Cosmic Threats: An Introduction to Cybersecurity in Space by Samin Zaman

[Music] Thank you for joining me here today. My name is Seamine and I'm here to give a talk on cyber security as it relates to space. So these are two fields that I find very interesting and I hope that by the end of this presentation I'll have been able to share some of that interest with you all. To give a bit of context, humanity has been very rapidly expanding into space over the last few years. Uh and in the last three years, there have been more satellites that have been sent to space than in the three decades prior to that. So the chart on screen here is of the number of annual launches per every year. And you can see that there's

this huge spike within the last five or so years. uh and big part of this is thanks to innovations in spaceflight technology. So things like reusable rockets that have drastically reduced the costs of launching into space. Uh this has resulted in space becoming more integral to matters of national defense, emergency services and telecommunications. In fact, I believe the next talk in this room is actually going to cover using satellites for internet. So be sure to stick around for that if you're interested. Uh satellites in particular have proven to be invaluable in providing uh services to areas where groundbased infrastructure can't exactly be as relied on. So you can think of remote areas or underdeveloped areas uh or even

war zones. And with all that being said, let's take a look at how a generic satellite might operate. So when you're thinking of space systems, you can think of three different segments. The first one is the space segment. So this is the portion that is physically located in space. In our example here, it's the satellites. The ground segment is the segment that contains the groundbased infrastructure that's responsible for managing this space segment. So you can think of things like uh control centers or ground stations. And then you have the user segment. So these are the end users of the satellite services. So people at home enjoying satellite television or uh satellite internets. The communications going up from the

ground to the space is the up link. And the communications coming down from space to the ground is called the down link. And these communications you or these communication links use radio frequency technology in order to send information back and forth. With this picture in mind, consider how a threat actor might approach hacking a satellite system. What kinds of targets might they aim for? What kinds of tactics might they use? While thinking about that, I want to briefly introduce the CIA triad. I'm sure that most of you here are familiar with it, but for those who aren't, the CIA triad is a concept in cyber security that stands for confidentiality, integrity, and availability. And you can

think of it as the foundational pillars of cyber security. So confidentiality refers to ensuring that information is only accessible to those who are authorized to access it. So you can think of data breaches or other kinds of data theft as being attacks on confidentiality. Integrity refers to ensuring that the data that you have is accurate and trustworthy. So you can think of someone modifying financial transactions or sending fraudulent transactions. How do you know whether or not you can trust the data that you have or receive? And availability refers to ensuring that systems and services are available when they are needed. So an attack on availability could look something like a threat actor trying to take down a company websites.

Uh thinking back to the satellite diagram that we had, a threat vector that you guys may have identified is the communication links that use radio waves. Uh these communications are facilitated by the use of antennas that transmit and receive these waves. Uh and these waves will have a certain wavelength which is inversely related to the frequency of the wave. So that means that as the wavelength gets shorter, the frequency of the wave gets higher. You can imagine that the wavelength on the screen if it shrinks the peaks and troughs of the waves are going to grow more frequent. Uh these waves will also have a certain amplitude which you can think of as being how high the peaks in the waves

are. And this amplitude of the wave is directly correlated to the power that it carries. So the higher the amplitude, the higher the power. And waves will also have a certain phase. So you can think of this as being how far along in the wave cycle that the wave is. And in order to send information back and cross back and forth across this wave, you can modulate the phase of the wave uh and encode bits of information in that modulation. So you can imagine that some looking something similar to this where certain phases are mapped to ones and zeros and then as a transmitter you can send this wave out, let it propagate some distance and then a receiver can

receive the wave and then de modulate and recover the information that was sent. Uh it's also worth mentioning that you can modulate the amplitude or the frequency of a wave to send information as well in what's called amplitude modulation or frequency modulation or as they're more commonly known AM and FM radio. These modulation tends to be a bit more complicated to implement than AM or FM but it is used very often in space communications and the reason being that it can often allow for a higher bit rate meaning you can send more information across per wave. uh and it's also a bit more robust against noise. Uh which actually takes us to the next point

which is that the receiver does not always receive exactly what the transmitter sends as a result of interference from background noise. So if you have two or more waves being transmitted over the same frequency or very similar frequencies they're going to interfere with each other and the extent of the interference you can think of as the amplitudes of the waves being added together to form a net resulting wave. So the two examples here on screen are of the two extremes. On the left here you have two waves of the same frequency that are perfectly aligned. Uh and when you add the amplitudes of them together to get the net resultant green wave, it's just the same wave but twice

as powerful. And then on the right you have the opposite where you have two waves of the same frequency perfectly unaligned with each other. So when you add the amplitudes together the resulting net wave is just flat. Uh now coming away from these examples in the real world you're not going to expect the interference from background noise to be this significant uh and completely either amplify or destroy your signals. So in practice what does this look like on the receiving end. What you're looking at on screen right now is a BPSK constellation. BPSK stands for binary phase shift keying. Uh and what's happened here is a receiver has received a phase shifted wave and it's de

modulated into these two different points. And you can see how they're very nice and neat on this constellation diagram. And you can map them very easily to ones and zeros. This is what it should look like in theory. In practice, it doesn't again as a result of some interference. So you might see something more similar to this on the receiver end where it's still for the most part two relatively clean circles, but they're a bit noisier now, but you can still more or less map them to ones and zeros. Uh, and for the most part, background noise doesn't end up being too big a problem when you're transmitting these signals. uh and the receiver can recover the data in pretty

much every instance. But it does beg the question that what happens if there's other sources of noise? And that actually takes us to the first type of attack that we're going to be taking a look at today, which is jamming. So let's say we have a satellite in orbit that we're communicating with over a certain frequency. What happens if someone else starts sending signals on the same frequency to the same satellites? There's going to be an interference pattern. uh if the attacker is transmitting with enough power, it's going to result in significant enough interference that the receiver is ultimately going to receive gibberish. The two signals are going to clash with one another and it's just going to be a

jumbled mess and there the receiver is not going to be able to receive or recover any of the original information and it would effectively render the communication link unusable. So thinking back to our CIA triad, this is going to be an attack on the availability of our communication link. In terms of the BPSK constellation, again, this is what it would look like in theory when there's no background or when there's no jamming taking place and it's just the interference from background noise, uh, where you still have the two relatively clean points. When you have a jammer potentially involved in the equation, you could have something that looks more similar to this where there's significantly more

noise and you can't really draw two neat circles around the the ones and zeros areas. Uh, and you're going to lose bits. You're going to have some corrupt and unusable data. So how do you jam? Uh in the past there used to be significant hardware requirements to get into radio as a hobby. A lot of radio operations like modulation or de modulation uh filtering needed to be done using specific pieces of hardware. Uh but nowadays we have something called SDR which is softwaredefined radio and that takes a lot of these operations that used to be performed in hardware and uses software to perform them now. So some common kits that you can buy online like the ones on

screen here are the hack RF1 and the lime SDR. These are SDR hardwares that you can use to that has all the hardware you need to receive and transmit signals and you can get them for a couple hundred dollar if you pair that with something like GNU radio which is an open- source software and open source SDR toolkits you have everything you need in order to start receiving and transmitting signals. Uh in fact all the BPSK constellation diagrams you'll see in this presentation I generated in GNU radio. Uh you can also build your own antennas. There's guides that you can find online. The picture in the bottom left is of a Yogi antenna, which is a

powerful directional antenna that was fashioned out of a PVC pipe and retractable yellow measuring tape. So, both things that you can get your hands on fairly easily. And then, of course, if you have access to more sophisticated equipment, you can use that as well. So, let's take a look at some actual jamming attacks. One of the most common is those against GNSS systems or global navigation satellite systems. The one that you guys might be the most familiar with is GPS, which was launched by the United States. But there are other of these systems that exist such as the Galileo system from the European Union and Russia and China also have their own versions. On screen we have a screenshot

from the website gpsjam.org which you can visit on your own time and then you can see a map of areas where they suspect GPS jamming to be occurring. Uh this screenshot was from about a week ago and it's not 100% accurate. It's more of a guesstimate, but you can sort of see that the areas where there's higher levels of jamming tend to be around areas of conflict or areas of unrest. Uh, and you'd be correct. A lot of nation states use attacks on availabilities to help support their purposes or even further them. Some examples of this, one that you guys might be familiar with is the Russian attack on Viasat. So, this was back in 2022, just before the Russian

invasion of Ukraine. Uh, in the hours before the invasion, the Viasat satellite network went down. uh and it took down networks networks across Ukraine and large parts of Europe's as well and it impacted Ukraine's ability to respond to the invasion. It was a lot messier because of that. Uh countries might also use jamming as a form of information control. So this is an article from a few years ago now of North Korea aggressively jamming BBC's Korean language services because they didn't want any North Korean citizens to be listening to anything that wasn't state sponsored media. Uh, in fact, it's actually illegal in North Korea to listen to anything other than state-run radio and all radios sold by state shops

in North Korea are fixed tuned to government frequencies. We'll be seeing both of these incidents again later in the talk. So, let's take a look at some jamming attacks in particular against GNSS systems. Uh, between April and May last year, flights to Tartu Airport in Estonia were suspended as a result of ongoing GPS interference that would have made it unsafe for incoming aircraft to land. Uh and tragically last December after flying through a an area of GPS jamming an Azerbaijani plane crashed and ultimately fatally killed a number of people. So how do we mitigate jamming attacks? One of the possible mitigations is what's called DSS or direct sequence spread spectrum. And what this involves is instead of transmitting your signals

over a given frequency, a certain frequency, you transmit it over a wider range. Uh and the result of this is that if a jammer were to try and jam any specific frequency, the overall impact of the jamming is going to be less disruptive because the signal has been spread across uh this wide range. Another potential mitigation is FHSS or frequency hopping spread spectrum. The way that this works is that as you are transmitting the signal, you're rapidly switching which frequency you're transmitting over. And the idea is that by the time an attacker figures out which frequency they need to jam, you will have already changed to the next frequency. So they're always going to be

a step behind you. Uh and of course in order for this to work, the pattern by which you switch frequencies is going to have to be unpredictable. Uh and so it's only known to the legitimate transmitters and receivers. So implemented correctly, it should be based the switching pattern should be based on a shared secrets. Uh another potential mitigation and perhaps a an easier one or a more straightforward one is to just transmit the legitimate signal with a lot more power which would overpower the jammer's jamming uh and the receiver would be able to receive the signals. This of course assumes that we have the facilities to to transmit with more power which might not always be the

case. And that also begs the question you might be asking isn't it possible for the threat actor to also transmit with more power. What happens then? What happens if a threat actor is able to over and overpower and dominate the original signal? And that takes us to the next set of attacks that we'll be taking a look at and that's spoofing and hijacking. So on screen we have the same example that we saw earlier of a legitimate transmitter and a malicious transmitter transmitting to a satellite and the signals clash and it results in gibberish. Uh but once the jammer's transmission becomes sufficiently more powerful with respect to the original transmission the the attacker's transmission is going to dominate it

overpower the original signal and the original signal essentially becomes background noise to the jammer's transmission. Uh so when the receiver de modulates the signals that it's receiving uh it's going to be extracting the information that the jammer is sending or our threat actor in this case. And then thinking back to our CIA triad now this is an attack on the integrity of the data that we're receiving at the receiving end. In terms of the BPSK constellation uh again this is what we might expect to see in the normal circumstances with just background noise at play and the legitimate signal. Uh when we have a hijacker the constellation could look something similar to this. Uh and you'll

notice that they're very very similar uh diagrams. And the idea here though is the constellation on the bottom. It's when you de modulate the bits bit stream the data that you're going to be recovering is not the legitimate data but the data that the transmitter has sent. And the noise that you see in the bottom diagram is mostly as a result of the legitimate signal and not actually background or the standard baseline background noise. So let's take a look at some hijacking attacks in the real world. One of the first widely known attacks was done by someone under the name of Captain Midnight in 1986. Uh you can see a transmission that they sent out to a

bunch of people watching television. Essentially, this is someone who was upset about recent changes to a subscription service for satellite television. Uh and they broadcast this message out to uh a broad audience on the TV channel. The the year after that was the Max Max Headroom incident where someone dressed up as the character Max Headroom pictured on screen. uh sent out a message during a Doctor Who broadcast where he basically rambled for about a minute uh before it cut to a clip of him with his pants down and someone striking his bare butts with a fly swatter. Uh that's not pictured on screen. Uh there was also the incident of Fallon Gong who hijacked Chinese television in 2002

during the World Cup to broadcast a message out to Chinese citizens uh speaking up out against the Chinese government. And this is the first case of a number of incidents where activist groups have been using hijacking attacks to try and get their message out to broader audiences. Another interesting example is that of the Brazilian truckers in 2009 who hijacked what used to be a US Navy satellite and basically used it as a personal radio system where they were just talking to each other over this US military assets. Uh the United States was not particularly too happy about that. So don't try that at home. Uh you might ask yourselves, how is it possible that people can use satellites

to broadcast videos of themselves getting spanked? Uh isn't there any kind of security measures against that that would prevent that from happening? Uh and the answer is there really wasn't. The early satellites that were used for television were mainly there to just be able to broadcast to a large part of the world from a single point. So a satellite in what's called geostationary orbit or geo can see about onethird of the Earth's surface at any given time. So, as you can imagine, this is a very effective way to get a signal across to a really large audience at one go. Uh, but these satellites were designed only to do that, where they would receive a

signal up from a station and then rebroadcast that down to this large audience on the earth. Uh, and the you might hear them be referred to as bent pipes, where they receive a signal in one end and just redirect it back down to the earth through the other. Uh so in theory, anyone who could transmit a powerful enough signal to the satellite could have it be repeated back down to the entire audience, which is how attacks like the Captain Midnight and uh the Max Headroom incident occurred. Uh a natural question then is how do people broadcast signals strong enough to overpower the original signals? In order to answer that, let's take a look at some antennas. So this is an antenna

that we we saw earlier in the talk, the Yagi antenna that can be built and used by amateurs. Uh, it's very impressive and you can have a lot more powerful antennas than this too. But it's worth asking how can you use this to compete with ground station antennas when they look like this then they're the size of buildings and things like that. Uh, while we're on the slide, it's also worth noting that it's not just amateurs we're concerned about pulling these attacks off. It could also be nation states or other entities with access to far more sophisticated equipments. Uh, so the comparison would fail there. But it is still worth it's still worth asking why is it possible that amateurs

can compete against these large large huge billion dollar projects and things like that. Uh so let's take a look at what's called free space path loss. Uh this is a concept that explains how signals get weaker and weaker the further away they get from the point of transmission. So as a signal needs to cover more space, it's almost like it gets stretched thinner in order to cover that space. Uh the equation that's used to calculate free space path loss is there on screen. And as you can see the as the distance away from the transmission point gets larger the free space path loss grows larger exponentially as well to the power of two. So the power drop off of the signal

is drastic the further away you get from the the source. So far in the presentation I've been using arrows to represent the signals being sent back and forth. But they're not exactly the best representation. A better representation would be to use cones that grow wider and wider the further it gets away from the point of transmission. So in this example here, we have a satellite in orbit that's somewhere over the earth and a ground station is positioned fairly far away from it in this point in the orbit and you have a threat actor that's has a closer physical proximity to this satellite. So if the ground station is transmitting signals towards the satellite, it has to

cover a much greater distance and by the time it reaches the the satellite, the free space path loss will have been able to work over a much longer distance and the signal is going to get significantly weaker. So even if an attacker's original transmission is weaker with respect to the ground station transmission, uh by the time it reaches the satellite, it'll be more powerful or it could be more powerful if the attacker has sufficient hardware to start with. Uh the majority of satellites operating in space are in what's called LEO or low Earth orbit, which is between 160 km and 2,000 km above the Earth's surface. uh and it's always the case that for a satellite in

LEO that there will be points in the orbit where someone can potentially have a proximity advantage to the satellite. So as you can imagine these satellite as it's orbiting the earth will by its nature be physically moving further and further away from the legitimate transmitters at certain points. Uh we've been taking a look at how it's the signal gets weaker as it goes towards space. So on the up link, but it also works on the down link too. So as you can imagine, if a satellite is transmitting information back down to the earth, it has to cover a lot of ground before it reaches the end users. Uh and as such, if you're an attacker

based on the ground, you can have a very significant proximity advantage to the end users. Uh so you can also try spoofing these signals from the satellites in order to get in order to fool the end users. So let's take a look at some spoofing attacks. Uh a common or one example is the GPS spoofing in the Black Sea back in 2017. So, this was an incident where over 26 ships in the Black Sea had their GPS locations sporadically jump uh and it didn't make any sense. So, it seemed like ships were going through the middle of a country sailing through inland and all of a sudden their navigation systems couldn't be relied on. Uh on a bit of a

lighter notes, there's also Pokémon Go GPS spoofing. Uh for those of you that aren't familiar with the game Pokemon Go, it's a a mobile app that you can download that allows you to progress uh as you physically move around in the real world and it uses your GPS to track that. Uh so a lot of people have turned to GPS spoofing to try and fool the app and progress in ways that they wouldn't otherwise be able to. In fact, it's actually quite straightforward to spoof your GPS on mobile devices. And there's applications you can download on your phone that will do that for you. There's also several cases of people who drive vehicles for work that contain GPS

trackers uh who spoof their GPS location so that their workplace can't track where they're actually taking the vehicles to and they've gotten in a lot of trouble for that especially when they drive nearby a airports and disrupt signals uh from there. So how do you mitigate against spoofing attacks, spoofing hijacking attacks? You can use authentication on the communication links. So, this allows for receivers to disregard any communications that aren't authenticated and still allows for legitimate signals to pass through. Uh, in particular, what you're looking at on the screen here is one of the standards, the space data link security protocol. Uh, we'll be taking a closer look at it later on in the talk. Another potential mitigation

is using angle of arrival calculations. So if you receive a signal from a certain point, uh if you're not expecting to receive that signal from the angle from which it came, you can disregard the signal and it should help to prevent against proximity based hijacking attacks. Okay, so we've we've talked about how these signals can be more better represented as cones traveling away from the point of transmission. So when you have a satellite that's as we've mentioned transmitting from space down to the earth by the time the signal reaches the earth it's the cone of the transmission has grown very wide. So in theory anyone within that cone can receive the signal and listen in on what

you're talking about which is the next type of attacks that we'll be covering which is eavesdropping. Uh this is an attack on confidentiality thinking back to the CIA triad. Uh we talked about how satellites in geostationary orbits or geo can see about onethird of the earth's surface at any given time. Uh so in theory anyone within that third of the earth's surface would be able to pick up those signals too. Uh some examples of eavesdropping attacks a common one is television piracy. Uh so if you are someone who does not pay for television sub or for satellite television uh these signals are most likely still being sent to your place and all you would need is really

the satellite dish that would receive those signals. Uh if you have that hardware you can watch the television for free. Uh and a lot of people have gotten in trouble for that so don't do that either. Another common example is signals intelligence. So the article on screen is that of or signals intelligence. It's something that nation states and militaries use in order to try and gain more intelligence on adversaries uh and sort of help with their defense programs. Uh and the article on screen here is of Echelon which is from the five eyes. The five eyes if you guys aren't familiar with it is the United States, United Kingdom, Australia, New Zealand and Canada. And

it's sort of an agreement that they're going to share intelligence amongst each other. The Echelon program in particular was intended for monitoring the the communications of the Soviet Union uh and it ended up intercepting satellite communications worldwide. So one key thing about eavesdropping attacks that makes it different from the other ones that we've been talking about is that eavesdropping attacks are very passive in nature compared to jamming, hijacking or spoofing. All you're doing for an eavesdropping is just listening in. You're not transmitting anything else. So these attacks are extremely difficult to try and detect. Uh, and since all you really need is some hardware in order to pick it up, they're fairly straightforward to pull off as

well. So, you will find a lot of pincences of people trying to do this. The YouTube channel that you see on screen, Save It for Parts, is a fantastic example of this. He's a very smart guy. He's got a lot of videos on satellites and radio in general if you're interested. So, I'd highly recommend checking it out. The two videos that I've selected are just two out of the many in his catalog where he shows how to retrieve data that's being sent down from satellites. This is an attack that we've seen before. Uh North Korea jamming out Korean language services. So at the time I mentioned how in North Korea, anything other than uh radios that are fixed

tuned to government frequencies is illegal to be sold. So you might have asked why is it North Korea then bothering to try and jam out these other transmissions if they only if they're already passing these laws in place? Uh, and part of the reason for that is likely because of how easy it is to pull off an eavesdropping attack and how difficult it is to detect when someone is eavesdropping. We've been mostly looking at eavesdropping on the down link so far and that's because as the signal goes down from the satellite to the earth, the cone of the transmission gets wider by the time it reaches the earth. Uh, so there's a lot more potential areas from

which you can eaves drop. Eaves dropping on the uplink, however, is a lot more difficult because the transmission is a lot tighter when it's near the Earth's surface and it only grows wider as it goes up to the satellites. Uh it's not impossible, of course, especially nowadays with the advent of drones. So, you can if a threat actor is motivated enough, they can potentially use these to fly into the cone of transmission and then ease drop on on uh transmissions that way. And then of course if you have the if you're a nation state or any other entity with the resources you can have dedicated hardware in space for eavesdropping. So you can take advantage

then again of the wider cone spread. Uh with that being said let's take a look at some spy satellites. Uh one of the first publicly known examples of this is the galactic radiation and background satellite launched by the United States in 1960 or grabb. Uh this satellite had the primary mission of studying galactic radiation and a secondary mission or a secret mission of eavesdropping on Soviet communications. There's a lot of cases of these kinds of satellites where they're being sent up with some kind of primary purpose. Uh but later on it's revealed that they're using the satellite also for eavesdropping attacks. Uh one that's a bit more relevant to today's talk and a bit interesting is that of K in 2018. So,

OMK was a Russian satellite that approached another satellite in orbit. Uh, the other satellite being Athenapidis, which is a Franco Italian satellite that's used to share intelligence between the French and the Italian armies. Uh, and France alleges that because Russia tried to perform this close uh approach in orbit. They were potentially trying to eaves drop on the communications being sent back and forth between the Athenifi satellite. So, we have on our hands here a case of potentially eavesdropping on satellites using other satellites. So, how do we mitigate easedropping attacks? As I'm sure a lot of you realized early on, we can use encryption on the communication links. So, here's that STLS protocol that we saw again

earlier when we were talking about authentication. We're about to get into more detail about that. Another potential mitigation is called digital beam forming. So how this works is instead of having a single antenna that's transmitting a signal, we instead have an array of antennas that are transmitting slightly different signals that take advantage of constructive and destructive interference to focus this transmission over a certain points. So as you can imagine, this would have the effect of narrowing the cone down of the transmission and reducing the potential places from which an eavesdropping attack can be uh committed. So let's take a look at this SDLS protocol or security data link sec space data link security. Uh this was created

by the consultative committee for space data systems the CCSDS which is an organization made up of experts from 28 different countries with the common goal of aiding space exploration and expansion. Their space DLS the SDLS protocol outlines a standard for meeting authentication and confidentiality needs on data links for space missions. So for in general for missions that require authentication and encryption the recommendation is AES 256 with Galloy counter mode. Uh this is an algorithm that provides both authentication and encryption on the same algorithm. Uh if you guys are familiar with the OSI model this is a protocol that operates at layer 2 or the data link layer as the name might suggest. Uh this is a bit

interesting because a lot of the protocols on earth that we might see related to security and encryption operate at higher levels. So things like ipsec or TLS at layers. Oh yeah, I ipsec and TLS at layers three and four. Uh and one key difference for this artic for this protocol is that there is minimal bandwidth overhead. So you want to keep the transmissions to a bare minimum when you're transmitting down from space. And the reason being that reason being for that is that there's a number of challenges. One of the things that we've seen before is the physics and distance. So, if you think back to free space path loss, the amount of power that you need to transmit down

from space to the Earth's surface is significant because you need to account for all the power that's going to be lost on the the way down. Uh, and power is a big challenge on spacecraft because you are extremely limited with that. It's not like here on Earth where you can hook up a satellite to the electrical grid and start drawing more energy as you need it. With satellites, you're limited by the solar panels that you have. So if you have a requirement for for more power, you need to re-engineer, redesign the satellite before it gets launched into space to have better solar panels or more solar panels. Uh so for every bit of transmission that you can save, it's

makes a huge impact on the power budget of satellites. Uh another potential constraint is the hardware. So space in general is a very extreme environment. So you can think of the uh the vacuum up there or the extreme temperatures and the cycling that it goes through as it's going out of direct in and out of direct sunlight and in particular the high levels of radiation that hardware and satellites are going to be exposed to. There's a lot of potential things that can go wrong. It's a very harsh environment. Uh and if something does go wrong, there's not really much you can do because you can't exactly send someone up there to replace a circuit. The satellite ends up

becoming useless and you don't want that to happen because it's very expensive to launch things into space. So when you do launch things into space, you want them to be extremely reliable. You want them to be extremely resilient as well. Uh and that often means that keeping their operations as simple as possible because the more in general, the more complicated your operations are, the more potential points of failure you have. Uh and you're trying to avoid failure at all costs. Here the picture on screen is Oh,

yes. See, sorry. Okay. The picture on screen that we're seeing here is of the RAD 5545 computer. So, this is a radiation hardened computer that's designed specifically for space. And these radiation hardened chips take significantly longer to design. And as a result, that means that the chips that are approved for use in space are always significantly less powerful than the ones that we have available here on Earth. uh we're talking orders of magnitude less powerful and as you can imagine a lot of satellites that are in space have been operational for decades and they were launched decades ago using the hardware that they had back then. So you can imagine how outdated some of these legacy systems could be.

Uh and these are all things that we need to consider when we're designing protocols that we want to for communications between the ground and space. Another thing that we're going to take a look at is supply chain attacks. So you guys may be familiar with this attack. Uh about a year ago, there were a number of pages that exploded across Lebanon and it's believed that Israel tampered with the supply chain of these pages before they reached the end users. Uh and this goes to highlight that supply chain attacks are very real and you need to be very cognizant of them. Uh with space systems, you have very large and complicated systems. So it's extremely difficult to do everything inhouse. We

mentioned the radiation hardened chips. Not everyone is able to produce those. So you're going to be often relying on vendors for these kinds of things. uh you're going to be relying on a lot of different vendors to develop an entire satellite or something that's graded for space use. Uh oftent times these vendors are going to be located in different parts of the entire world. So you want to make sure that you're following best practices for that for ve for vendor management. Uh satellites also have very long development cycles. So there's a lot more opportunities for people to try and sabotage your missions. Uh and lastly, like we mentioned, the inability to replace an orbit. Even if you've

identified that your mission has been sabotaged, once the satellite has been launched, there is nothing you can do. So you really want to make sure that while it's still here on Earth, you're following the absolute best practices for for vendor management and insider risk. This is another attack that we saw earlier. Uh this was of the Russian attack on Viasat before their Ukrainian invasion. This actually was not an attack on the satellite or the communication links. This was good old-fashioned malware. So what had happened was the KASAP modems on the ground were hacked using a malicious firmware uh and it knocked out satellites for thousands or satellite networks across entirety of or huge portions of Europe, entirety of Ukraine

uh and affected tons of people and again their ability to respond and it only goes to show that we need to be following the best practices here on Earth as well in order to secure our space-based systems. Uh there's also several policy and governance challenges. So, as is often the case with all kinds of technology, there is very rapid expansion and very slow regulation. So, we talked about how the expansion into space has exploded within the last few years. The latest outer space treaty that was signed was the outer space treaty OST and that was back in 1967. And that's pictured on screen right there, the signing of that treaty. Since then, there hasn't really

been any other massive international agreement where countries come together to agree on the modes of operation in space. Uh, another thing to consider nowadays is the commercial versus national security interests. So, a large part of the push into space now has been coming from the private sector. There's been far more private companies expanding into space whereas previously it's only been nation states. Uh, and this is interesting because a lot of the private companies may not always have security as a top priority. A lot of them might be prioritizing innovation and trying to get in and trying to get technology into space as fast as possible to beat out the competition. uh which may be at odds

with what nation states want especially if nation states are relying on some of the infrastructure that these private companies are sending out there. Another challenge is the need for multilateral cooperation. So there's only one space. If someone wants to send a satellite into orbit, if a nation state wants to, they have to coordinate with every other nation state that has sent satellites into orbits and every private entity that has sent satellites into orbit and everyone that wants to send in the future. And these people are often adversaries and don't like each other. But you need to coordinate where your satellites are going to be orbiting around and what frequencies they're going to be using so they don't

interfere with one another. Uh so that's also a really big challenge especially when people don't like each other that much. The last thing we'll be taking a look at in the talk today is technology and its tendency to advance. So part of the reason why there's been such rapid expansion into space is because of tech developments in technology that have made it easier to build reliable ways for us to get into space. And just as how radio wants to revolutionize tele or communication technology, new tech has already become become begun to emerge to start to address some of the limitations of radio. A great example of that is laser. So on screen here we have a an

experiment that sat that NASA was able to suess successfully conduct of a two-way endto-end laser communication system where they're communicating between the earth and the the satellites using laser. Uh and what's nice about laser is that it offers higher bandwidths and the beam of transmission is significantly narrower. So it directly addresses some of the uh vulnerabilities that we covered in the talk. Uh Starlink has actually already implemented this for communication between their satellites in space. Uh which is pretty sick. Uh so as new threats emerge, so will new technologies to help address them. And space has always been a challenging environment, but thankfully there's a lot of smart people in the world, many of whom are

working on exactly this. So, I'm confident that we can build a safer space domain for the future. That brings me to the end of the talk. Thank you all for listening and I'm happy to take any questions. [Applause] Any questions? I believe it's 11:17. We still have until 11:25. Any interesting questions for space security? Yes, please.

So what's the advantages of using laser when it comes to um communications uh from earth to the orbit or orbit to the orbit between satellites. >> So one of the key advantages is like we talked about how radio frequency tends to propagate more as it travels a further distance. Laser tends to stay a lot more focused. So if you think of laser pointers for instance, you can point it at a long distance and it's still going to be pretty tight compared to something like a flashlight or that would spread out a bit more as it's going across. So the advantage of having the tighter tighter spread is the fact that eavesdropping attacks is a bit more

difficult. So there's fewer locations from which you could have a thread actor that's listening in on your communications. On that same note, um what about you know flights travels and how does the laser communication you know disrupt flying other other aspects of it? >> Uh it's it does disrupt them. Uh it's one of the limitations of laser. It's also it's a technology that's in development right now. If you are using high-owered lasers to communicate between the ground and space, there's that's also going to have to be something that's coordinated. Uh you're going to have to be very careful with it, too. You want to make sure that you're aiming the lasers at the correct places. Uh and you want to make sure

that your transmissions aren't too powerful because you don't want to accidentally create something like a death star. >> But yeah, >> sorry, one more. Um when it comes to encryption, um does laser provide additional know? >> Not really. any encryption protocols you can use on both at least as far as I know are equally applicable to RF and laser. I have a question Zamine it's very intriguing conversation in fact two questions if I may. One is related to you mentioned satellites the adversary satellites can act as um as easedroppers for the real receiving satellites. Can these satellites also be used for uh jamming or hijacking in space as those kind of attacks with proximity to each

other? >> Yeah, absolutely. As long as the they have the power to transmit uh you can use them for that those purposes as well and you get you'd gain a significant proximity advantage in doing that too because you're right there in space next to them. >> Right. The other one I had was more around um EMP. Everybody probably heard of EMPs. They have been the science fictions of the world in the past too. So any thoughts on electromagnetic pulses and would that be of a issue for frying out electronics in space or whatever the case may be? >> Uh yes that would be uh it's something you'd have to consider. Uh there's not really too much you can do against

anything that would be coming from the sun or anything out externally. Uh you just have to hope that again like you have the hardware that you have uh like the radiation hardened chips are strong enough in order to resist that. >> Any more questions? >> Yeah. Um just uh just a question on jamming and bringing um the uh context closer to the earth's surface like in the Ukrainian Russian war there's a lot of drone attacks and I think they use jamming as a counter measure are the principles the same on the jamming um like in that context as the ones you described in cyber or in in outer space >> yeah so anything that would be using

radio frequency communication you can jam in these similar similar ways. >> Okay. Thanks. >> Yes sir. >> Uh great great discussion today. Um so part of the counter measures around uh jamming that you discussed uh would likely so you know potentially spreading across a broad spectrum or um using other encryption protocols. Um, we've already got the satellites out there. So, this isn't this I'm assuming this wouldn't be a quick fix just to flip over to a broader spectrum. Um, in terms of counter measures against against jamming, particularly if I think about for for GPS. Um, maybe if you could just talk about what that what that timeline would look like if we did want to if there was appetite to

potentially put in those uh those counter measures. >> Uh, yeah, for sure. You mentioned GPS. That's actually a very challenging thing to prevent jamming against. You'll notice that a lot of the examples I brought up were GPS. Uh just the nature of GPS is that you want the public to be able to use it. So if our devices are need to know what frequencies they're operating over, so will the threat actors. So that's always going to have to be public knowledge. Uh so even if we can implement things like FHSS or DSS on those GPS satellites, uh in order for us to be able to receive the signals and communicate effectively, uh so will the

threat actors. So these frequencies are always going to be wellnown. Uh you also mentioned the problem of implementing these technologies once they're in space. Uh that's exactly right because the GPS in particular has been launched so long ago. Uh it doesn't support any of these any of the new technologies. So GPS in particular is a bit older but uh Galileo by the European Union I believe has authentication on their their GNSS system. So it would help to prevent the spoof for spoofing and hijacking attacks. Uh but again against jamming there's not really much you can do when it comes to GPS. Uh and all of these considerations are more for the future. So when you're designing space missions

you want them to last like decades long essentially. Uh a big consideration nowadays is actually quantum computers. So if you're launching a satellite today that you want to be operational for decades to come within the next few decades if you're anticipating quantum computers to exist the encryption that you're using needs to be quantum resistant as well. So the challenge is partly just always designing for the future. In terms of timelines, I don't know if anyone want plans to replace GPS anytime soon because it is so widely used. It would be a very disruptive process to just take the entire thing down and replace it. >> Any more questions? >> One more question I have. Um

you mentioned about every processing chip need to be uh compatible with you know radioactive material in the space. Have they actually looked at having all the chips being part of a cover that basically uh you know protects against radiation so that the chips can be a regular chip that we use in the earth rather than you know build every single chip which is uh cover which has a coverage to radioactivity >> that has been looked at but you need protection on both. So satellites in general will have a lot of protection around radiation because they have a lot of complicated systems. Uh so the satellite itself is going to be radiation hardened but then the chip

itself you also want it to be uh and I guess you might be able to risk having slightly less radiation hardened chips in space while still being operational. But it is a huge risk that you would be taking because again if your chip fails you've just wasted millions or potentially billions of dollars trying to get that into space and now you have unusable satellites. >> Thank you. All right, we are over on the time and uh definitely a very intriguing presentation. Thank you Zaman. Maybe a quick round of applause for our speaker here.