.svg)
Replacing central gateways with a zero-trust network gives the E-Space constellation a big security advantage
Ever since the dawn of the satellite era, ground-based gateways have been the default way of connecting antennas on Earth to satellites in space. As satellites carry more and more critical information and bad actors grow increasingly sophisticated, these gateways present a very large attack surface vulnerable to cyber and kinetic threats.
If that’s the case, how are satellites supposed to transmit data back and forth to the ground in a secure manner? It’s a question that E-Space engineers tackled early in the development process of our upcoming satellite constellation. The solution they arrived at was to create a novel satellite network — the first low Earth orbit (LEO) space system built with “zero-trust” network topology operating in a mesh, peer-to-peer system configuration.
In other words, they cut out the middleman — the ground-based gateway itself.
This architecture eliminates the need for hundreds of thousands of ground-based central gateways that would otherwise be required. The network instead uses a private, secure gateway architecture that allows direct communications without the intermediary public central gateway step. The result is that the system is much more resilient to IT hackers or kinetic destruction (e.g., collisions with other satellites or space junk).
When operating in a peer-to-peer system, the user equipment (UE or terminal) can directly communicate with other allowed devices on its network as well as exchange data with a private gateway device connected to data services, a private intranet or the public internet. The E-Space private gateway hardware can easily be installed at a client data center or premises.
Paths to enabling a secure architecture
As E-Space prepares to serve many customers in defense, enterprise and commercial applications, a one-size-fits-all approach is off the table. Instead, bespoke networks must be created with security solutions targeting specific use cases, some of which are illustrated here:
- Air-gapped network protection and communications: For use cases that do not require internet access, the E-Space network will exist entirely apart from from the public internet — a configuration known as an “air-gap.” This directly addresses some of the key threats to IoT devices open to undiscovered — or “zero-day” — vulnerabilities and brute-force attacks. The E-Space topology is especially important for critical infrastructure and other sensitive use cases.
- Segregation among customer type: The E-Space network is built to create a fully independent system between all commercial and government spacecraft in its constellation. This means its satellites can only serve one category of customers —commercial or governmental end-users. This segregation is critical to ensure the highest level of security for the overall system.
For governmental systems, the security protocols will allow access only by users approved by the respective government. Governmental user communications will never transmit through a satellite used for either commercial or non-governmental applications. Such air-gapped security is common in secure terrestrial networks with no access to the internet, and E-Space is poised to be the first satellite network to offer this extremely effective level of security.
- Inter-satellite links for added data privacy and security: The E-Space network includes the use of inter-satellite links in space, further removing the need to transmit communications via a ground network.
Read more about inter-satellite links
- Encryption to keep data safe: E-Space has added high levels of encryption to ensure the secure transfer of data and high priority, confidential communications.
- Safeguarding the spacecraft: The Telemetry, Tracking and Control (TTC) portion of the satellite is locked to provide very high levels of security for the control of the space segment.
All of these measures built into the E-Space satellite constellation will add up to one of the most secure and resilient networks available anywhere — terrestrial or space-based.
