Home >> March 2021 Edition >> Staying Out Of Terrestrial Trouble
Staying Out Of Terrestrial Trouble
By Kevin Korte, President, Univention North America, Inc.

 

How Satellite Companies Can Take Effective Steps On The Ground To Improve Their Data Security



It was a slightly sensationalist headline that struck fear into the hearts of anyone involved in satellite communications: “How hackers could spy on satellite internet traffic with just $300 of home TV equipment.”

In 2020, a cybersecurity researcher from Oxford University in the UK said he had been able to intercept the data traffic from various corporate networks relayed via satellite. He accessed not just the usual text files but also ships’ locations, crew and cargo details all the way to Wi-Fi sessions on airplanes. The researcher said he had exploited the fact that providers often skimp on encryption to keep latency down.

Attackers don't need perfect,” he said in an interview. “They just need to find some sensitive information or one password from a target.”

The underlying problem, in other words, lies more with lax data security practices on the ground than with inherently insecure communication platforms orbiting above us.

Satellite providers have an obligation to keep their networks locked down, their users tightly managed and their data securely stored, no matter whether they choose to do that in the cloud or on-premise. If they transmit, handle or analyze sensitive client data, that obligation becomes an ever bigger legal requirement that could come back to haunt them.

In other words, good IT security for satellite communications starts on Earth. It revolves around keeping a close watch on digital identities and preventing data leaks, or who is allowed to do what with what kinds of apps on a network.

A good case in point how companies in this industry can take some simple yet effective steps to boost their security is the Montreal-based monitoring and analytics company GHGSat.

Securing Smallsats

As the name implies, it is in the business of remote sensing of greenhouse gas (GHG), air quality gas, and other trace gas emissions from any source in the world. To do that, the company is building a small but steadily growing constellation of smallsats.

The third one took off on January 24th with a SpaceX Falcon 9 rocket as part of a historic rideshare launch.

GHGSat’s key clients are in the oil and gas and mining industries. They need to remotely monitor and be alerted to even small methane and other emissions that can wreak environmental havoc and have serious financial and legal consequences.

Satellite-based sensors that can pick up the signature wavelength of methane or other gases with a resolution down to 25 meters are a game changer. They let industrial companies keep a watchful eye on their assets anywhere, certainly better than any human on the ground could.

Plus, they produce reams of data that others would love to get their hands on as they speak volumes about a company’s industrial assets, their productivity, maintenance needs, environmental compliance and other key metrics.

Access to the company’s spacecraft, sensors, as well as its terrestrial servers and other parts of its IT infrastructure, is highly restricted and regulated. So much so that GHGSat had, over the years, built and expanded its own secure system, which eventually led to several headaches as the business grew.

How do you keep tabs on sensitive information when you have multiple operating systems on your servers and run multiple user management systems with multiple log-in procedures and passwords?



Artistic rendition of GHGSat smallsats onorbit. Image is courtesy of the company.


What GHGSat was ultimately looking for was a system that would let them batten down the hatches on the ground to let no unwanted eyes get access to their data in the sky. The answer was to centrally manage the digital identities and permissions for all users.

Another element on GHGSat’s priority list was to ensure that passwords are secure, comply with password policies across all the company’s services and devices and are not susceptible to “man in the middle” attacks.

Keeping Carbon Footprint Reporting Safe

As the Canadian company had the stated goal to retain as much control over its user management and client data as possible, they decided to install a solution called Univention Corporate Server. Even we, who programmed this open-source solution and were happy they wanted to work with us, weren’t allowed near their servers.

Instead, we could only offer tips and advice from a safe distance. The bottom line, according to GHGSat system administrator Damien Clabaut, is an overall improved security picture, “We were able to cut our overhead while ensuring compliance and security of the environment.”

If everything goes according to plan, GHGSat will triple its satellite fleet within a year to nine orbiting smallsats and add monitoring planes, as well. As a result, the number of employees which currently stands at 100, will most likely go up, as will the data haul and the roster of clients who rely on the provider to securely measure, collect and analyze their field data.

That’s even more relevant as climate change data is quickly becoming a high-value commodity for companies large and small to track, report and audit their activities. Breaching or “doxing” one’s carbon footprint datastream can tarnish a company’s reputation and have tangible economic consequences.

Having sensors in orbit is a wonderful addition to improve data-driven management, but it’s essential to start by steering clear of terrestrial trouble.
www.univention.com

Author Kevin Korte studied computer sciences at the Jacobs University in Bremen. He graduated as a Master of Science in 2011. Afterwards, he worked in the Professional Services Team at Univention for two years. Since 2013, he has been President of Univention North America Inc. where he is responsible for the company’s business development in the USA.

Univention GmbH is a developer of Open Source software for the operation and management of IT infrastructures and the administration of digital identities. Our goal is to enable companies, government institutions and the education sector to keep their data, applications and IT systems under their own control, to use them easily and to combine and further enhance them according to their needs. To this end, we have developed UCS as a complete solution for the administration of IT infrastructures, applications, resources and users. Building on UCS, the company offers UCS@school, an education-optimized platform that provides and manages IT services for schools, school boards and states.