An AI cyberattack could trigger a satellite apocalypse in the next 2 years. Are we prepared?

人工智能网络攻击可能在未来两年引发卫星灾难。我们准备好了吗？

AI systems could soon be able to hijack satellites in orbit and cause them to collide with other spacecraft, potentially triggering a dangerous cascade of smash-ups that could render the environment around Earth unsafe for years, according to experts.

专家表示，人工智能系统很快可能能够劫持轨道上的卫星，使其与其他航天器相撞，从而引发一连串危险的碰撞事件，可能导致地球周围的空间环境多年内都变得不安全。

Cyber security researchers are already using AI to identify so-called zero-day vulnerabilities — yet undiscovered security holes in code — to alert operators and help them patch the problems before hackers could exploit them. But attackers, too, can take advantage of those advanced systems to find those holes more quickly.

网络安全研究人员已经在使用人工智能来识别所谓的零日漏洞——即尚未被发现的代码安全漏洞——以提醒运营者并帮助他们在黑客利用之前修补这些问题。但攻击者同样可以利用这些先进系统，更快地发现这些漏洞。

Speaking exclusively to Space.com, researchers at the CR14 cybersecurity center in Estonia said that advances in AI could make it possible for an AI-led attack to wreak havoc in orbit in as little as two years. The emergence of so-called agentic AI — autonomous systems powered by Large Language Models (LLMs) such as OpenAI's ChatGPT or Google's Gemini, which can independently plan action and execute tasks to achieve set goals — is especially worrying, Kristjan Keskküla, CR14 Head of Space Cyber Range, told Space.com. "AI is developing quite quickly right now," Keskküla told Space.com. "The real problem now is that AI can act, take decisions, analyze things and come up with new exploits."

爱沙尼亚CR14网络安全中心的研究人员在接受Space.com独家采访时表示，人工智能的进步可能使AI主导的攻击在短短两年内就能在轨道上造成严重破坏。CR14太空网络实验负责人Kristjan Keskküla告诉Space.com，所谓的‘自主型AI’——由大型语言模型（LLM）驱动的自主系统，例如OpenAI的ChatGPT或Google的Gemini，它们可以独立规划行动并执行任务以实现既定目标——尤其令人担忧。Keskküla表示：“人工智能目前发展得非常快。真正的问题在于，AI现在可以自主行动、做出决策、分析事物，并开发出新的漏洞利用方法。”

Clémence Poirier, a cyber security researcher at the ETH Zurich University in Switzerland, told Space.com that although no known AI-enabled cyberattack on space systems has taken place so far, state-funded hackers are known to have used LLMs to research space systems vulnerabilities in the past.

瑞士苏黎世联邦理工大学（ETH Zurich）的网络安全研究员Clémence Poirier告诉Space.com，尽管迄今尚未发生已知的人工智能驱动的太空系统网络攻击，但有证据显示，部分国家资助的黑客过去曾利用大型语言模型（LLM）研究太空系统的漏洞。

"In 2024, OpenAI and Microsoft revealed that Russian threat actor Fancy Bear used LLMs to search about satellite communications, radar systems and other space technologies to support information gathering in view of potential attacks," Poirier said in an email. "AI definitely helps threat actors in the reconnaissance and intelligence gathering phase of an attack. Threat actors can find known vulnerabilities in space systems with LLMs. The time to exploit known vulnerabilities has been immensely reduced because of AI."

Poirier在一封电子邮件中表示：“2024年，OpenAI和微软披露，俄罗斯威胁组织Fancy Bear曾使用大型语言模型（LLM）研究卫星通信、雷达系统及其他太空技术，以支持潜在攻击的信息收集。”她指出，“人工智能确实在攻击的侦察和情报收集阶段帮助了威胁行为者。威胁行为者可以利用LLM发现太空系统中已知的漏洞。由于人工智能的作用，利用已知漏洞的时间大大缩短。”

Andrzej Olchawa, a space cybersecurity engineer and researcher at VisionSpace told Space.com that "LLMs have drastically lowered the barrier to understanding spacecraft operations and communication protocols."

VisionSpace的太空网络安全工程师兼研究员Andrzej Olchawa告诉Space.com，”大型语言模型（LLM）大幅降低了理解航天器操作和通信协议的门槛。“

While in the past, developing an understanding of how space systems operate required extensive study, today, LLMs enable "adversaries with no prior knowledge of the space industry to process documentation and open-source software," and cause real harm.

过去，想要理解太空系统的运作需要进行大量深入研究，而如今，借助大型语言模型（LLM），“即使是对航天行业毫无了解的对手，也能够处理文档和开源软件”，并可能造成实际损害。

"Interpreting telemetry and telecommand structures once required extensive study of thousands of technical pages," Olchawa said. "Today, one can simply instruct an LLM to generate parsers and provide mission-specific context with minimal expertise."

Olchawa表示：“过去，解析遥测和遥控指令结构需要对成千上万页的技术资料进行深入研究。如今，人们只需指示大型语言模型（LLM）生成解析程序，并提供特定任务的背景信息，几乎不需要专业知识“。

What is worse, the accelerated AI threat has emerged just as the space sector began to wake up to the cybersecurity risks, which it had ignored for decades. Many older satellites that are still in orbit and operational have no cyber protection systems in place, said Keskküla, making them a low-hanging fruit for a possible attack.

更糟糕的是，正当太空行业开始意识到长期被忽视的网络安全风险时，加速发展的人工智能威胁也随之出现。Keskküla表示，许多仍在轨道上运行的老旧卫星没有任何网络防护系统，这使它们成为潜在攻击的‘低垂果实’。

Many possible ways of attacking a spacecraft exist, including jamming and spoofing of the communication links between the satellites and ground control either from Earth or from space. But the experts are especially worried that hackers could find ways to completely hijack satellites and turn them into orbital anti-satellite weapons.

攻击航天器的方式多种多样，包括从地面或太空对卫星与地面控制之间的通信链路进行干扰或欺骗。但专家尤其担心，黑客可能找到方法，完全劫持卫星，将其变成轨道上的反卫星武器。

"They could make them collide with other satellites and cause havoc," Keskküla said. "In the last about three years, we have sent up 8,000 satellites. It's a huge number of satellites, and the constellations are growing. You only need to affect one satellite's actions to cause problems."

Keskküla表示：”他们可能让卫星与其他卫星相撞，从而造成混乱。过去大约三年里，我们发射了8,000颗卫星。这是一个庞大的数量，而且卫星星座还在不断增加。只需要影响一颗卫星的行动，就可能引发问题。“

The researchers worry that one such deliberate space crash could create thousands of fragments in the heavily used low Earth orbit — the region of space at altitudes up to 1,200 miles (2,000 kilometers) where most satellites reside — which could make the orbital environment unsafe for years.

研究人员担心，一次故意的太空碰撞可能在高度使用频繁的低地球轨道——大约到1,200英里（2,000公里）高的区域，也是大多数卫星所在的轨道——产生数千个碎片，从而可能使轨道环境多年内都不安全。

CR14 is one of the largest cybersecurity research and training centers in the world, and, thanks to Estonia's proximity to Russia, has been at the forefront of Europe's cyber defence against escalating Russian attacks for years.

CR14是全球最大的网络安全研究与培训中心之一，由于爱沙尼亚地理上靠近俄罗斯，多年来一直处于欧洲应对日益升级的俄罗斯网络攻击的前沿。

"During our exercises, we simulate these kinds of attacks in a virtual environment using digital twins," Keskküla said. "We have attackers, and we have defenders, one group trying to penetrate the system and do bad things, the other trying to protect it."

Keskküla表示：”在我们的演练中，我们使用数字孪生在虚拟环境中模拟这类攻击。我们有攻击方，也有防御方，一方试图渗透系统并实施破坏，另一方则试图保护系统。“

Martin Hanson, CR14's head of communication, added that the quantity and sophistication of cyberattacks is bound to keep rising. Ukraine, he said, experiences "thousands of cyberattacks" on critical infrastructure every day, including on power grids, banks and satellite communication systems.

CR14的传播负责人Martin Hanson补充说，网络攻击的数量和复杂性必然持续上升。他表示，乌克兰每天都在关键基础设施上遭受”数千次网络攻击“，包括电网、银行和卫星通信系统。

In Europe, he added, the number of phishing attacks has grown by 500% over the past few years, and the sophistication of those attempts to steal sensitive information by means of social engineering is bound to grow thanks to the use of AI.

他补充说，在欧洲，过去几年网络钓鱼攻击的数量增长了500%，而利用人工智能进行社会工程手段窃取敏感信息的攻击手法，其复杂性也必然会持续提升。

"AI will make these attacks more targeted," he said. "They will gather more information about you, and they will try to copy your friends and coworkers. It's getting more sophisticated. "

他表示：”人工智能将使这些攻击更加精准。攻击者会收集更多关于你的信息，并尝试冒充你的朋友和同事。攻击手段正在变得越来越复杂。“