1 00:00:03,200 --> 00:00:06,240 Speaker 1: Hi, it's Weskasova. We're taking a break this week, so 2 00:00:06,280 --> 00:00:09,040 Speaker 1: here's one of our favorite episodes you might have missed 3 00:00:09,480 --> 00:00:14,160 Speaker 1: and an update. Since this episode aired, the US is 4 00:00:14,240 --> 00:00:18,239 Speaker 1: now trying some creative ways to defend satellites from hackers. 5 00:00:19,160 --> 00:00:22,080 Speaker 1: In August, the US Air Force and US Space Force 6 00:00:22,120 --> 00:00:26,320 Speaker 1: hosted a cash prize competition at the Defcon hacking conference. 7 00:00:27,160 --> 00:00:30,479 Speaker 1: Teams tried to hack a live satellite in orbit for 8 00:00:30,560 --> 00:00:34,199 Speaker 1: the first time. The winner was a team from Italy. 9 00:00:40,800 --> 00:00:43,040 Speaker 2: I was able to see the sort of traffic people 10 00:00:43,040 --> 00:00:47,000 Speaker 2: were sending over their satellite Internet connections, so stuff like 11 00:00:47,159 --> 00:00:49,480 Speaker 2: text messages from people who were using in flight Wi 12 00:00:49,479 --> 00:00:52,400 Speaker 2: Fi services, or things like passengers on cruise ships when 13 00:00:52,440 --> 00:00:55,240 Speaker 2: they were making payments at point of sale systems. Also 14 00:00:55,280 --> 00:00:58,640 Speaker 2: a lot of like passport numbers, really concerning data to 15 00:00:58,680 --> 00:00:59,959 Speaker 2: be getting in clear text. 16 00:01:04,080 --> 00:01:10,600 Speaker 1: From Bloomberg News and iHeartRadio. It's the big take. I'm 17 00:01:10,600 --> 00:01:25,120 Speaker 1: west Kosova today. The latest target for hackers satellites. Thousands 18 00:01:25,120 --> 00:01:28,640 Speaker 1: of satellites circling high above our heads make it possible 19 00:01:28,720 --> 00:01:31,280 Speaker 1: to do many of the things we take for granted 20 00:01:31,480 --> 00:01:34,480 Speaker 1: every day. When you send it text, find your way 21 00:01:34,480 --> 00:01:37,640 Speaker 1: with Google Maps, use your credit card. Even check the 22 00:01:37,760 --> 00:01:41,080 Speaker 1: time on your phone, Chances are some bit of your 23 00:01:41,120 --> 00:01:44,279 Speaker 1: info was beamed up to a satellite from one place 24 00:01:44,640 --> 00:01:48,240 Speaker 1: and beamed back down instantly to where it needed to go. 25 00:01:49,040 --> 00:01:54,120 Speaker 1: The downside to this invisible miracle of technology, satellite systems 26 00:01:54,240 --> 00:01:57,760 Speaker 1: aren't always as secure as they should be, and this 27 00:01:57,880 --> 00:02:01,600 Speaker 1: means they can be easy targets forers looking to steal 28 00:02:01,680 --> 00:02:06,080 Speaker 1: information for profit, or governments looking to steal secrets or 29 00:02:06,160 --> 00:02:09,160 Speaker 1: cripple the communications systems of their rivals. 30 00:02:09,680 --> 00:02:11,960 Speaker 3: What's so extraordinary is it seems that the Russians, if 31 00:02:12,000 --> 00:02:15,280 Speaker 3: it were them, were prepared to take extraordinary risks because 32 00:02:15,720 --> 00:02:18,720 Speaker 3: they were aiming for the Ukrainian military. 33 00:02:19,200 --> 00:02:23,560 Speaker 1: That's my Bloomberg colleague Katrina Manson. She investigated a real 34 00:02:23,600 --> 00:02:27,160 Speaker 1: life example of this, a mysterious satellite hack on the 35 00:02:27,320 --> 00:02:30,720 Speaker 1: day Russia invaded Ukraine, and she joins me now to 36 00:02:30,800 --> 00:02:35,680 Speaker 1: tell us what she found. Katrina, can you start by 37 00:02:36,120 --> 00:02:41,960 Speaker 1: describing the satellite hack that happened in February of twenty 38 00:02:42,000 --> 00:02:43,799 Speaker 1: twenty two, just a little over a year. 39 00:02:43,560 --> 00:02:47,320 Speaker 3: Ago, as Vladimir Putin was saying he was launching a 40 00:02:47,400 --> 00:02:53,840 Speaker 3: special military operation on Ukraine. Ukrainian military communication connections that 41 00:02:53,919 --> 00:02:56,919 Speaker 3: rely on modems that link up to a satellite were 42 00:02:56,919 --> 00:03:01,079 Speaker 3: going dead, and it turned out the like communications were 43 00:03:01,080 --> 00:03:06,520 Speaker 3: going dead across Europe. These are all broadband Internet connections 44 00:03:06,600 --> 00:03:10,880 Speaker 3: that rely on one single satellite, and it provides satellite 45 00:03:10,919 --> 00:03:15,600 Speaker 3: connections to more than one hundred thousand users across Europe. 46 00:03:15,960 --> 00:03:19,040 Speaker 3: But specifically, the thing that mattered so much to the 47 00:03:19,120 --> 00:03:24,040 Speaker 3: Ukrainian military. So imagine military are often in frontline positions 48 00:03:24,080 --> 00:03:26,840 Speaker 3: in remote locations where they can't get Internet the usual 49 00:03:26,840 --> 00:03:30,400 Speaker 3: way you would through a static connection. This allows you 50 00:03:30,480 --> 00:03:34,119 Speaker 3: to dial up essentially to connect to a satellite more 51 00:03:34,160 --> 00:03:38,080 Speaker 3: than twenty thousand miles up in space, and that's how 52 00:03:38,080 --> 00:03:40,720 Speaker 3: you get your Internet connection. And that's what went dead 53 00:03:41,240 --> 00:03:44,920 Speaker 3: across Ukraine and Europe. Now, this satellite is owned by 54 00:03:44,960 --> 00:03:49,600 Speaker 3: a company named Viasat, that's a US company based in California, 55 00:03:50,000 --> 00:03:54,080 Speaker 3: so a continent away. Users who rely on that satellite, 56 00:03:54,240 --> 00:03:56,560 Speaker 3: their connections started going dead. 57 00:03:58,080 --> 00:04:01,480 Speaker 1: So when that happened, what actually was happening? Why were 58 00:04:01,560 --> 00:04:02,840 Speaker 1: these connections going dead? 59 00:04:03,440 --> 00:04:06,880 Speaker 3: After a lot of research and forensic analysis and all 60 00:04:06,920 --> 00:04:08,880 Speaker 3: the things that people have to do to what's called 61 00:04:08,920 --> 00:04:11,560 Speaker 3: reverse engineer a hack like this, and it turns out 62 00:04:11,600 --> 00:04:15,680 Speaker 3: to have been a very complicated hack attackers breached what's 63 00:04:15,720 --> 00:04:18,520 Speaker 3: called a VPN, a virtual private network that's an entry 64 00:04:18,560 --> 00:04:21,120 Speaker 3: point into a network that is meant to be secured. 65 00:04:21,520 --> 00:04:24,560 Speaker 3: It wasn't. There was what's called a misconfiguration. We don't 66 00:04:24,560 --> 00:04:27,320 Speaker 3: have much more information about that. They got into the 67 00:04:27,360 --> 00:04:30,719 Speaker 3: network and then they moved across the network again, another 68 00:04:30,800 --> 00:04:33,719 Speaker 3: thing they shouldn't be able to do. There should be doors, 69 00:04:33,760 --> 00:04:36,560 Speaker 3: as it were, fire doors preventing you from making the 70 00:04:36,600 --> 00:04:40,719 Speaker 3: next move. They get to a network management server that's 71 00:04:40,880 --> 00:04:45,040 Speaker 3: essentially something that controls the flow of information. They put 72 00:04:45,080 --> 00:04:50,120 Speaker 3: in a malicious software toolkit that's basically the bad instruction, 73 00:04:50,360 --> 00:04:54,240 Speaker 3: and then that bad instruction is sent to modems across 74 00:04:54,400 --> 00:04:59,400 Speaker 3: Ukraine and Europe and it wipes the modems. It overwrites 75 00:04:59,480 --> 00:05:01,880 Speaker 3: a part of the modem which is used for memory, 76 00:05:02,480 --> 00:05:04,880 Speaker 3: and the modems are no longer operable, they can no 77 00:05:04,960 --> 00:05:07,919 Speaker 3: longer make that connection to the satellite. The rest of 78 00:05:07,920 --> 00:05:11,479 Speaker 3: the system get online. So essentially a piece of malware 79 00:05:11,560 --> 00:05:14,600 Speaker 3: was distributed throughout the network and it fried the modems. 80 00:05:14,920 --> 00:05:18,680 Speaker 3: It's a really extraordinary attack because people connect to the 81 00:05:18,720 --> 00:05:21,720 Speaker 3: Internet through the satellite just via your home modem. That's 82 00:05:21,760 --> 00:05:24,600 Speaker 3: the same thing that gets the Internet signal into your 83 00:05:24,600 --> 00:05:26,880 Speaker 3: house and then it's often distributed through a router so 84 00:05:26,960 --> 00:05:30,320 Speaker 3: you can connect via Wi Fi. That was the ultimate 85 00:05:30,400 --> 00:05:33,880 Speaker 3: target of the attack. So more than forty five thousand 86 00:05:33,920 --> 00:05:39,120 Speaker 3: modems that connected this satellite system effectively were wiped and 87 00:05:39,320 --> 00:05:41,239 Speaker 3: when they were wiped, they couldn't make the connection. 88 00:05:41,880 --> 00:05:45,400 Speaker 1: So they determined that this was a hack. Do they 89 00:05:45,440 --> 00:05:46,800 Speaker 1: know who did the hacking? 90 00:05:47,360 --> 00:05:50,920 Speaker 3: Well, interestingly, Viasat, the company that owned the satellite, and 91 00:05:50,960 --> 00:05:54,039 Speaker 3: its partner, you tell Sat, that's a French company that 92 00:05:54,520 --> 00:05:58,039 Speaker 3: ran the network in partnership with Viasat, have never said 93 00:05:58,320 --> 00:06:01,880 Speaker 3: They have only ever said attackers. When I press them, 94 00:06:02,360 --> 00:06:05,760 Speaker 3: they explain that they are quite cagy in order to 95 00:06:05,800 --> 00:06:10,320 Speaker 3: preserve the network. What did happen is it fell to countries. 96 00:06:10,360 --> 00:06:13,200 Speaker 3: It fell to the European Union, to the US, to 97 00:06:13,240 --> 00:06:17,440 Speaker 3: the UK, Australia and Canada to blame Russia. 98 00:06:18,400 --> 00:06:21,680 Speaker 1: On what basis did they blame Russia for being responsible 99 00:06:21,720 --> 00:06:22,440 Speaker 1: for this attack? 100 00:06:23,080 --> 00:06:26,320 Speaker 3: US intelligence spent something like four weeks looking into this attack. 101 00:06:26,640 --> 00:06:30,200 Speaker 3: At the moment that the attack happened, Viasat told defense 102 00:06:30,279 --> 00:06:33,080 Speaker 3: contractors and the US government through a specific way that 103 00:06:33,120 --> 00:06:37,520 Speaker 3: they share information because that same satellite that provides your 104 00:06:37,560 --> 00:06:40,800 Speaker 3: average Internet for users at home who just want to 105 00:06:41,160 --> 00:06:44,440 Speaker 3: stream movies or just go on the Internet. That same 106 00:06:44,480 --> 00:06:48,520 Speaker 3: satellite also provides sensitive government services. It's a different part 107 00:06:48,520 --> 00:06:52,320 Speaker 3: of the satellite. But Viasat immediately informed its government partners, 108 00:06:52,760 --> 00:06:56,359 Speaker 3: and the US launched an intelligence investigation into what had happened, 109 00:06:56,880 --> 00:07:00,480 Speaker 3: So did intelligence services in France and the UK, and 110 00:07:00,560 --> 00:07:04,640 Speaker 3: after four weeks US intelligence determined that the GRU were 111 00:07:04,680 --> 00:07:09,159 Speaker 3: the attackers. The GRU is a Russian military intelligence unit 112 00:07:09,240 --> 00:07:11,840 Speaker 3: that has acquired quite a reputation for hacking. 113 00:07:12,360 --> 00:07:14,280 Speaker 1: Do they say with certainty that it was the Russians 114 00:07:14,320 --> 00:07:17,080 Speaker 1: or they just suspected? How were they able to determine 115 00:07:17,120 --> 00:07:18,920 Speaker 1: that it was actually the GRU. 116 00:07:19,520 --> 00:07:22,520 Speaker 3: They haven't said much about that, and in fact, in 117 00:07:22,560 --> 00:07:26,760 Speaker 3: the public attribution, I think it's only one country, Estonia, 118 00:07:27,000 --> 00:07:30,440 Speaker 3: that has ever publicly labeled it as the GRU. So 119 00:07:30,600 --> 00:07:34,520 Speaker 3: all of these assessments have stayed private. But the EU 120 00:07:34,760 --> 00:07:39,800 Speaker 3: blamed clearly Russia. Others blamed Russian military hackers. So there's 121 00:07:39,920 --> 00:07:42,560 Speaker 3: a range of public attribution, but the private work of 122 00:07:42,560 --> 00:07:45,880 Speaker 3: the intelligence community is not something that anyone's made public. 123 00:07:46,360 --> 00:07:50,480 Speaker 1: And I imagine that the Russians take exception to this conclusion. 124 00:07:50,960 --> 00:07:54,800 Speaker 3: I did speak to the Russian embassy in Washington, DC, 125 00:07:55,360 --> 00:07:58,120 Speaker 3: and the statement they sent me I think said, this 126 00:07:58,160 --> 00:07:59,120 Speaker 3: is total nonsense. 127 00:08:00,600 --> 00:08:04,560 Speaker 1: Internet users who were customers of this satellite had their 128 00:08:04,680 --> 00:08:08,240 Speaker 1: Internet knocked out, but they weren't really the target of 129 00:08:08,320 --> 00:08:09,680 Speaker 1: this hack, is there, right? 130 00:08:10,200 --> 00:08:10,400 Speaker 2: Yeah. 131 00:08:10,400 --> 00:08:12,640 Speaker 3: What's so extraordinary is it seems that the Russians, if 132 00:08:12,680 --> 00:08:15,960 Speaker 3: it were them, were prepared to take extraordinary risks because 133 00:08:16,400 --> 00:08:21,120 Speaker 3: they were aiming for the Ukrainian military communications and that's 134 00:08:21,160 --> 00:08:24,520 Speaker 3: what was knocked out. But there was what's called overspill. 135 00:08:24,720 --> 00:08:27,240 Speaker 3: So I'm told that they knew that the attack that 136 00:08:27,280 --> 00:08:31,240 Speaker 3: they pursued would affect other countries. And not only did 137 00:08:31,320 --> 00:08:34,880 Speaker 3: it affect other countries, they were NATO countries. And it 138 00:08:35,040 --> 00:08:38,720 Speaker 3: wasn't just people sitting at home. It was critical infrastructure. 139 00:08:38,800 --> 00:08:43,600 Speaker 3: So five eight hundred systems that monitor wind turbines in 140 00:08:43,679 --> 00:08:47,319 Speaker 3: Germany and across Europe, those monitoring systems were knocked out. 141 00:08:47,360 --> 00:08:50,760 Speaker 3: That counts as critical infrastructure, which is protected, and the 142 00:08:50,840 --> 00:08:53,520 Speaker 3: other is just sitting at home being on internet. Internet 143 00:08:53,559 --> 00:08:57,640 Speaker 3: communications are considered critical infrastructure. All of that is significant 144 00:08:57,720 --> 00:09:00,320 Speaker 3: because it raises the question of whether NATO had any 145 00:09:00,760 --> 00:09:05,920 Speaker 3: responsibility or potential to respond. Article five, which is that 146 00:09:06,280 --> 00:09:09,120 Speaker 3: mutual defense clause. The idea that if one is attacked, 147 00:09:09,440 --> 00:09:13,120 Speaker 3: everyone is attacked and you can respond has been very 148 00:09:13,280 --> 00:09:17,000 Speaker 3: clearly expanded to include cyber No one's ever acted on 149 00:09:17,080 --> 00:09:19,959 Speaker 3: that yet, but of course there was potential for NATO 150 00:09:20,040 --> 00:09:21,880 Speaker 3: to say, we too have been attacked. 151 00:09:22,640 --> 00:09:25,400 Speaker 1: What was the fallout, what eventually happened, How did they 152 00:09:25,559 --> 00:09:27,840 Speaker 1: or did they fix the problem? 153 00:09:28,240 --> 00:09:30,320 Speaker 3: They ended up having to send out more than forty 154 00:09:30,360 --> 00:09:33,720 Speaker 3: five thousand modems and this took weeks. They say that 155 00:09:33,800 --> 00:09:38,200 Speaker 3: they prioritized getting modems to Ukrainian distributors, so that was 156 00:09:38,240 --> 00:09:40,640 Speaker 3: their main effort. And then I think the other thing 157 00:09:40,679 --> 00:09:44,800 Speaker 3: that's really interesting is the US led a quiet diplomatic 158 00:09:44,880 --> 00:09:48,160 Speaker 3: campaign over the course of six weeks. Once they got 159 00:09:48,200 --> 00:09:52,400 Speaker 3: that internal decision or assessment that it was the gru 160 00:09:52,520 --> 00:09:56,120 Speaker 3: the Russians military hackers who were responsible for this, they 161 00:09:56,160 --> 00:09:58,240 Speaker 3: tried to convince the European Union that this was the 162 00:09:58,280 --> 00:10:01,280 Speaker 3: case as well. They shared tech nical information, and then 163 00:10:01,280 --> 00:10:04,480 Speaker 3: they went above and beyond and shared additional intelligence information 164 00:10:04,800 --> 00:10:07,960 Speaker 3: with two key members of the European Union who were 165 00:10:08,000 --> 00:10:12,120 Speaker 3: also the biggest victims of this attack outside of Ukraine, 166 00:10:12,160 --> 00:10:16,720 Speaker 3: France and Germany. And that is so important because they 167 00:10:16,760 --> 00:10:20,040 Speaker 3: are also the most influential members of the European Union, 168 00:10:20,280 --> 00:10:23,440 Speaker 3: and they have also historically been very reluctant to blame 169 00:10:23,600 --> 00:10:26,599 Speaker 3: anyone for attacks in public, even if they reach that 170 00:10:26,679 --> 00:10:31,640 Speaker 3: same assessment in private. They don't tend to attribute attacks 171 00:10:31,720 --> 00:10:34,520 Speaker 3: because of two main reasons. Really. One, you can make 172 00:10:34,559 --> 00:10:39,000 Speaker 3: things worse, you can incite attacks against yourself, and you 173 00:10:39,000 --> 00:10:41,679 Speaker 3: could be wrong. It's quite difficult to do attribution, and 174 00:10:42,120 --> 00:10:45,040 Speaker 3: a lad a third. Germany in particular was navigating very 175 00:10:45,080 --> 00:10:48,320 Speaker 3: complex relations with Russia right at the start of that 176 00:10:48,440 --> 00:10:52,120 Speaker 3: invasion because it took them so much by surprise, and 177 00:10:52,200 --> 00:10:55,160 Speaker 3: figuring out what their response would be of course changes 178 00:10:55,160 --> 00:10:56,360 Speaker 3: the rest of European history. 179 00:10:57,760 --> 00:11:01,400 Speaker 1: In the end, did the ledged target of this attack? 180 00:11:01,440 --> 00:11:04,600 Speaker 1: The Ukrainian military suffer big setbacks in the early days 181 00:11:04,600 --> 00:11:06,880 Speaker 1: of the war because of this. Was it successful in 182 00:11:06,920 --> 00:11:08,120 Speaker 1: carrying out what it was trying to do. 183 00:11:08,960 --> 00:11:12,600 Speaker 3: One senior Ukrainian cyber official said, they suffered a really 184 00:11:12,679 --> 00:11:15,080 Speaker 3: huge loss in communications at the start of the war. 185 00:11:15,559 --> 00:11:18,080 Speaker 3: That's pretty much the most they've ever put on record 186 00:11:18,120 --> 00:11:21,760 Speaker 3: about this. My understanding is that two main things were affected. 187 00:11:22,160 --> 00:11:25,320 Speaker 3: Military communications, command and control, your ability to reach your 188 00:11:25,360 --> 00:11:29,199 Speaker 3: frontline troops and say move your troops here. Really really 189 00:11:29,200 --> 00:11:33,040 Speaker 3: matters at the start of any invasion, and particularly this invasion, 190 00:11:33,080 --> 00:11:35,600 Speaker 3: which as we know now, the Russians were intending to 191 00:11:35,640 --> 00:11:38,080 Speaker 3: take the capital within three days. This was intended to 192 00:11:38,080 --> 00:11:41,640 Speaker 3: be a blitzqueak, So disabling satellite communications and the ability 193 00:11:41,679 --> 00:11:44,600 Speaker 3: for the military to move around and respond was an 194 00:11:44,640 --> 00:11:48,360 Speaker 3: attempt to stave off any counterattacked by the Ukrainians. Ultimately 195 00:11:48,400 --> 00:11:50,719 Speaker 3: it did not work, but that was what I'm told 196 00:11:50,760 --> 00:11:53,720 Speaker 3: as the intention. The other thing is the drones for 197 00:11:54,000 --> 00:11:58,559 Speaker 3: espionage for tracking, where the Russians are rely on satellite Internet, 198 00:11:58,600 --> 00:12:01,520 Speaker 3: and I'm told that it affected that as well. I 199 00:12:01,559 --> 00:12:04,400 Speaker 3: think what's interesting about this is the Ukrainians were able 200 00:12:04,440 --> 00:12:07,360 Speaker 3: to come back very very quickly, essentially because of a 201 00:12:07,400 --> 00:12:10,960 Speaker 3: tweet to Elon Musk and saying can we please have Starlink. 202 00:12:11,520 --> 00:12:15,200 Speaker 3: Starlink is the satellite system owned by SpaceX, that's Elon 203 00:12:15,280 --> 00:12:20,000 Speaker 3: Musk SpaceX that provides equivalent satellite Internet. It works in 204 00:12:20,040 --> 00:12:23,800 Speaker 3: low Earth orbits, so it has multiple thousands in fact 205 00:12:23,840 --> 00:12:26,840 Speaker 3: of satellites circulating the Earth, so it's harder to take 206 00:12:26,880 --> 00:12:30,160 Speaker 3: out a single satellite, whereas the Viasat system relied on 207 00:12:30,200 --> 00:12:34,280 Speaker 3: a geostationary satellite much higher up than just that one 208 00:12:34,360 --> 00:12:39,360 Speaker 3: single satellite. VIASAC continues to face threats against this network. 209 00:12:39,440 --> 00:12:43,200 Speaker 3: They told me they face ongoing and dynamic threats even 210 00:12:43,280 --> 00:12:46,679 Speaker 3: up to today. So although nothing has been successful at 211 00:12:46,679 --> 00:12:49,800 Speaker 3: all in the way that that February attack was last year, 212 00:12:50,160 --> 00:12:52,160 Speaker 3: it certainly could conceptually happen again. 213 00:12:52,880 --> 00:13:04,880 Speaker 1: Our conversation continues after the break Katrina, what are governments 214 00:13:05,000 --> 00:13:08,840 Speaker 1: and companies doing to try to harden their systems to 215 00:13:09,320 --> 00:13:10,840 Speaker 1: thwart future attacks. 216 00:13:11,320 --> 00:13:13,720 Speaker 3: I think the answer there is not enough. That's certainly 217 00:13:13,760 --> 00:13:17,200 Speaker 3: what the researchers I speak to are saying. But there 218 00:13:17,280 --> 00:13:21,319 Speaker 3: is a push to develop standards. These are minimum cybersecurity 219 00:13:21,360 --> 00:13:25,079 Speaker 3: standards that affect all parts of code in the satellite, 220 00:13:25,480 --> 00:13:29,199 Speaker 3: encrypting data in that link, raising standards across the board. 221 00:13:29,440 --> 00:13:32,480 Speaker 3: But this is a process that is really just beginning. 222 00:13:33,000 --> 00:13:37,480 Speaker 3: Today's something like five thousand active satellites in orbit around 223 00:13:37,480 --> 00:13:40,000 Speaker 3: the Earth. That's already a huge amount to try and protect, 224 00:13:40,120 --> 00:13:43,160 Speaker 3: given you also have all the associated systems that make 225 00:13:43,200 --> 00:13:46,360 Speaker 3: them work. This is growing so fast that I think 226 00:13:46,400 --> 00:13:48,120 Speaker 3: that's why it's been such a wake up call to 227 00:13:48,160 --> 00:13:51,920 Speaker 3: the industry. By twenty thirty, some high end estimates suggest 228 00:13:51,960 --> 00:13:55,360 Speaker 3: that there could be one hundred thousand active satellites in orbit, 229 00:13:55,480 --> 00:13:57,520 Speaker 3: so from five thousand to day to one hundred thousand 230 00:13:57,559 --> 00:14:00,440 Speaker 3: in the space of seven years. This problem is so 231 00:14:01,200 --> 00:14:04,080 Speaker 3: set to rise, and there are so many different ways 232 00:14:04,080 --> 00:14:06,920 Speaker 3: to attack satellites. Way back at the beginning of the 233 00:14:06,920 --> 00:14:10,280 Speaker 3: space age, no one even conceived anyone would be hitting. 234 00:14:10,600 --> 00:14:14,080 Speaker 3: And it turns out that I've spoken to hackers, individual hackers, 235 00:14:14,120 --> 00:14:18,320 Speaker 3: security researchers who've proved, who've shown that each of these 236 00:14:18,360 --> 00:14:19,000 Speaker 3: is vulnerable. 237 00:14:19,480 --> 00:14:22,400 Speaker 1: What are some of the things that all these satellites 238 00:14:22,440 --> 00:14:22,960 Speaker 1: are doing. 239 00:14:23,680 --> 00:14:29,200 Speaker 3: Well, there's Internet, that's one. There's satellite TV, there's earth observation, 240 00:14:29,920 --> 00:14:34,360 Speaker 3: earthquake monitoring, spying. The US has its own spy satellites. 241 00:14:34,680 --> 00:14:37,600 Speaker 3: But it was explained to me that every single element 242 00:14:37,880 --> 00:14:42,640 Speaker 3: of the US economy that matters, whether it's chemical, industrial processes, 243 00:14:43,000 --> 00:14:47,280 Speaker 3: looking for oil, even atomic clocks. So the way we 244 00:14:47,360 --> 00:14:50,320 Speaker 3: get our time, the way cash machines function, the way 245 00:14:50,360 --> 00:14:53,920 Speaker 3: you get gas at the pump, everything now depends on satellites. 246 00:14:54,440 --> 00:14:57,840 Speaker 1: What are the things that you're paying especially close attention 247 00:14:58,000 --> 00:15:01,080 Speaker 1: to Given everything that you're describing here. 248 00:15:01,520 --> 00:15:04,040 Speaker 3: I think I'm really interested in any time China puts 249 00:15:04,080 --> 00:15:06,400 Speaker 3: up a system that could potentially be independent of the 250 00:15:06,520 --> 00:15:12,000 Speaker 3: US anytime China has a relationship with a satellite company. 251 00:15:12,440 --> 00:15:15,040 Speaker 3: All of those things are areas that I think you'll 252 00:15:15,080 --> 00:15:18,480 Speaker 3: see the US government look at more and more, and 253 00:15:18,960 --> 00:15:21,720 Speaker 3: really a push from the US government to see how 254 00:15:21,760 --> 00:15:25,280 Speaker 3: far they're going to squeeze industry to actually do anything 255 00:15:25,320 --> 00:15:28,680 Speaker 3: about this. A White House official told me that companies 256 00:15:28,680 --> 00:15:32,880 Speaker 3: need to radically improve the security of satellite ground systems, 257 00:15:33,320 --> 00:15:35,760 Speaker 3: and that they even go to companies on occasion and 258 00:15:35,800 --> 00:15:38,880 Speaker 3: tell them, hey, we've discovered a vulnerability. You need to 259 00:15:38,920 --> 00:15:40,880 Speaker 3: patch this, And they don't want to say it in 260 00:15:40,920 --> 00:15:45,200 Speaker 3: public because that would raise awareness of vulnerability that could 261 00:15:45,240 --> 00:15:48,720 Speaker 3: be exploited by attackers. They tell companies in private, and 262 00:15:48,760 --> 00:15:52,000 Speaker 3: they say sometimes companies do not take that advice and 263 00:15:52,080 --> 00:15:54,560 Speaker 3: do not patch. And I think companies would have just 264 00:15:54,600 --> 00:15:57,000 Speaker 3: as many criticisms back if they were speaking freely of 265 00:15:57,080 --> 00:16:00,600 Speaker 3: the US government too. And so that relationship between government 266 00:16:00,680 --> 00:16:03,640 Speaker 3: and commercial satellite players has got to get if it's 267 00:16:03,680 --> 00:16:07,400 Speaker 3: to be solved a lot closer. They haven't quite got 268 00:16:07,400 --> 00:16:09,640 Speaker 3: the level of trust that I think everyone would want. 269 00:16:10,000 --> 00:16:12,720 Speaker 3: And there's a problem with classified briefings A lot of 270 00:16:12,760 --> 00:16:15,160 Speaker 3: this information is classified, and yet a lot of the 271 00:16:15,200 --> 00:16:18,640 Speaker 3: hacks are happening on a commercial sector, so really breaching 272 00:16:18,680 --> 00:16:20,040 Speaker 3: that gap needs a lot more work. 273 00:16:20,720 --> 00:16:23,440 Speaker 1: Katrina Manson, thanks so much for talking with me today. 274 00:16:24,040 --> 00:16:24,800 Speaker 3: Thank you for having me. 275 00:16:27,240 --> 00:16:30,280 Speaker 1: Let's hear now from someone who knows how easy it 276 00:16:30,320 --> 00:16:34,200 Speaker 1: can be to hack a satellite because he's done it himself. 277 00:16:35,040 --> 00:16:38,280 Speaker 1: James Pavor tapped into commercial satellites as part of his 278 00:16:38,360 --> 00:16:42,720 Speaker 1: PhD program at Oxford University. He now works on satellite 279 00:16:42,760 --> 00:16:47,040 Speaker 1: security for the Pentagon. James, let me just start by 280 00:16:47,080 --> 00:16:49,040 Speaker 1: asking you first, how did you become a hacker. 281 00:16:49,720 --> 00:16:52,760 Speaker 2: I've been doing computer security stuff basically since I was 282 00:16:52,800 --> 00:16:55,640 Speaker 2: a child. So when I was like in middle school, 283 00:16:55,680 --> 00:16:58,720 Speaker 2: I was playing around with like shutting down people's computers 284 00:16:58,720 --> 00:17:00,320 Speaker 2: while they're sitting next to me in the labs, that 285 00:17:00,440 --> 00:17:03,280 Speaker 2: kind of like little Windows hacking type thing. And I've 286 00:17:03,320 --> 00:17:05,960 Speaker 2: just always been really interested in seeing how things work 287 00:17:06,040 --> 00:17:09,119 Speaker 2: under the hood, and as a hacker, like exploiting things 288 00:17:09,240 --> 00:17:12,240 Speaker 2: is all about like understanding technology behind the scenes, and 289 00:17:12,320 --> 00:17:15,639 Speaker 2: so that's really been super interesting for me. It's just 290 00:17:15,680 --> 00:17:17,560 Speaker 2: always been like figure out how something works and then 291 00:17:17,560 --> 00:17:18,720 Speaker 2: figure out how you can break. 292 00:17:18,480 --> 00:17:20,960 Speaker 1: It, and then you took that kind of plane around 293 00:17:20,960 --> 00:17:24,480 Speaker 1: as a kid. Much more seriously a PhD now from Oxford, 294 00:17:24,800 --> 00:17:30,080 Speaker 1: and as part of that dissertation, you actually were hacking 295 00:17:30,119 --> 00:17:33,600 Speaker 1: satellites for real to show vulnerabilities. Is that right? 296 00:17:33,960 --> 00:17:37,160 Speaker 2: Yeah? Exactly so. Over the course of my PhD at Oxford, 297 00:17:37,200 --> 00:17:40,840 Speaker 2: I focused on satellite system security, and in particular the 298 00:17:40,920 --> 00:17:44,280 Speaker 2: like radio signals that come to satellites from Internet users 299 00:17:44,640 --> 00:17:49,080 Speaker 2: and like satellite broadband services. When I say satellite broadband services, 300 00:17:49,160 --> 00:17:52,600 Speaker 2: what I really mean is basically when you're using a 301 00:17:52,600 --> 00:17:55,840 Speaker 2: satellite to get Internet access, and typically that means that 302 00:17:55,880 --> 00:17:57,720 Speaker 2: you send a message up to the satellite, which is 303 00:17:57,760 --> 00:18:00,360 Speaker 2: like get me this website, and the satelle ight. It's 304 00:18:00,400 --> 00:18:03,000 Speaker 2: basically a bent pipe. You can think of the satellites 305 00:18:03,040 --> 00:18:07,000 Speaker 2: as fairly dumb objects. They receive data on one antenna 306 00:18:07,160 --> 00:18:09,280 Speaker 2: and then they take the data they receive and send 307 00:18:09,280 --> 00:18:12,199 Speaker 2: it out on a different antenna basically, and they do 308 00:18:12,280 --> 00:18:15,720 Speaker 2: no thinking, no processing, at least for Internet satellites. So 309 00:18:16,119 --> 00:18:18,120 Speaker 2: they're just a pipe. You put information in one side 310 00:18:18,119 --> 00:18:20,720 Speaker 2: and it comes out another side, and the only difference 311 00:18:20,760 --> 00:18:23,360 Speaker 2: is when it comes out it covers a huge area. 312 00:18:23,920 --> 00:18:27,199 Speaker 2: And so when you send Internet requests up to a satellite. 313 00:18:27,320 --> 00:18:29,560 Speaker 2: You're just pumping information into this pipe and then it's 314 00:18:29,560 --> 00:18:31,879 Speaker 2: coming out the other side to your internet service provider. 315 00:18:31,960 --> 00:18:34,160 Speaker 2: And when you get a response, like a web page 316 00:18:34,160 --> 00:18:37,000 Speaker 2: you've downloaded or a document you've received, it's the same thing. 317 00:18:37,040 --> 00:18:38,720 Speaker 2: The service provider is putting it into one end of 318 00:18:38,720 --> 00:18:40,240 Speaker 2: the pipe and then it's coming out at the broad 319 00:18:40,359 --> 00:18:43,640 Speaker 2: end to your dish. The interesting thing about satellite services 320 00:18:43,640 --> 00:18:46,080 Speaker 2: is that beam that comes back down to you can 321 00:18:46,119 --> 00:18:48,159 Speaker 2: cover like a third of the Earth's surface, So an 322 00:18:48,200 --> 00:18:51,640 Speaker 2: attacker can be thousands of miles away and getting that information. 323 00:18:52,160 --> 00:18:54,840 Speaker 2: So I bought some gear and pointed at its satellites 324 00:18:54,880 --> 00:18:57,280 Speaker 2: and tried to interpret what was going on. And it 325 00:18:57,320 --> 00:18:59,399 Speaker 2: turns out that there's like lots of really interesting and 326 00:18:59,400 --> 00:19:02,680 Speaker 2: really sense of information in these signals that an attacker 327 00:19:02,720 --> 00:19:05,439 Speaker 2: with like relatively inexpensive equipment can get access to. 328 00:19:06,400 --> 00:19:08,200 Speaker 1: So you said you bought equipment, what'd you buy? I mean, 329 00:19:08,200 --> 00:19:10,160 Speaker 1: is it like, you know, going on Amazon just getting 330 00:19:10,200 --> 00:19:10,879 Speaker 1: common stuff? 331 00:19:11,160 --> 00:19:14,640 Speaker 2: Basically, Yeah, so about four hundred dollars in home television equipment, 332 00:19:14,880 --> 00:19:17,280 Speaker 2: the kind of satellite dish that you'd see on someone's 333 00:19:17,359 --> 00:19:20,199 Speaker 2: house if they had satellite internet service. And then a 334 00:19:20,240 --> 00:19:22,760 Speaker 2: special card that is designed to like let you watch 335 00:19:22,760 --> 00:19:26,000 Speaker 2: satellite TV on your computer, but I basically repurposed it 336 00:19:26,160 --> 00:19:28,399 Speaker 2: to take these Internet signals and get them in a 337 00:19:28,400 --> 00:19:30,760 Speaker 2: format I could mess around with. I pointed my dish 338 00:19:30,800 --> 00:19:33,840 Speaker 2: at satellites in geostationary orbit, so that means they're thirty 339 00:19:33,880 --> 00:19:36,840 Speaker 2: thousand kilometers above the Earth's surface, and they basically don't move. 340 00:19:36,840 --> 00:19:38,800 Speaker 2: They're always in the same spot in the sky, which 341 00:19:38,800 --> 00:19:42,399 Speaker 2: makes them pretty easy to find and intercept signals from. 342 00:19:42,440 --> 00:19:46,239 Speaker 2: And these were primarily like broadband Internet services, and I 343 00:19:46,320 --> 00:19:48,520 Speaker 2: was able to see the sort of traffic people were 344 00:19:48,560 --> 00:19:52,760 Speaker 2: sending over their satellite Internet connections, So stuff like text 345 00:19:52,760 --> 00:19:55,399 Speaker 2: messages from people who were using inflight Wi Fi services 346 00:19:55,440 --> 00:19:58,760 Speaker 2: when they're on like Transatlantic flights, or things like passengers 347 00:19:58,800 --> 00:20:00,880 Speaker 2: on cruise ships when they were making payments at point 348 00:20:00,880 --> 00:20:04,040 Speaker 2: of sale systems. So also a lot of like passport numbers, 349 00:20:04,119 --> 00:20:07,480 Speaker 2: so when like crews, especially like cargo vessels pull into ports, 350 00:20:07,480 --> 00:20:09,480 Speaker 2: they'll send information about everyone on the ship to the 351 00:20:09,480 --> 00:20:12,600 Speaker 2: port authorities. That's typically over a satellite feed, and so 352 00:20:13,119 --> 00:20:16,239 Speaker 2: it's pretty easy to identify those messages when you're like 353 00:20:16,359 --> 00:20:18,639 Speaker 2: listening to the satellite traffic and just get like a 354 00:20:18,680 --> 00:20:20,640 Speaker 2: list of everyone on the crew and when they were 355 00:20:20,640 --> 00:20:23,879 Speaker 2: born and what their passport number is, Like, really concerning 356 00:20:23,960 --> 00:20:25,520 Speaker 2: data to be getting in clear text. 357 00:20:26,119 --> 00:20:29,480 Speaker 1: Did it surprise you how much you were able to get? 358 00:20:29,880 --> 00:20:32,399 Speaker 2: Yeah, I was stunned. I think that a lot of 359 00:20:32,440 --> 00:20:34,640 Speaker 2: it comes from an assumption that you would need much 360 00:20:34,680 --> 00:20:38,680 Speaker 2: more expensive equipment. The gear I used was very unreliable 361 00:20:38,720 --> 00:20:40,960 Speaker 2: if I wanted to use it to actually be a 362 00:20:41,000 --> 00:20:43,600 Speaker 2: satellite Internet customer. When it worked, because I was missing 363 00:20:43,680 --> 00:20:45,360 Speaker 2: a lot of packets, there was a lot of corruption. 364 00:20:45,960 --> 00:20:48,440 Speaker 2: But what I was able to do is basically reconstruct 365 00:20:48,800 --> 00:20:51,760 Speaker 2: enough of the transactions, like enough of the data that 366 00:20:51,800 --> 00:20:54,040 Speaker 2: I could start to get interesting information. Because a hacker 367 00:20:54,040 --> 00:20:57,439 Speaker 2: doesn't need one hundred percent reliability to succeed. So the 368 00:20:57,600 --> 00:20:59,440 Speaker 2: change in the model was this idea that you could 369 00:20:59,480 --> 00:21:01,560 Speaker 2: get away with a lot less if you're just trying 370 00:21:01,560 --> 00:21:02,320 Speaker 2: to be disruptive. 371 00:21:02,960 --> 00:21:06,680 Speaker 1: So here you are hacking these satellite signals and you're 372 00:21:06,680 --> 00:21:10,360 Speaker 1: doing it for academic purposes to show how vulnerable they are. 373 00:21:10,400 --> 00:21:13,399 Speaker 1: But if you were doing it for nefarious reasons to 374 00:21:13,440 --> 00:21:15,480 Speaker 1: try and steal this information, you would have had a 375 00:21:15,520 --> 00:21:17,920 Speaker 1: lot of stuff that could have caused people a lot of. 376 00:21:17,880 --> 00:21:21,440 Speaker 2: Trouble definitely the data that was in there. I'm glad 377 00:21:21,440 --> 00:21:23,640 Speaker 2: that as a security researcher, I was able to kind 378 00:21:23,640 --> 00:21:25,800 Speaker 2: of get to it first and share it with the 379 00:21:25,840 --> 00:21:29,880 Speaker 2: satellite internet service providers and kind of raise awareness about 380 00:21:29,920 --> 00:21:32,199 Speaker 2: this vulnerability so that they could work towards fixing it, 381 00:21:32,240 --> 00:21:35,480 Speaker 2: because I think adversaries, when they get access to data 382 00:21:35,520 --> 00:21:36,959 Speaker 2: like this, could cause a lot of harm. 383 00:21:37,520 --> 00:21:39,919 Speaker 1: So when you went to companies like that, what did 384 00:21:40,000 --> 00:21:43,520 Speaker 1: they say. Were they alarmed? Did they immediately patch it? 385 00:21:43,520 --> 00:21:46,000 Speaker 2: It was a mix of reactions. There are some companies 386 00:21:46,040 --> 00:21:49,560 Speaker 2: that were fantastic. They were immediately like, thank you for 387 00:21:49,600 --> 00:21:51,919 Speaker 2: sharing this information, We'll get right on fixing it. And 388 00:21:52,000 --> 00:21:55,280 Speaker 2: I think they did end up making improvements to their security. 389 00:21:55,320 --> 00:21:57,320 Speaker 2: They ended up checking what kind of data they were sending. 390 00:21:57,680 --> 00:22:01,080 Speaker 2: There were other companies that either ignored the research, like 391 00:22:01,160 --> 00:22:03,439 Speaker 2: never responded, or there were even some who like threatened 392 00:22:03,440 --> 00:22:06,760 Speaker 2: to sue us. So whole gamut of different things. But 393 00:22:06,800 --> 00:22:09,960 Speaker 2: I think that's just the nature of like offensive security 394 00:22:10,000 --> 00:22:13,160 Speaker 2: research and vulnerability research is that you kind of play 395 00:22:13,200 --> 00:22:16,000 Speaker 2: a game where people may get very defensive or very 396 00:22:16,320 --> 00:22:19,080 Speaker 2: hostile to your findings, but it's still important to get 397 00:22:19,080 --> 00:22:21,080 Speaker 2: it out there, so people can kind of if they 398 00:22:21,119 --> 00:22:22,919 Speaker 2: want to choose to fix things, at least they know 399 00:22:22,960 --> 00:22:23,880 Speaker 2: what they should be fixing. 400 00:22:24,800 --> 00:22:36,680 Speaker 1: We'll be right back. Now that you've completed your research, 401 00:22:36,840 --> 00:22:40,080 Speaker 1: you have your PhD, you've gone to work with the Pentagon, 402 00:22:40,119 --> 00:22:42,359 Speaker 1: What exactly are you doing for them? 403 00:22:42,960 --> 00:22:46,760 Speaker 2: I work at the Chief Digital and Artificial Intelligence Office, 404 00:22:46,800 --> 00:22:49,200 Speaker 2: which is a new office within the Office the Secretary 405 00:22:49,200 --> 00:22:51,960 Speaker 2: of Defense, and my agency within that is called the 406 00:22:51,960 --> 00:22:55,080 Speaker 2: Directorate for Digital Services. And it's a pretty generic name 407 00:22:55,119 --> 00:22:58,000 Speaker 2: because the job is incredibly broad. It's a lot of 408 00:22:58,040 --> 00:23:02,480 Speaker 2: like emergency engineering, like something pops up in the world 409 00:23:02,480 --> 00:23:05,000 Speaker 2: that needs something built, coded, or developed within like forty 410 00:23:05,040 --> 00:23:08,440 Speaker 2: eight hours, and so instead of like going to defense contractors, 411 00:23:08,440 --> 00:23:11,000 Speaker 2: we have like in house engineering expertise who can build 412 00:23:11,000 --> 00:23:13,680 Speaker 2: that kind of emergency tech. So obviously I can't go 413 00:23:13,720 --> 00:23:15,840 Speaker 2: into a ton of detail about all the projects I work, 414 00:23:16,119 --> 00:23:19,520 Speaker 2: but it's a lot of just like really rapid organic 415 00:23:19,600 --> 00:23:23,560 Speaker 2: software development and security work and advisory work for like 416 00:23:24,000 --> 00:23:25,320 Speaker 2: very impactful topics. 417 00:23:25,920 --> 00:23:28,760 Speaker 1: What attracted you to the Penyan I. 418 00:23:28,720 --> 00:23:32,600 Speaker 2: Think for me, the opportunity to work as a civil 419 00:23:32,640 --> 00:23:36,719 Speaker 2: servant in government is really compelling because you're close to 420 00:23:36,760 --> 00:23:40,080 Speaker 2: the decision makers who are kind of deciding what the 421 00:23:40,080 --> 00:23:43,199 Speaker 2: future of in this case the military will look like. 422 00:23:43,800 --> 00:23:45,680 Speaker 2: And having a seat at that table and having a 423 00:23:45,760 --> 00:23:49,480 Speaker 2: voice in those conversations can be a much bigger impact 424 00:23:49,560 --> 00:23:53,560 Speaker 2: than simply like finding vulnerabilities at a big contractor and 425 00:23:53,600 --> 00:23:56,840 Speaker 2: then selling them off. So for me, that's what really matters, 426 00:23:56,960 --> 00:23:59,520 Speaker 2: is this idea that I could shape a safer future 427 00:23:59,720 --> 00:24:02,520 Speaker 2: by being in the room when those conversations are happening. 428 00:24:03,200 --> 00:24:06,199 Speaker 1: So walk us through how satellites actually work, What are 429 00:24:06,200 --> 00:24:10,440 Speaker 1: the different components, and where are the places that are vulnerable. 430 00:24:09,920 --> 00:24:14,200 Speaker 2: To hacking you can break satellite security into. I guess 431 00:24:14,240 --> 00:24:16,320 Speaker 2: there are four domains that I like to think about. 432 00:24:16,720 --> 00:24:19,960 Speaker 2: One is the ground systems, So those are the devices 433 00:24:20,000 --> 00:24:22,280 Speaker 2: that users use to connect to the systems. Think like 434 00:24:22,359 --> 00:24:25,520 Speaker 2: a starlink modem or a ground station that's run by 435 00:24:25,520 --> 00:24:28,320 Speaker 2: a satellite service provider to collect data from their satellites. 436 00:24:28,800 --> 00:24:32,040 Speaker 2: And when you're hacking ground systems, typically it's going to 437 00:24:32,040 --> 00:24:34,040 Speaker 2: look a lot like bread and butter hacking. You're going 438 00:24:34,080 --> 00:24:36,520 Speaker 2: to be targeting like the Windows computer that's plugged into 439 00:24:36,520 --> 00:24:40,119 Speaker 2: the satellite antenna and using your Windows malware to exploit it. 440 00:24:40,800 --> 00:24:44,080 Speaker 2: Then there's the communications link so that's the radio signals 441 00:24:44,080 --> 00:24:46,600 Speaker 2: that go from a ground station to a satellite, and 442 00:24:46,600 --> 00:24:48,520 Speaker 2: that's what I was looking at in my PhD thesis. 443 00:24:48,560 --> 00:24:52,280 Speaker 2: For the most part, that's often like radio signals engineering 444 00:24:52,320 --> 00:24:56,120 Speaker 2: type work and kind of looking at communications security. Then 445 00:24:56,119 --> 00:25:00,040 Speaker 2: there's the bird, so there's the satellite in orbit, and 446 00:25:00,320 --> 00:25:02,360 Speaker 2: there's kind of a zone of trust. Once you're on 447 00:25:02,400 --> 00:25:05,000 Speaker 2: the satellite. Everything on the satellite trusts everything else in 448 00:25:05,040 --> 00:25:07,280 Speaker 2: the satellite. So if you were to like compromise a 449 00:25:07,359 --> 00:25:10,080 Speaker 2: camera on a satellite, you could send instructions to a 450 00:25:10,080 --> 00:25:13,760 Speaker 2: flight controller because they're all plugged into the same like bus, 451 00:25:13,760 --> 00:25:15,840 Speaker 2: which is basically like a wire that sends messages from 452 00:25:15,880 --> 00:25:19,080 Speaker 2: devices to other devices. And so when you're thinking about 453 00:25:19,080 --> 00:25:22,359 Speaker 2: like satellite security, it's often about compromising these embedded systems 454 00:25:22,440 --> 00:25:25,520 Speaker 2: in orbit. And then the last topic area is kind 455 00:25:25,560 --> 00:25:28,360 Speaker 2: of this broader like policy domain in terms of how 456 00:25:28,400 --> 00:25:32,399 Speaker 2: people interact with and regulate satellites. I did some research 457 00:25:32,400 --> 00:25:35,919 Speaker 2: on my PhD on space situational awareness data, for example, 458 00:25:35,920 --> 00:25:38,960 Speaker 2: which is how countries tell each other what space debris 459 00:25:39,000 --> 00:25:40,919 Speaker 2: is out there, so we don't like crash into the 460 00:25:40,920 --> 00:25:44,240 Speaker 2: debris and cause damage to the space environment. And so 461 00:25:44,280 --> 00:25:46,120 Speaker 2: I looked a lot at like what happens if countries 462 00:25:46,160 --> 00:25:48,400 Speaker 2: lie to each other? How could those lies be detected? 463 00:25:48,840 --> 00:25:51,040 Speaker 2: And that's kind of more ephemeral. There's not like a 464 00:25:51,080 --> 00:25:52,919 Speaker 2: part of the satellite you can touch that is that, 465 00:25:53,000 --> 00:25:55,160 Speaker 2: but it's still an important component of space security. 466 00:25:56,080 --> 00:25:59,840 Speaker 1: James, which of those four areas of vulnerability you're describing 467 00:26:00,119 --> 00:26:03,040 Speaker 1: the easiest for hackers to pry their way in. 468 00:26:03,760 --> 00:26:07,000 Speaker 2: I think the vast majority of historical attacks on satellites 469 00:26:07,000 --> 00:26:10,840 Speaker 2: have been against either the radio domain, primarily jamming attacks, 470 00:26:10,960 --> 00:26:14,280 Speaker 2: So a lot of countries, as a mechanism of censorship 471 00:26:14,400 --> 00:26:17,080 Speaker 2: or protest, will jam other people's satellites, and that's been 472 00:26:17,119 --> 00:26:20,840 Speaker 2: going on for decades. And then there's also the ground systems, 473 00:26:20,880 --> 00:26:24,080 Speaker 2: because there's so much like traditional IT systems with just 474 00:26:24,119 --> 00:26:28,040 Speaker 2: like Windows computers plugged into a satellite antenna. It's easy 475 00:26:28,080 --> 00:26:30,520 Speaker 2: to either accidentally hack them if you're just doing like 476 00:26:30,520 --> 00:26:33,840 Speaker 2: a broad attack, or to find and hire the expertise 477 00:26:33,880 --> 00:26:35,880 Speaker 2: you would need for a more targeted attack against those. 478 00:26:36,760 --> 00:26:41,800 Speaker 1: So what can companies governments do to protect satellites actually 479 00:26:41,880 --> 00:26:45,159 Speaker 1: enhance the security so this sort of thing doesn't happen. 480 00:26:45,920 --> 00:26:48,720 Speaker 2: I think that opening up a little bit to security 481 00:26:48,800 --> 00:26:51,760 Speaker 2: research is a big step in that direction. The industry 482 00:26:51,840 --> 00:26:54,560 Speaker 2: has gotten by for a long time on this assumption 483 00:26:54,640 --> 00:26:58,240 Speaker 2: that satellites are so expensive and so complicated that no 484 00:26:58,280 --> 00:27:00,959 Speaker 2: one will ever be able to hack them, and that 485 00:27:01,000 --> 00:27:04,480 Speaker 2: has sort of been true. But as technology has advanced 486 00:27:04,640 --> 00:27:08,720 Speaker 2: and satellites have become more and more like other Internet 487 00:27:08,720 --> 00:27:12,280 Speaker 2: of Things devices, basically that's getting less true. And there 488 00:27:12,320 --> 00:27:15,600 Speaker 2: are transferable skills hackers might develop that can be applied 489 00:27:15,600 --> 00:27:18,720 Speaker 2: to satellites, and so I don't think the space industry 490 00:27:18,720 --> 00:27:20,560 Speaker 2: can continue to kind of hide in the shadows and 491 00:27:20,600 --> 00:27:23,320 Speaker 2: get by with their easier targets. So no one's going 492 00:27:23,400 --> 00:27:26,560 Speaker 2: to bother with us, and so relying on like open 493 00:27:26,560 --> 00:27:29,800 Speaker 2: source protocols that can be validated at like source code 494 00:27:29,880 --> 00:27:35,000 Speaker 2: level for their communications, and relying on open firmware and 495 00:27:35,040 --> 00:27:37,920 Speaker 2: operating systems that people can test and prove or secure 496 00:27:38,359 --> 00:27:41,080 Speaker 2: will go a lot further than hoping that your embedded 497 00:27:41,160 --> 00:27:44,520 Speaker 2: proprietary software will just never be figured out by an adversary. 498 00:27:45,080 --> 00:27:47,480 Speaker 2: I think that, like, there are tons and tons of 499 00:27:47,520 --> 00:27:49,680 Speaker 2: people out there who would love to hack satellites, who 500 00:27:49,680 --> 00:27:52,399 Speaker 2: would love to do research for free as basically a 501 00:27:52,440 --> 00:27:54,920 Speaker 2: donation to the world to make it more secure because 502 00:27:54,920 --> 00:27:57,359 Speaker 2: they think hacking satellites is cool. Don't think I'm the 503 00:27:57,400 --> 00:27:59,600 Speaker 2: only person like that out there. I've met other people 504 00:27:59,680 --> 00:28:02,600 Speaker 2: like it. And if the space industry gives people the 505 00:28:02,640 --> 00:28:06,360 Speaker 2: opportunity to contribute within the security research community, I think 506 00:28:06,359 --> 00:28:08,679 Speaker 2: they'll be able to make really big progress and securing 507 00:28:08,680 --> 00:28:09,439 Speaker 2: these platforms. 508 00:28:10,280 --> 00:28:12,440 Speaker 1: What concerns you the most, like, what is the thing 509 00:28:12,640 --> 00:28:15,680 Speaker 1: as someone who knows how vulnerable these systems can be, 510 00:28:15,880 --> 00:28:19,200 Speaker 1: makes you think, this is the thing that makes me worry. 511 00:28:19,760 --> 00:28:23,720 Speaker 2: For me, it's the environment. So most of the repercussions 512 00:28:23,760 --> 00:28:26,960 Speaker 2: of a satellite compromise are like bad. They could be 513 00:28:27,080 --> 00:28:29,240 Speaker 2: very bad, like you could compromise GPS and it could 514 00:28:29,320 --> 00:28:33,919 Speaker 2: lead to like a terrestrial catastrophe. But however bad it is, 515 00:28:33,960 --> 00:28:36,280 Speaker 2: eventually we'll get over it. So I guess one of 516 00:28:36,320 --> 00:28:40,320 Speaker 2: my biggest concerns is less about the virtual effects of 517 00:28:40,360 --> 00:28:43,720 Speaker 2: hacking satellites, stealing data or disabling them, and more about 518 00:28:43,760 --> 00:28:47,040 Speaker 2: the kinetic and physical effects because those can have a 519 00:28:47,120 --> 00:28:49,600 Speaker 2: lasting effect on the environment. So if a satellite is 520 00:28:50,080 --> 00:28:52,959 Speaker 2: destroyed and orbit in some way, that can have huge 521 00:28:53,080 --> 00:28:56,680 Speaker 2: environmental repercussions. If someone hacks a rocket and causes it 522 00:28:56,720 --> 00:29:00,560 Speaker 2: to break during a launch sequence, for example, then you 523 00:29:00,720 --> 00:29:03,440 Speaker 2: end up with pieces of space debris that are stuck 524 00:29:03,480 --> 00:29:07,200 Speaker 2: in orbit for centuries. They move at literally bullet like speeds, 525 00:29:07,880 --> 00:29:10,680 Speaker 2: and if they crash into other pieces of space debris 526 00:29:10,840 --> 00:29:14,280 Speaker 2: or into each other, they can generate basically tobre cascade 527 00:29:14,520 --> 00:29:16,840 Speaker 2: and block orbit for a long period of time and 528 00:29:16,880 --> 00:29:20,320 Speaker 2: have a lasting detrimental impact on our abilities a species 529 00:29:20,320 --> 00:29:21,360 Speaker 2: to make use about our space. 530 00:29:22,080 --> 00:29:25,320 Speaker 1: So when you look ahead, do you think satellites become 531 00:29:25,440 --> 00:29:27,480 Speaker 1: more secure or do you think we go through a 532 00:29:27,520 --> 00:29:31,880 Speaker 1: period of kind of chaos and uncertainty before something gets done. 533 00:29:32,280 --> 00:29:35,920 Speaker 2: I am cautiously optimistic that satellites will become more secure. 534 00:29:36,280 --> 00:29:39,840 Speaker 2: There is really great momentum around satellite security that's formed 535 00:29:39,840 --> 00:29:43,160 Speaker 2: in the last four or five years. We have def Con, 536 00:29:43,200 --> 00:29:46,040 Speaker 2: which is a big hacker conference in Las Vegas every summer, 537 00:29:46,480 --> 00:29:49,440 Speaker 2: and they have a dedicated track within what they call 538 00:29:49,480 --> 00:29:53,000 Speaker 2: the Aerospace Village to just talk about space security. We 539 00:29:53,080 --> 00:29:56,960 Speaker 2: have industry advisory groups. There's a Space Information Sharing an 540 00:29:57,000 --> 00:30:01,160 Speaker 2: Advisory Council which is formed between like different space industry 541 00:30:01,200 --> 00:30:03,960 Speaker 2: people to talk about cyber threats. And we just have 542 00:30:04,000 --> 00:30:06,680 Speaker 2: a lot of momentum building around space security and My 543 00:30:06,800 --> 00:30:09,160 Speaker 2: hope is that that momentum is coming at the right time, 544 00:30:09,280 --> 00:30:12,160 Speaker 2: because the decisions we make in the next three or 545 00:30:12,200 --> 00:30:14,440 Speaker 2: four years I think will have a big impact on 546 00:30:14,480 --> 00:30:16,160 Speaker 2: what space looks like for the next decade or. 547 00:30:16,160 --> 00:30:20,080 Speaker 1: So, James, is there anything that we can do, just 548 00:30:20,200 --> 00:30:25,280 Speaker 1: as you know, people consumers of technology to protect ourselves. 549 00:30:26,040 --> 00:30:29,280 Speaker 2: Definitely, So when you're trying to protect your like satellite, 550 00:30:29,320 --> 00:30:32,480 Speaker 2: internet signals, or really any traffic you send over the Internet, 551 00:30:32,880 --> 00:30:35,320 Speaker 2: I think it's important to recognize that once that message 552 00:30:35,320 --> 00:30:38,200 Speaker 2: you're sending leaves your house, you have basically no control 553 00:30:38,520 --> 00:30:40,880 Speaker 2: over who gets to touch it as the gets handed off. 554 00:30:40,920 --> 00:30:42,680 Speaker 2: Think like you send a letter in the mail, you 555 00:30:42,720 --> 00:30:45,280 Speaker 2: don't know who the postal worker is grabbing your letter 556 00:30:45,320 --> 00:30:48,280 Speaker 2: at each stage. Will be same thing with Internet traffic 557 00:30:48,440 --> 00:30:52,440 Speaker 2: and so using end to end encrypted protocols, whether that's 558 00:30:52,560 --> 00:30:57,120 Speaker 2: using like an encrypted chat application or using websites that 559 00:30:57,280 --> 00:31:02,040 Speaker 2: use TLS. TLS is transport layer security. It's a protocol 560 00:31:02,120 --> 00:31:05,120 Speaker 2: that's used to encrypt general like Internet traffic that you 561 00:31:05,160 --> 00:31:07,640 Speaker 2: would have when you like visit a website, you'll see 562 00:31:07,640 --> 00:31:09,920 Speaker 2: it like little lock icon in your browser when you're 563 00:31:09,960 --> 00:31:13,840 Speaker 2: connected to a TLS website and it's like proven with 564 00:31:14,120 --> 00:31:17,800 Speaker 2: math to be very secure against adversaries who are trying 565 00:31:17,800 --> 00:31:20,200 Speaker 2: to read the content you're sending. That's a really great 566 00:31:20,240 --> 00:31:23,080 Speaker 2: way to stop people like me, because even if I 567 00:31:23,120 --> 00:31:25,520 Speaker 2: got your packets off of a satellite, because it happened 568 00:31:25,520 --> 00:31:27,680 Speaker 2: to get sent that way, I wouldn't be able to 569 00:31:27,720 --> 00:31:29,920 Speaker 2: read the contents of them. I could see the outside 570 00:31:29,920 --> 00:31:31,520 Speaker 2: of the envelope, but if I opened it up, it 571 00:31:31,520 --> 00:31:34,920 Speaker 2: would just be garbage, nonsense. And so whenever you can, 572 00:31:35,120 --> 00:31:38,160 Speaker 2: using an encrypted communications protocol defends you against just a 573 00:31:38,200 --> 00:31:41,480 Speaker 2: whole mix of attacks, whether it's satellite attacks or any 574 00:31:41,480 --> 00:31:42,800 Speaker 2: other kind of eavesdropping threat. 575 00:31:43,280 --> 00:31:45,440 Speaker 1: James Pavor, thanks for speaking. 576 00:31:45,080 --> 00:31:46,720 Speaker 2: With me, No problem, great meeting you. 577 00:31:48,120 --> 00:31:49,920 Speaker 1: Thanks for listening to us here at The Big Tay. 578 00:31:50,000 --> 00:31:53,440 Speaker 1: It's a daily podcast from Bloomberg and iHeartRadio. For more 579 00:31:53,480 --> 00:31:57,600 Speaker 1: shows from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or 580 00:31:57,640 --> 00:32:00,160 Speaker 1: wherever you listen, and we'd love to hear from you. 581 00:32:00,520 --> 00:32:03,800 Speaker 1: Email us questions or comments to Big Take at Bloomberg 582 00:32:03,800 --> 00:32:07,160 Speaker 1: dot net. The supervising producer of The Big Take is 583 00:32:07,240 --> 00:32:12,440 Speaker 1: Vicky Virgalina. Our senior producer is Katherine Fink. Rebecca Shasson 584 00:32:12,560 --> 00:32:17,160 Speaker 1: is our producer. Our associate producer is Sam Gebauer. Hilde 585 00:32:17,200 --> 00:32:21,280 Speaker 1: Garcia is our engineer. Our original music was composed by 586 00:32:21,360 --> 00:32:25,400 Speaker 1: Leo Sidrin. I'm wes Kasova. We'll be back tomorrow with 587 00:32:25,480 --> 00:32:26,440 Speaker 1: another big take.