LOGAN, Utah — Small satellites that have propulsion systems, but don’t have encrypted commanding systems, pose a small but real threat of being hacked and endangering other satellites, according to a new study.

That research by a team of graduate students, presented at the AIAA/Utah State University Conference on Small Satellites here Aug. 9, recommended the space industry take steps to prevent the launch of such satellites to avoid an incident that could lead to a “regulatory overreaction” by government agencies.

“We would propose as a policy that, for those cubesats and smallsats that have propulsion, that the industry adopt a ‘no encryption, no fly’ rule,” said Andrew Kurzrok of Yale University.

That recommendation comes as cubesat developers, who once had few, if any, options for onboard propulsion, are now looking to make use of more advanced chemical and electric propulsion systems. Some of those technologies can provide smallsats with large changes in velocity, which can enable major orbital changes.

Kurzrok and colleagues at Stanford University and the University of Colorado modeled several different propulsion systems on a notional 10-kilogram nanosatellite, assuming the spacecraft was in a 300-kilometer orbit and that the propulsion systems accounted for half the spacecraft’s mass. The results ranged from the satellite reaching medium Earth orbit altitudes within two hours when using chemical propulsion to passing geostationary orbit in about a year with an electric propulsion system.

The scenario involving the nanosatellite with chemical propulsion is particularly troubling, he said. “What are the abilities within two hours to track that something isn’t where it’s supposed to be and then warn or take some sort of secondary action?” he said, concluding that the satellite reaching GEO in a year is a much less plausible threat.

The concern, then is a scenario where hackers are able to take control of a satellite and redirect it quickly. Government satellites, as well as many commercial ones, have security measures like encryption that make it unlikely they could be hacked. However, many satellites run by academic institutions don’t have such security, often because of funding or technical limitations.

There’s been no known case where a smallsat with propulsion has been hacked, but Kurzrok suggested it may be only a matter of time. “If something can be hacked, eventually it will be hacked,” he said, based on cybersecurity experiences in other industries. That has serious implications, even in the scenario where the hacking event does no damage to the satellite or other space objects. “The reputational costs to the industry could be significant.”

That led to his recommendation that small satellites with propulsion be required to have encrypted command systems. That could be done through industry self-regulation, with launch providers ensuring that the satellites they launch comply with this rule, or provisions in contracts by satellite propulsion providers requiring their systems only be used on satellites with encrypted communications systems.

“This is actually a situation that is ripe for industry self-regulation,” he said. “It’s not worth one risky launch that will risk the rest of your manifest if there is a regulatory overreaction if something goes wrong.”