The official expressed concern that sensitive information — notably command data for European satellites — is unencrypted, because many were launched years ago without advanced onboard computers or encryption capabilities.
According to the article the satellites that were shadowed were:
I’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long.
Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases
What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software:
“Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.”
Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.
My understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.
So it’s generally a very conservative software stack and process.
Yes, but that sort of process promotes non-adoption of techniques and processes that could increase robustness but are shunned due to pessimistic conservativeness
There was something of a to-do a couple years ago when some researchers were trying to see how strong encryption satellites were using and whether they could break it and discovered that a number of of satellite operators weren’t bothering to encrypt things at all.
According to the article the satellites that were shadowed were:
That wasn’t that long ago relative to encryption being done on computers.
I’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long. Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases
What’s it like typing in zero-G? Does the keyboard float away from you?
No, we tape it to the table, duh. But it’s annoying when the tape covers the spacebar!
How quickly could a radio wave get to Earth orbit? Three minutes? Nah, it’s fine. /s
What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software: “Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.” Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.
My understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.
Theoretically
Yes, but that sort of process promotes non-adoption of techniques and processes that could increase robustness but are shunned due to pessimistic conservativeness
Yeah a fair bit of that too!
Ah yes, assuming experience in your field basically translates to every other field. A tale as old as time.
Yeah, wtf is going on. GPG was released in 1999 and encryption existed before that too. https://www.ssldragon.com/blog/history-of-ssl-tls-versions/
How is this unencrypted
There was something of a to-do a couple years ago when some researchers were trying to see how strong encryption satellites were using and whether they could break it and discovered that a number of of satellite operators weren’t bothering to encrypt things at all.
Wow. Amazing. I basically encrypt everything by default because I’m so paranoid. Sometimes multiple layers of encryption