18 April 2024

Enhancing Cybersecurity in Outer Space

Rajeswari Pillai Rajagopalan

Recently, there have been several cybersecurity policy announcements relevant to outer space. The European Space Agency (ESA) came out with a policy document, ESA Security for Space: Shaping the Future, Protecting the Present, in November 2023. This was brought with the goal of “protect[ing] ESA critical space infrastructure.” In December 2023, the U.S. National Aeronautics and Space Administration (NASA) announced Space Security: Best Practices Guide in order “to bolster mission cybersecurity efforts for both public sector and private sector space activities.”

This came against the backdrop of U.S. intelligence agencies warning that the U.S. space sector could be infiltrated by foreign spy agencies. In a directive issued in August 2023, the FBI, the National Counterintelligence and Security Center (NCSC), and the Air Force Office of Special Investigations (AFOSI) raised an alert that certain foreign intelligence agencies were employing a series of measures, including cyberattacks and strategic investment (including joint ventures and acquisitions), to target the space industry. In terms of national security implications, the directive noted that cyberattacks or other means are aimed at “collecting sensitive data related to satellite payloads; disrupting and degrading U.S. satellite communications, remote sensing, and imaging capabilities; degrading the United States’ ability to provide critical services during emergencies; identifying vulnerabilities and targeting U.S. commercial space infrastructure during conflict.”

Earlier, in April 2023, a Cyberspace Solarium Commission (CSC) report made the case for identifying outer space as 17th critical infrastructure sector, with the goal of adopting enhanced cybersecurity measures among satellite operators. The 24-page report made stakeholder-specific recommendations including prioritizing the development of norms and standards in partnership with other like-minded partners.

Cybersecurity on its own has become a serious issue for policymakers across different regions, especially those who have embraced digitalization at a rapid pace in the post-COVID period. Outer space security, even as it is equally critical, was less understood in terms of the vulnerabilities and gaps in securing outer space. But today with growing interconnectedness between different technologies, we are confronted with a combination of these threats playing out and possibly threatening our access to space.

In fact, the ESA document from November highlighted precisely the changing threat scenario. It stated that “the evolution of the threat landscape affects not only IT networks but the overall space ecosystem, including the space segment (satellites, launchers, etc.), ground segment (ground stations, ground networks, payload data ground segment, etc.), and signal in space (SiS).” It adds that along with the evolution of technologies, there has been almost a simultaneous growth of the threats as well. The document noted that “even small, organized hacker groups or hacktivists are in the position to identify space systems vulnerabilities and launch hybrid attacks, usually driven by a willingness to experiment new hacking strategies or by public recognition and visibility.”

Further, infusion of major power competition and rivalry has exacerbated the complexities in outer space. Outer space seemed somewhat immune to great power rivalry for a couple of decades, after the competition between the United States and the Soviet Union ended at the conclusion of the Cold War. But lately, with the balance of power dynamics in a flux – which seems unlikely to settle anytime soon – space has become one more domain where this competition and rivalry are playing out.

There is also a growing interconnectedness between public and private sector players and the two interface with the military as well, making the emerging space conditions quite complex. With the expanding civilian, commercial, and military use of space, any disruptions here can be quite consequential. The effects of any disruption are going to felt across various domains including disaster warning and response, directional data, and financial transactions. Militaries around the world will be affected as well in their ability to gather intelligence, surveillance, reconnaissance (ISR) data; position, navigation, timing (PNT) data, and possibly even space situational awareness (SSA) data that is so critical. All of these highlight the importance of ensuring the security of cyber systems in space.

A cyberattack in the form of hacking into space systems also has the potential of criminals taking over and feeding erroneous data in a manner that allows the perpetrator to gain control over critical systems and take away confidential data. Jamming and spoofing have become quite attractive options for states and criminals alike to create disruptions and damages in space. Given that these methods are easy to execute, the low cost and plausible deniability are attractive qualities that have incentivized many perpetrators to pursue such options. Jamming and other cyber means have been employed quite effectively in the Russian war on Ukraine. An attack on the Starlink SpaceX terminal is a case in point.

As analysts note, cybersecurity in the context of space is essential for “maintain[ing] secure lines of communication, accurate navigation, and precise control.”

Making appropriate norms, standards, best practices, and regulations for ensuring better and more effective cybersecurity measures to prevent interference in satellite operations has begun to gain traction in recent years. But, as a World Economic Forum report of 2022 noted, the challenge is for policies and corresponding regulations “to keep pace with technology evolution.”

Clearly, this is not a unique problem for cyber/space security. While national level regulations may be relatively easier to develop, this is a much bigger challenge if one were to look at the state of global governance efforts. This is particularly hard given the major power rivalry and the inability to develop consensus among major powers that has come to be a major impediment in developing new rules. International partnerships especially those involving like-minded partners are also critical, for both developing new rules and measures but also in developing technological defenses against cyber threats and vulnerabilities in space.

No comments: