Episode 27: Satellite Security with Dr. Ali Abbasi
CISPA Faculty Dr. Ali Abbasi has been a fan of space and satellites for as long as he can think: “I’ve always loved aerospace and engineering from early childhood”, he tells us. And as it is the case for many young boys, his dream was to become a pilot. But in the end, he became a cybersecurity researcher. When he approached his supervisor as a master student, suggesting to investigate the security systems of the International Space Station, his professor told him “Are you crazy? No one can access these systems”. A few years later, as a Postdoc, he returned to the topic. But to get access to the firmware of satellites, it took Abbasi another three years. “And eventually we had three candidates”, explains Abbasi. This was the minimum sample he needed to go on with this research.
Satellites have become an even more interesting research topic in the last few years, with a “New Space area” around the corner, as Ali Abbasi puts it. He describes a paradigm shift, in which satellites are no longer only a domain of state governments. Today, with new technology, it is possible for smaller companies and universities to launch their own satellites, adding to the urgency of addressing satellite security. Launch costs decreased significantly, especially for those in Low Earth Orbit, which means an altitude of less than 1000 km above Earth. This makes handling easier, Abbasi says: “You don’t need expensive equipment to build a ground station to communicate with the satellite. But you have a very limited time window for communication” he adds. “Because they are fast. The time window you have is around four minutes.”
But how secure is the communication between ground stations and satellites? “Most of the time the communication is not secure. Especially in Germany”, Abbasi explains. One reason is that many of these satellites are built cost-consciously. This especially applies for many of the actors operating in the new space area. The problem is that it is not allowed to encrypt the communication using open radio bandwidths, at least in Germany. “So, if you are cost-conscious, you cannot have encryption at all”, Abbasi says. To Abbasi, cybersecurity problems of satellites are something he would very much like to see solved. „But I don’t think it will be solved very fast, it is just a long game. Because it is part of a bigger problem, that is embedded systems security, which is lacking as whole”. As satellites are embedded systems, all the problems of the domain apply to them as well, which means more work for Abbasi and probably a topic to be addressed in another podcast. But he still has a wish for the future: “I hope that we develop more towards explainable technology. The technology is getting more complex and for people that are not experts and tech-savvy, it is going to be harder and harder to deal with these changes.”
TL;DR, short for "Too Long Didn’t Read", is the title of the first CISPA podcast, with "Women in Cybersecurity" as its Special Edition. We've been on the air since 2022 on all major podcast platforms. Each month, we talk to CISPA researchers about their work on cybersecurity and artificial intelligence, and try to ask them the exact questions that listeners are asking themselves. Our goal is to explain complex topics in simple language. Since people from 49 nations work at CISPA, the conversations are alternating between German and English.