Part 2 of 2 Parts (Please read Part 1 first)
In 1998, hackers grabbed control of a German and U.S. ROSAT X-ray satellite. This was achieved by first hacking into the Goddard Space Flight Center in Maryland. The hackers then sent commands to the satellite to aim its solar panels directly at the Sun. This destroyed the batteries on the satellite and ended its operational life. The dead satellite fell back to Earth in 2011. It is also possible for hackers to take control of a satellite and hold it hostage. This happened to the SkyNet satellites in the U.K. in 1999.
As time has passed, the potential threat of cyberattacks on satellites has increased. In 2008, it was been reported that hackers who may have been in China at the time took over control of two NASA satellites. One satellite was under their control for two minutes and the other satellite was under their control for nine minutes. In 2018, Chinese hackers backed by the Chinese government reportedly launched a very sophisticated hacking campaign which was aimed at satellite operators and defense contractors. Iranian hacking groups have been accused to trying the same sort of hacks.
The U.S. Department of Defense and National Security Agency have made attempt to address the problem of space cybersecurity. However, critics have said that the government is moving too slowly. There are no cybersecurity standards for satellites. Even if they did exist, there is no governing body to regulate and ensure their implementation. Currently this results in the responsibility for satellite cybersecurity being borne by the companies that build and operate satellites.
Some critics of the current situation have called for stronger involvement of the federal government in the development, implementation and regulation of cybersecurity standards for satellites and other space assets. One approach would be to have Congress work on the development of a comprehensive regulatory framework for the private space industry. They could write and pass legislation that would require satellite manufacturers to develop a common cybersecurity architecture.
Congress could also require all owners and operators of satellites to report every single cybersecurity breach for any of their satellites. It is also important and necessary to identify which satellite systems and constellations are critical to the security of the U.S. There must be clear legal guidance on who should shoulder responsibility for cyberattacks on satellites. This will help ensure that those parties who have been identified as responsible take the required measures to secure these critical satellites.
It can be very difficult to motivate Congress to deal with important national issues. It may be necessary to involve multiple stakeholders in public-private cooperation to move forward on cybersecurity standards. Whatever actions are ultimately taken by government or the private space industry, something must be done as soon as possible. Analysts say that it would be a huge mistake to wait until hackers seize control of a commercial satellite and use that control to threaten life, limb or property before any action is taken to prevent such circumstance for coming to pass.
One thing is certain. If hackers cause major problems with satellites, there will be immediate calls for actions to prevent future occurrences. There will also be demands for explanations of why such actions were not taken before disaster struck. I believe that there will be no good excuse offered for why such a problem was ignored before it was too late.