especially because up to 80% of all the code lines used in the software are open-source access – “these are code lines that everybody has access to. If you have a vulnerability in one of those code lines, that’s where you’re going to be most at risk.”

Cybersecurity is always about the whole picture

We think this is a really beautiful example of a reality across all cybersecurity operations. Even when you’ve got something that sounds new and exciting, like a constellation of satellites, security is only effective if it takes into account every single possible entry point into a network.

And cybercriminals don’t look for the biggest, most adrenaline-inducing way in. They look for the path of least resistance: and more often than not, that’s the device or software in a user’s hands.