CyberSat in Reston, Virginia, on Nov. 18. Photo: Via Satellite

RESTON, VIRGINIA — Ransomware in space and the possibility of satellite kidnapping were just two of the scary future threats against space systems discussed at the CyberSat conference in Reston, Virginia, on Monday.

The FBI has already observed hacking attempts against satellites in orbit, said David Bray, a former career federal IT official and now distinguished fellow at the Stimson Center think tank in Washington, D.C.

Increasingly, satellites are equipped with the means to update software, firmware and even eventually hardware while in orbit, Bray said. But that creates a broader attack surface for hackers and other cyber attackers, he said, noting that ransomware gangs, flush with billions of dollars they’d earned from their crimes, and often acting at the behest or with the connivance of national governments, are investing heavily in R&D.

“That’s probably going to happen … the first ransomware attack on a satellite in space, given how fast things are moving in political events,” Bray said. “[We may not know] whether it’s a true non state actor, or an adversary nation, hiding behind non state actors.”

The scenario becomes scarier still if you contemplate that most satellites are designed to be able to maneuver on orbit to a limited extent, a capability that means a successful cyber-attacker might be able to crash a hacked satellite into an orbital neighbor, said Col. Erica Mitchell, commander of U.S. Space Force’s Delta 26, the unit that defends the nation’s spy satellite agency the National Reconnaissance Office from cyberattacks and online espionage.

“Satellites, if taken over by an unfriendly force, can become weapons as space debris, if being driven by the wrong person,” Mitchell explained.

There are more than 100 million objects greater than 1 mm in diameter orbiting the Earth, according to IARPA, the scientific research arm of the U.S. intelligence community, which has a program to develop technology to track them. Because of the huge speeds involved, over 22,000 miles an hour, even tiny objects can cause significant damage.

“Once you start to contemplate that,” said Megan Moloney, a former FBI analyst now associate director of the Defense & Security Segment for the consulting firm Guidehouse Federal, “the idea of a satellite hijack is chilling.”

As the U.S. and its rivals work toward on-orbit servicing for satellites, that same technology could enable their capture, diversion or even destruction, said Bray.

“At the same time as we build the vehicles to be able to do this [on-orbit servicing], we also are probably pushing closer to the first great train robbery in space,” he said.

Agencies and their leaders need to start thinking now about counter-measures, deterrence, and how to calibrate their actions if it happens. “What is the proportionate response, if and when a country takes your satellite hostage?” Bray asked.

Meanwhile, the system of rules and international treaties in place to assure the safety and security of space systems on orbit is under increasing pressure from the growing numbers of players, and the growing willingness of some to push the envelope of allowed behavior, like the Russians putting a nuclear armed satellite in orbit.

Bray cited unconfirmed reports earlier this month suggested that the Chinese made unannounced changes to the orbit of 22 of the 60 satellites in their BeiDou constellation, which provides a global position, navigation and timing (PNT) service, much like GPS does for the United States.

“But in theory, you’re supposed to announce these kinds of orbital changes to the ITU before you make them. But it looks like we could be going into a world in which some countries are testing these norms,” Bray said.

And these escalating threats may not come just from nation states directly, added Moloney.

“The future threat is tricky, because the threat that is now is really getting everybody’s attention,” she said.

With more players and more commercial players in space, future threats to space systems could include commercial entities acting either at the behest or with passive compliance from an adversary, Moloney said. One non-space example of this is Yvgeny Primakov, who set up the Internet Research Agency, the troll farm in St. Petersburg which carried out the hack and dump operation against DNC officials in the run up to the 2016 election.

Beyond even commercial entities, the barriers to entry for cyber attacks on space systems are getting lower every year, raising the prospect that hacktivists or lone hackers might get in on the act, warned Col. Mitchell.

“With the future threat, I think the past might be prologue, and we may be looking at an Anonymous-like organization that decides to start attacking in space,” she said.