Acronis: The right cyber resilience can thwart damaging cyber attacks on Middle East space sector

With countries in the affluent and hydrocarbon-rich Arabian Gulf region initiating and stepping up space programmes at breakneck speed their burgeoning space ambitions are becoming increasingly susceptible to cyber attacks launched by cross-border cybercriminals, dark web-based criminal organisations and even nation states.

This is a wakeup call delivered by two globally renowned cybersecurity, counter-terrorism and counterintelligence experts participating in an online event hosted by Acronis for the global launch of the all-new Acronis Advanced Security + Endpoint Detection & Response (EDR) solution for Managed Service Providers (MSPs).

Over the past few years member states of the Gulf Cooperation Council (GCC) – the Arabian Gulf’s regional, intergovernmental, political, and economic bloc – have set up national space agencies tasked with furthering space-based commercial and non-commercial services and space exploration programmes in collaboration, principally with NASA, the European Space Agency (ESA), Japan Aerospace Exploration Agency (JAXA), and private space technology leaders, including SpaceX, Axiom Space, Blue Origin, and ispace, to name a few.

Of the six GCC member countries, comprising Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates (UAE), both, the UAE and Saudi Arabia have active human-spaceflight programmes, with both of the neighbouring nations creating history as being the only Arab states to send male and female astronauts to the International Space Station (ISS) as it orbits 408km above Earth.

3 Arabs in space at the same time

Saudi astronauts Ali Alqarni and Rayyanah Barnawi are currently aboard the ISS, serving as mission specialists on a privately funded Axiom Space (Ax-2) mission, where they are joined with Emirati astronaut Sultan Alneyadi.

The UAE also has the distinction of being the sole Arab state to send an autonomous probe, named Hope, to study Mars from an orbital perspective.

Apart from the Emirati, Saudi, Omani and Bahraini space agencies playing a lead role in the regional space industry a number of for-profit space startups have also mushroomed in the region, while universities, including Abu Dhabi-based Khalifa University, are also sending their students’ science experiments to space, aboard cubesats, or for experimentation aboard the International Space Station itself.

In terms of communication, navigation, weather forecasting, defence, scientific research, exploration, and Earth observation satellites the space sector plays a crucial and growing role in the daily lives of individuals, businesses and government across the GCC region.

Regional space front-runner

Dubai-based Mohammed Bin Rashid Space Centre has the most robust space programme in the GCC region, with several ongoing missions and projects to its name; including: UAE astronaut corps, Mars 2117, Emirates Lunar Mission, Emirates Mars Mission, and a satellite ecosystem that includes the DubaiSat-1, DubaiSat-2, Nayif-1, KhalifaSat, and MBZ-Sat satellite assets.

With the steadily expanding space sector in the GCC region, cyber attackers’ techniques are evolving to become more innovative, with significant consequences for civil and military users in the form of compromising the software in ground systems and stealing sensitive data, to jamming satellite signals and even hacking orbiting satellites.

How to hack a satellite

The relative ease with which it is easy to commander an in-orbit satellite is demonstrated by an ethical hacker who noted that he would first use popular open-source intelligence-gathering techniques (Google, Facebook, Instagram, LinkedIn, etc.) to seek out key personnel with direct access to privileged systems at a satellite ground station.

Next, he would target the individual with a spear phishing campaign via email and social media in order to trick the person into inadvertently providing access to their workstation and then onto satellite control systems. The compromised platforms could then be accessed to control the satellite or gain access to sensitive data.

European Union advisory

According to the European Union Agency for Cybersecurity (ENISA), because of the intersections between private and public infrastructure in space, attackers can gain initial access to space-based infrastructure by either targeting the private actors, government agencies or the individuals interacting with the infrastructure.

As governments and societies largely depend on satellites (e.g. GPS), state-sponsored attackers and hackers-for-hire will try to get initial access to hardware through supply-chain attacks and use techniques to maintain their presence within the space infrastructure – including base stations.

Base stations are transceivers that connect satellites to a central terrestrial hub that connects the satellite to a network. They are a key element that attackers will target with denial-of-service attacks to disrupt critical military and civilian systems. Attackers will use available techniques to evade defence and detection mechanisms but remain dormant until they execute their exploit strategically, e.g. during a conflict as a mean for hybrid-warfare.

ENISA has also reported that space-based infrastructure and objects are among the top 10 cybersecurity threats (6^th position), likely to emerge by 2030.

‘Expect attacks’

According to Candid Wüest, Vice President of Research, Acronis, “You have to expect that you will get attacked. It does not matter which sector you are in [space industry included] you will be targeted. And, with space-based programmes having valuable IPs we will continue to see more attacks targeting the space sector as well.”

Following the famous ‘If you fail to plan, you plan to fail’ one-liner attributed to Benjamin Franklin, Wüest cautioned the Arabian Gulf region’s space sector, comprising both governmental and non-governmental players, to “increase cyber resilience, especially email security, as so many attacks emanate from there [email”.

Key cyber resilience measures include “multi-factor authentication, supported by EDR”, said Wüest, noting that EDR is especially important as it steadfastly monitors an individual’s cyberspace activity in an organisation and is capable of immediately stopping a threat actor from surreptitiously conducing an attack.

Robust EDR to the rescue

While stressing that both the UAE and Saudi Arabia have and are consistently being targeted with all manner of cyber attacks across various sectors, space included, Eric O’Neill, former American FBI counter-terrorism and counterintelligence operative and guest panellist at the Acronis online event reiterated that “good cyber defence must include all good practices; such as EDR, which is capable of leveraging zero-trust and segmenting of data”, because attacks invariably target systems that are not protected by EDR.

In particular, said O’Neill: “Ensure that if one person has access to data, they have access to only one account; data segmentation should be done. Every single person in an organisation should not have access to everything [data].”

‘Need to know’ basis

Continuing his advice for space industry entities, and referring to the “counter-intelligence tactics” that he used when he was “undercover for the FBI”, O’Neill added: “Ensure you are operating on a ‘need to know’ basis. Employees in a space agency or a space company should only have access to the data they need. That way, if there is a breach, one can tell if it was a spy from the inside or whether it was a spy from the outside, with the need to shut down the breach and minimise the damage as fast as possible.”

It is not possible to “train people enough to thwart threats. You can only do this with technology. You have to deploy technology [Acronis Advanced Security + Endpoint Detection & Response] throughout your network for every endpoint, and looking at the cloud in order to find the attacker when they inevitably get a foot in the door”, said O’Neill.

Acronis is a leading global provider of data protection and cybersecurity solutions for MSPs, with its corporate headquarters in Schaffhausen, Switzerland, and global headquarters in Singapore.

Last Updated on 1 year by Arnold Pinto