In December, US tech giant SolarWinds announced it had been the victim of a major cyberattack – one which had gone undetected for months. In a fateful turn of events, hackers added malicious code to the company’s software system infiltrating the networks of the US Treasury, the Department of Homeland Security and parts of the Pentagon.
The breach sent ripples through the security world. For Marcus Fowler, director of strategic threat at autonomous cybersecurity AI company Darktrace, this attack is just the beginning. With over a decade of experience running intelligence operations in both physical and cyberspace at the CIA, he witnessed first-hand the danger of the security threats that lie in wait.
“I try not to be too fear-mongering, but [cybersecurity] is a ticking time bomb,” Fowler says. “Is SolarWinds a significant enough event to be a call to arms? I hope we don’t look back and say ‘that was the warning sign that we didn’t pay attention to’.”
But what if an attacker’s ambitions are galactic in scope? While this breach has helped shine a light on the vulnerabilities of software platforms here on Earth, experts have warned that the world is dangerously unprepared for a global disaster sparked by cyberattacks on space infrastructure.
An evolving landscape
For those of us going about our daily lives on terra firma, it is easy to forget just how dependent we are on space-based assets. After all, they are hundreds – if not thousands – of miles away and we rarely hear about when things go wrong.
However, much of the world’s critical infrastructure from air transport to defence is heavily reliant on space. With this dependency comes vulnerability, and space assets are an attractive target for cyber actors.
The pandemic has accelerated the digital transformation already underway, intensifying the threat landscape. “We’ve seen this spiking in digital dependency,” says Fowler. “With so many people working from home, new doors are opening from a vulnerability standpoint.”
Fowler believes this changing work environment has led to a new level of recognition about the critical role digital infrastructure and cybersecurity play in maintaining day-to-day business operations. When it comes to space, though, he warns that the consequences of a satellite cyberattack are “very often underappreciated”.
Given that space level threats are highly classified this is not surprising. Nonetheless, these attacks are happening with alarming regularity and can take many forms from the theft of satellite data to tampering with a space craft’s intended orbit.
Insider threats and supply chain attacks
For Fowler, one of the biggest vulnerabilities in the cybersecurity landscape is insider threats. According to the 2019 Verizon Data Breach Investigations Report, a shocking 34% of data breaches from analysis of more than 40,000 security incidents involved internal actors.
Fowler also highlights supply chain attacks as a cause for concern. He argues that SolarWinds has given people a much better understanding of what this type of attack looks like, helping them to recognise vulnerabilities from a software standpoint. But determining whether a supply chain attack is responsible for disruptions to space platforms can prove extremely difficult.
“When a rocket doesn’t function or something happens, it could just be part of the complex engineering that goes into it, rather than a malicious actor,” explains Fowler. However, he continues, over the past two years there has been a “leaning in and aggressiveness by nation states in terms of using cyber as a lever for strategic advantage – and that extends very much into space as well. A lot of the calculus that goes into nation-state attackers is about delaying programmes and stifling the success of engineering.”
A fresh approach to space
During his time working counterterrorism at the CIA – having previously led security operations in the Marine Corps – Fowler lived and breathed a threat-centric approach to security. “I couldn’t protect all US persons and interests globally so I had to focus on the actor and the potential attack vector,” he explains. “The revolution for me in the past year and a half has been how powerful the internal understanding approach to security is and the ability to enforce normal, allowing you to be threat agnostic.”
For Fowler and his colleagues at Darktrace, the way forward is a “human-AI hybrid” approach. “The ability to use self-learning where you don’t require retraining, where it is organically going out and learning and adapting, that to me is really powerful when you think about how it could be used to initiate investigations and protect satellites from threats,” he explains.
One of the greatest attributes of using AI in this context, Fowler continues, is its ability to self-heal. “Even when artificial intelligence is removed from the broader environment and any kind of threat intelligence updates, it’s still self-sufficient,” he says. “This is especially important in space because you don’t know what levels of connectivity you’re going to consistently have with the ground.”
He contends that both the public and private sector need to adapt their strategic approach and the technologies they employ. While he has been encouraged by the progress of private organisations in this regard, he says governments have demonstrated less agility.
SPD-5: A step in the right direction
However, there are encouraging signs that this may be changing. In September last year, the US government launched Space Policy Directive-5 (SPD-5), establishing a set of recommendations for protecting space systems from cyberattack.
“It’s a good start,” acknowledges Fowler. “The next step is to review [SPD-5] and work out how we can take it further, and turn the ideas into a reality. The Biden administration is bringing in a lot of cybersecurity experts in critical roles so I think cybersecurity is a top priority – I hope that space is part of the discussion.”
The biggest challenge, he says, will be figuring out who will be held responsible for enforcing the SPD-5 requirements from the various organisations within the space industry, and avoiding ending up in a “grey zone” as there is no single point of ownership.
Despite these concerns, Fowler believes there is an exciting chance for the public and private sectors to work in tandem to increase the resiliency of space systems. “If the partnership extends into not just taking the satellite up, but also how they’re secured and thought about in space,” he says, “there might actually be an opportunity for acceleration for the next generation of cybersecurity.”