Report: Pentagon Should Assume U.S. Satellites Are Already Hacked

Marc Ward/Shutterstock

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

As U.S. and its allies tether more of their military operations to government and commercial satellites, they need to start taking cybersecurity more seriously.

The U.S. and its allies need to double down on the cybersecurity of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report.

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyberthreats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday. “There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyberthreat to space-based command and control systems.”

While researchers stressed the importance of space cybersecurity for all NATO members, the U.S. has the greatest foothold in space by far. According to the United Nations, the U.S. currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyberattack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.”

Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention [they] deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. 

Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.