Space ISAC Watch Center Prepares for Cyber Threats in Space

Constellations spoke with Joel Francis, Watch Center Lead at the Space ISAC and Kevin Coggins, Senior Advisor to Space ISAC. ISAC stands for Information Sharing and Analysis Center, of which there are many supporting various industry sectors. The Space ISAC serves to facilitate collaboration across the global space industry and to help respond to threats that could come from anywhere, such as cyber. The discussion focused on the ISAC Watch Center, the expanding attack surface, cyber threats in space and the importance of information sharing.

Anticipate and Prepare

Coggins explained that the Space ISAC’s Watch Center exists to anticipate and keep pace with potential space threats to an expanding attack surface. The Space ISAC collects data from government, open source and its members in the commercial space community. The members have satellites, ground stations and user terminals around the world gathering all types of data about the satellite sector. He continued, “So, we can get an amazing data set that gives us information from all over the world where space infrastructure is. We get it from our members through individual submissions to real-time data feeds.”

Francis explained that in addition to monitoring the data feeds from their sources, the Watch Center catalogs it and shares the reports with members on a daily, weekly and monthly basis. He went on to say, “We’ve developed playbooks on how to investigate these incidents, how to report that information out, and that also includes a process for how we sanitize information we may receive from our members to protect their anonymity and build that trust.”

Attack Surface, Changing, Expanding

The goal of the Watch Center is to monitor all the threats and hazards to space systems. “We are seeing a lot of ransomware activity,” Coggins said. “We’re seeing a lot of external applications and software packages being targeted, and we’re also seeing a lot of RF interference. The big piece with that is correlating to [see] if it’s intentional or unintentional.” Coggins continued to say that while the attack surface for space continues to change and will continue to change, and threat actors continue to adapt, the Watch Center’s goal will remain the same.

With the attack surface continually expanding to include ground station uplinks, satellite downlinks and crosslinks, Coggins explained that the main method used to keep up with the growing attack surface “is characterizing the threat environment and identifying use cases to deploy to the Watch Center.” He referenced space weather as one of the threats the Watch Center monitors to identify potential impacts on commercial space systems.

Potential Cyber Threats in Space

While cyber attacks on satellite ground systems are common and increasing in frequency and sophistication, Coggins pivoted to potential cyber threats in space. “I think we’re going to see more and more of these types of attacks where people are generating RF signals with cyber information embedded to impact users or space systems. And then I think the big one that’s coming, given the ability to launch satellites into orbit, CubeSats, and really inexpensive things in low Earth orbit, you’re going to start seeing attack vectors happen in space to other space systems.”

He further explained that commercial satellites are now viewed as legitimate targets by adversaries. “So, as these satellites and space systems take on more missions … adversaries may look to target space systems as a way to disrupt supported critical infrastructure. There may be potential access vectors that attackers may look to exploit when targeting a space system that allows them to get into a system of interest.” He went on to say the idea of access and disruption is key to what adversaries are trying to do.

Sharing is Key to Space ISAC’s Cyber Strategy

Coggins further explained that information sharing is key to both national and international cyber strategy. “We collaborate with government via information sharing and collaborative sessions. We have many collaborative groups that focus on implementing standards and best practices including CMMC and Space Policy Directive-5. We also work with DHS CISA in their Space Systems Critical Infrastructure Working Group. And one of the advantages of being in ISAC is our ability to collaborate with international business and governments as well.”

Click here to learn more about the Cyber Vulnerability Lab, the Aerospace Corporation’s SPARTA framework and open-source data.