2020 Predictions: IoT Satellites Spark Cybersecurity Worries

The global positioning system has changed society since the launch of the first satellite, Sputnik 1, in 1957. From informing ship navigation to keeping “smart” weapons on track, the technology has myriad applications. A relatively small number of GPS satellites, flying in a medium earth orbit some 12,550 miles away, play an especially important role in society. 

In recent years, there has been a proliferation of satellites nearer to the earth. One example is the so-called CubeSat, which flies in low-earth orbit, which ranges from roughly 110 to 1,200 miles up. 

“I think cheap satellites are going to create some real security problems,” said Andrew Howard, chief executive officer of Kudelski Security. 

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

The availability of inexpensive satellites could open up a number of security risks in a manner similar to drones. At one point, drones or unmanned aerial vehicles were used primarily for military applications. But as smaller and less expensive drones became available to the public, so have the number of problems of civilian drones popping up near airports, national parks and stadiums, and interfering with firefighting efforts.

The proliferation of inexpensive satellites could open up a similar can of worms. “I see there being huge security problems created from spying to privacy [concerns] to their being taken over,” said Andrew Howard, chief executive officer at Kudelski Security.

Several vendors have popped up positioning IoT satellites as a means of providing connectivity to remote geographies not served by cellular or other types of connectivity. 

Cybersecurity problems related to traditional GPS satellites are also a worry, said Bill Malik, vice president of infrastructure technologies at Trend Micro. Earlier this year, Malik gave a presentation at RSA, stating that such satellites suffer from similar vulnerabilities as networked industrial control systems and other IoT devices. In 2018, his colleague, Craig Gibson, who is Trend Micro’s principal threat defense architect, penned a blog post titled “Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G.” 

In July, the research paper “Cybersecurity of NATO’s Space-based Strategic Assets” also warned of the importance of carefully investigating the cybersecurity vulnerabilities of satellites for NATO’s operations. 

In general, there is a growing awareness of the role that satellites play in society. “People are becoming aware of [GPS satellites]. They’re a crucial element in the supply chain in the physical world,” Malik said. 

Routine supply chain operations such as trucks moving containers into ports depend on GPS satellites, as do ships. 

Malik is less concerned that satellite security worries will have a significant impact on 5G. While companies such as Amazon have plans to put 5G-capable satellites into space, the role satellites will play in enabling the type of blazing-fast, ultra-low-latency networks 5G is famous for is unclear. “I don’t see it, simply because of the distance problem,” Malik said. “Satellites have to orbit a couple of hundred miles up to avoid burning up, and if you’re in a near-Earth orbit, that means you’re either moving very fast or else you’re in an eccentric orbit you’re only close for a few minutes at a time.” 

Even with a satellite positioned 200 miles above the earth, distance is a problem. In a single millisecond, light travels miles. “One of the criteria for 5G is that your latency — your total response time — is under one millisecond,” Malik said. “So you don’t have enough time to get to the satellite and back, even if there’s no processing at all to stay under that threshold.”