ENISA’s recent report on the cybersecurity of Low Earth Orbit (LEO) satellite constellations providing telecommunications services (LEO satcom) summarizes various threats and risks (technical, financial, and commercial). The scope of potential attacks includes both common attack vectors and space segment specific types of attacks.
Common Attack Vectors
Low Earth Orbit (LEO) satellite communication (satcom) systems face a variety of cyber threats due to their increasing role in global communications, including internet connectivity, navigation, and military applications. The most common cyber threats faced by LEO satcom systems include:
- Eavesdropping: Unauthorized interception of satellite communications can lead to the compromise of sensitive information. This threat is particularly concerning for military and governmental communications, but it also affects commercial entities.
- Jamming: Intentional interference with satellite signals disrupts communications. Jamming can target the uplink (from ground to satellite), downlink (from satellite to ground), or both, causing denial of service to legitimate users.
- Distributed Denial of Service (DDoS) Attacks: These attacks involve overwhelming the satellite network’s resources by flooding it with malicious traffic, potentially from multiple compromised bots or systems. DDoS attacks can disrupt service for all users of a satellite network.
- Spoofing: This involves the creation of fake signals or data to deceive satellite systems or users. Spoofing can lead to the misdirection of communications or the provision of false information, with potentially dangerous consequences.
- Hijacking: Attackers may gain control of the satellite itself or its communication functions, allowing them to alter or disrupt operations. This could include changing the satellite’s course, shutting down communications, or using the satellite to broadcast malicious data.
- Software Vulnerabilities: Like any other computer system, satellites and their ground stations can have software vulnerabilities that attackers can exploit to gain unauthorized access or disrupt services. These vulnerabilities can arise from outdated software, insufficient security protocols, or flaws in new software deployments.
- Supply Chain Attacks: Attackers may target suppliers or components of the satellite communication system to compromise the security of the entire network. This can include tampering with software or hardware before it is launched into orbit.
- Physical Attacks on Ground Stations: While not purely cyber in nature, attacks on the physical infrastructure supporting satellite communications, such as ground stations, can have significant cyber implications by disrupting control and data flows.
Space Segment Specific Attacks
The satellite-specific attacks outlined in the report include classic attacks targeting user/control segments and attacks on the satellites themselves, known as the space segment. Major past incidents highlighted in the report involve data theft through reverse engineering of user links and denial of service attacks on both ground and space segments. The report emphasizes the unique cybersecurity challenges faced by LEO satcom systems, such as payload hijacking and platform hijacking, due to their global assets, higher financial risks, and the nature of the threats.
The cybersecurity landscape for LEO satcom systems is complex and requires a multifaceted approach to defense, including encryption, secure protocols, regular software updates, and vigilance against emerging threats.
