Why the Space Force wants white hats to attack a satellite

 Moonlighter satellite, a small cube-shaped craft with solar panel wings on either side, against a black background.
(Image credit: Marc DeNofio / The Aerospace Corporation)

A US space launch is a very high-security affair. Systems are locked down, many of the staff hold national security clearance, and the rocket and its payload are carefully protected.

But when SpaceX launched its CRS-28 resupply mission to the International Space Station (ISS) in June, it did so carrying a special satellite that the US military was actively encouraging people to hack.

Run by the US Space Force, Hack-a-Sat was essentially a game of Capture the Flag. Organizers tasked ethical hackers with flexing their skills to break into a satellite and discover a special code, in a race against four other competing teams. The military hopes that this will also help raise awareness around cyber threats to space hardware.

The diminutive 34 x 11 x 11cm “cube” satellite is named Moonlighter and was deployed into low Earth orbit after about a month aboard the ISS, and was the target in this year’s Hack-A-Sat competition.

The event brings skilled cyber enthusiasts together to build enthusiasm for careers in the sector and specifically attract raw talent to the field of cyber security for vital communications satellites.

A CGI render of a white envelope being shot at from all directions by arrows with red-tips, to represent business email compromise (BEC).

(Image credit: Getty Images)

What is Business Email Compromise (BEC)?

The event brings skilled cyber enthusiasts together to build enthusiasm for careers in the sector and specifically attract raw talent to the field of cyber security for vital communications satellites. This could help protect government assets from a new generation of threat actors, and address the ongoing cyber skills deficit.

“They started to go and ask all the different organizations within the government and military saying, ‘Hey, can you let these hackers, these top cybersecurity enthusiasts, go and hack into your systems?’, and their first response was, ‘Absolutely not. No way’,” says Captain Kevin Bernert, the Space Force’s Hack-A-Sat program manager.

But Captain Bernert’s team persisted. In the first few years, the competition was run on virtual machines (VMs) down on Earth, or actual space hardware planted firmly on the ground. This year, Moonlighter was actually put orbit where it patiently waited to be hacked.


Whitepaper cover with title over image of high rise buildings with red circular digital icons dotted around

(Image credit: Zscaler)

Discover how the encrypted threat landscape has changed over time


It’s a real test for the competitors, as there are specific difficulties that we don’t need to deal with down on Earth. “With space vehicles orbiting the Earth at high speeds, you only have a certain amount of opportunities to make contact with that vehicle,” says Bernert. 

Hackers trying to send a command package, for example, might not know if it was successfully executed until the next time they can make contact. Other challenges include limited bandwidth and tricky power management. Hackers must be careful about how much energy their code uses on a device powered by only a solar panel.

Would-be attackers also need to take into account complex orbital mechanics to establish a connection with their target. Other aspects of the competition will be more familiar.

“It's still essentially a computer,” says Bernert. “You still have to apply all the cyber security principles. Now, it's just in a more rigorous domain.”

Cyber attack innovation

To communicate with the satellite in orbit, teams will use the same ground stations that are used for ordinary satellites. Moonlighter has been sandboxed so that even though the satellite is in space, nothing too dramatic can be compromised. 

“It works just like any other satellite would work in Low Earth Orbit,” says Bernert. “We don't have a propulsion system on it, so they won't be able to just send it off into deep space or into the Earth's atmosphere.” The satellite also has a built-in “reset” button that the military can use to restore the sandbox to a blank slate.

The competition is as realistic as possible and the organizers urge teams to pick members who have skills in the different disciplines such a complex hacking task requires, including radio communications, exploit development, satellite operations. and astrophysics.

Bernert is confident that by tapping into this “untraditional” pool of individuals, the task can be solved in innovative ways. But even with the right people, winning the competition will require an effective strategy.

“We let the competitors get creative with how they want to go about denying or degrading their competitors' satellites, but we also give them the opportunity to have game theory get involved,” says Bernert, describing how teams will have to choose between playing aggressively, to capture their opponents’ flags, or as in a real cyber-conflict, choosing to play more defensively to protect their own.

Even after the winners have been crowned and the Moonlighter satellite has been successfully compromised, the real-world stakes of the competition remain very much front of mind for those participating. Bernert’s hope, and that of Space Force, is that this can put threats to critical infrastructure in context.

“People are realising that it's not just limited to specific nations with large military budgets – it's becoming a lot more proliferated and more accessible to everybody,” he says. 

“With that, obviously, comes the need to make sure that systems that are now being procured and launched in rapid quantities are cyber secure, because so much of our lives for pretty much everybody across the globe is tied directly to safe satellite vehicle operations.”