These Space Travelers Won't Be Safe from Cyberattacks
Insurance organizations do not know how to quantify and predict the threat to satellites from cyberattacks.
Few things are as boring as insurance policies, but they can be less boring when they tell us something important about a critical threat to our economy and safety. A little-noticed development in the satellite insurance industry is doing just that.
Last December, Lloyd’s of London, an insurance company, announced a new satellite-insurance effort to protect the growing space industry against accidents like failing boosters and collisions in space. There is even the option to insure space tourists when that industry comes to fruition later this decade.
However, in many instances, policies from Lloyd’s, which has been in the space-insurance business since 1965, would not cover any losses due to cyberattack. In fact, Lloyd’s Market Association, which outlines “model” policies, identified the urgent need to begin addressing the risk of cyberattacks on satellites.
This is a big problem for multiple reasons. While failed launches remain one of the most likely causes of a loss of a satellite, unexplained malfunctions in space are close behind. For example, SpaceX has plans to launch as many as forty-two thousand space vehicles by the end of the decade for its Starlink broadband internet service. It already has eight hundred satellites in orbit. But some 3 percent of those are unresponsive and no longer maneuver in orbit. In the past, mechanical deficiency or damage from space debris would be logical culprits.
But as the cyber threat grows, suspicions about suddenly silent satellites will run wild. Cyberattacks on satellites could involve manipulating software to fire motors, turn on or off heaters to damage equipment, or sabotaging other systems. Most alarming is when a satellite goes silent with no apparent cause or explanation. Hardware on satellites can be decades old and vulnerable to attack using contemporary methods. Moreover, it is expensive and difficult or impossible to conduct an investigation of a faulty satellite in orbit.
By not insuring against this risk, insurance organizations aren’t saying they are unwilling to profit from charging satellite companies a little more than the expected loss from the danger—the standard model of insurance. Rather, they are saying they do not know how to quantify and predict the threat to satellites from cyberattacks.
This revelation is depressing and significant. It implies the expected payouts due to an unexpected cyberattack outweigh the value of the premiums paid to insurers; both an indication of the high cost of the losses, as well as the expectation that incidents could become common. It’s a safe bet given what we know about today’s world and technology.
Why is this risk growing? Where once satellites could depend on their place in orbit and nonstandard radios to keep them out of reach of hackers, cheap microcontrollers and software-defined radios mean that grounds stations can be built for only hundreds of dollars. In other words, the difficultly of physically accessing satellites in space is no longer the protection it was, nor are methods to reach them electronically particularly exotic anymore.
This matters because satellites are increasingly important to our national security and economy. Those who navigate planes and ships aren’t the only ones who rely on satellites for direction; many Americans increasingly use the technology to find their way around on a daily basis. The U.S. military, in particular, is critically dependent on satellites. While the Pentagon has plenty of its own orbiters for communications, much of its traffic is carried by commercial satellites. In addition to military and mobile applications, communications and commerce anywhere in the developing world would be particularly vulnerable to satellite disruption.
Given the complexity of upgrading communications software when in orbit (and the near impossibility of upgrading hardware) it is paramount that the satellites that are launched in the future be as secure as possible. Governments and private companies alike need to take this into account. Attackers are creating new types of attacks that were not even considered when most of the current constellations were launched. Software on existing satellites must be modified whenever possible.
The best approach to this challenge is to use explicit security policies and end-to-end authority to ensure those trying to access critical software are who they say they are. We can do this by relying on tried-and-true cryptography and widely agreed-upon standards. What is novel in this approach is not so much the technology used to secure satellites from cyberattack, but the willingness to do what is necessary.
To ignore threats until they are clear and present is lamentable, but all too human. To ignore them after that point would be foolish.
Jonathan Moore is the chief technology officer of SpiderOak, a secure-communications data and aerospace company.