Satellites have supported global communications for over half a century but today they face unprecedented levels of cyber risk, with the likelihood of satellites being hacked or manipulated by malicious actors having increased significantly.

Currently, cellular telephony (which is described as TN – terrestrial Network) operates independent of major satellite constellations (except for the rare case where the tower site (BTS/Node B/eNB/gNB) is located at a remote site and the only means of mobile backhaul is via VSAT).

Cyberattacks will get another push when Terrestrial Networks (TN) get integrated with Non-Terrestrial Networks (NTN), which is deemed to happen as part of 5G-Advanced, while the unification of TN and NTN is proposed in 6G. NTN consists of not only satellites (GEO/MEO/LEO) but also HAPS (High Altitude Platform Station) – a term used by ITU to describe low flying objects like solar-power planes, hot-air balloons, UAV (Unmanned Aerial Vehicles, also known as drone planes), etc, which typically fly at an altitude of 20-50km for provision of broadband in emergency or disaster recovery cases. 3GPP Release 17 laid the foundation for NTN requirements, with Releases 18 and 19 providing further detail. With TN-NTN integration, satellites will become more accessible—and more exposed to attack.

Researchers categorize NTN cyber risks into 3 main areas:

#1 Satellite to Satellite Links

Important security requirements in these links include data confidentiality and integrity, key management, and authentication and access control. The difference in altitude and mobility among satellites in the three layers, i.e., GEO, MEO, and LEO, make some of the encryption techniques more challenging, mainly due to complexity in key distribution. Asymmetric key cryptographic protocols require a universally trusted third party to issue, maintain, revoke, and manage certificates. There are also threats of direct security attacks such as jamming attacks, DoS attacks, spoofing attacks, etc. Jamming attacks introduce interference in communication channels to cause unavailability of communication channels between legitimate users. With the integration of TN-NTN networks, the attack permutations will further diversify to LEO-GEO, GEO-MEO and MEO-LEO, in addition to within the orbit attacks.

#2 Satellite to User Equipment

With the integration of TN-NTN networks, a large range of user equipment will be communicating with satellites, like a stationary user on ground, a passenger travelling in a plane, a marine employee travelling in a ship, a student travelling in a bullet train on ground, a communications device installed in the cargo ship, etc. HAPs, UAVs, and terminals in the sea will have different requirements than those of normal smartphones. Frequent handovers between satellites in different orbits (hence difference latencies) will further complicate the whole scenario.

#3 User to Satellite Links

The most vulnerable link, as the hackers will have direct access to the satellites. While satellite phone users number in the millions, mobile users exceed seven billion – expanding the attack surface dramatically. Threats include DoS attacks, jamming, signaling storms, resource theft, configuration attacks, scanning attacks, privacy challenges, and many more.

Vital Cybersecurity Actions

Ensuring cybersecurity in satellite communications requires a multi-layered approach:

1. Encryption and Secure Protocols
   • Most of the communication is already encrypted but satellite phones use proprietary techniques like GMR-1 and GMR-2 where research groups have demonstrated that they can be cracked. Stronger protocols such as AES-256 are needed.
2. Access Control and Authentication
   • Strict authentication mechanisms for ground stations, satellites, and users prevent unauthorized access.
   • Multi-factor authentication (MFA) and role-based access control (RBAC) ensure only authorized personnel can issue commands or access sensitive data.
3. Anti-jamming and Authentication:
   • Anti-jamming technologies, such as frequency hopping and spread spectrum techniques, make it harder for attackers to interfere with satellite signals.
   • Signal authentication techniques detect and reject spoofed signals.
4. Continuous Monitoring via AI:
   • Continuous monitoring of satellite telemetry and ground station networks can identify unusual patterns or anomalies indicative of cyberattacks.
   • AI and machine learning algorithms are increasingly used to predict, detect, and respond to threats in real time.
5. Employing End-to-End Security
   • Rigorous validation of software updates and hardware components is essential to prevent the introduction of malicious code.
   • Collaboration with trusted vendors and adherence to industry standards enhance security across the supply chain.

Summary

The integration of terrestrial and non-terrestrial networks marks a new era for global communications but also introduces significant cybersecurity challenges. As dependence on satellite services grows, prioritizing cybersecurity is essential to ensure resilience, trust, and continuity in the connected world.