AI Heads to Space! And Where it Goes, DPI & Intrusion Detection Must Follow

According to Goldman Sachs, in ten years’ time, the global satellite market will be seven times its current size. This means that in 2035, it will have a value of $108 billion (compared to $15 billion today). In the next five years alone, global satellite operators are planning to launch as many as 70,000 low earth orbit (LEO) satellites. Around 53,000 of these 70,000 launches are likely to be from China.¹

One important driver of this growth is the shift of AI data centers to space. This year marked the launch of the first 12 of the 2,800 satellites that will make up China’s ‘Star Computing’ AI supercomputer array. In Europe, the Open Cosmos initiative launched Phisat-2, an Earth observation satellite designed to test near real-time AI analytics. And Nvidia sent a powerful GPU into orbit to test the waters for the U.S. startup Starcloud, which plans to launch its first batch of AI data center satellites in 2026.

In contrast to these AI-fueled leaps into the high-tech future of space-based edge computing, security researchers have recently made headlines by exposing the critical gap between rapidly advancing satellite capabilities and basic security needs.² They have shown earthly hackers armed with just a few hundred dollars of low-tech, off-the-shelf equipment can exploit satellite vulnerabilities to:

• intercept personal, business and government communications,
• identify and locate military users, and even
• take complete control of a satellite.

What are the main vulnerabilities and what can be done to protect against these risks?

Satellites face quite specific vulnerability challenges. Beyond the lack of accessibility for maintenance and kinetic exposure, there is a vast and varied array of cyber threats that constantly threaten their security. These include data protection weaknesses, denial of service, hardware backdoors, susceptibility to advanced persistent threats, privilege escalation, malware attacks and payload hijacking to name just a few. And all these risks are escalating with the arrival of AI.

Fortunately, there are effective means for addressing these security challenges. The most fundamental of these is acquiring full network visibility to monitor traffic and enable threat detection capabilities across the global attack surface.

How can I extend network visibility in my satellite system?

Until recently, most satellite systems had minimal support for encryption, and significant constraints for memory, processing and power. Technical advances have liberated capacity making it possible to integrate effective network monitoring and cybersecurity resources.

Key to these operations is network visibility. This is achieved through traffic analysis, application identification and anomaly detection, all of which require deep packet inspection (DPI).

Most interesting for satellite systems, DPI can be delivered as a software development kit or software engine enabling the technology to be embedded in sensors or in an encompassing security solution providing the visibility directly to the functions that require it most.

What is Deep Packet Inspection (DPI)?

As its name suggests, DPI inspects the data packets traveling across a network. It analyzes the content (payload) and context (metadata) of the packets at the application level, identifying the protocols, content, users, transactions and patterns. This enables granular insights into the traffic flows as well as a contextual understanding of flow activity.

But today’s DPI technology is capable of providing more than just real-time traffic classification. It enables the identification and classification of encrypted traffic without decryption and from the first packet. It is also highly effective at detecting cloaked and evasive traffic (anonymizers, tunneling, domain fronting, man-in-the-middle…).

In specific configurations, it can also be used to provide IDS-based threat detection capabilities as a software component. This enables easy and tight integration with cybersecurity solutions to raise performance while remaining highly flexible and scalable.

What’s the best way to integrate DPI?

Network traffic identification and classification are complex. Building DPI capabilities and keeping them up to date requires a dedicated team and a robust infrastructure. Network evolution means that today’s DPI must be able to function over all types of networks (virtual, physical, cloud…) including hybrid and that it can classify encrypted traffic. It must also be able to detect sophisticated cyber attacks and AI-generated traffic.

Commercial offerings are therefore the fastest and most effective way to acquire DPI. But it shouldn’t be seen as a short-term solution. Advanced DPI technology from industry specialists represents a long-term investment – one that will help to maintain product performance and cybersecurity excellence as networks, protocols and malware evolve.

As the market leader in DPI software, Enea provides embedded deep packet inspection and intrusion detection software components that support advanced access control, granular monitoring and intrusion detection in commercial and bespoke cybersecurity solutions for satellites, space probes and drones.

To learn more about the opportunities and risks at the network edge, including the Space Edge, download our whitepaper. It details edge computing vulnerabilities and security best practices for the six highest growth edge domains.

For more information on how Enea’s embedded security products can bring network visibility and threat detection capabilities to space systems, click here.

References

2. https://www.goldmansachs.com/insights/articles/the-global-satellite-market-is-forecast-to-become-seven-times-bigger
3. https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
4. https://spectrum.ieee.org/satellite-hacking-cybersecurity-nasa-visionspace
5. https://spectrum.ieee.org/iridium-satellite