We’re in the midst of a new space race. Fuelled by factors such as rapidly falling launch costs and a plethora of technological advances, there’s a huge amount of excitement surrounding the space market around the world.
Indeed, the global space economy is predicted to grow from $630 billion in 2023 to $1.8 trillion by 2035, largely due to our increasing reliance on space solutions for many of the world’s most pressing business and societal challenges — along with everyday applications such as GPS, communications and weather forecasting.
However, with this enhanced connectivity and dependency on space — particularly for critical national infrastructure and national security — comes an increased risk of cyber-attack.
Nation states and nefarious actors are increasingly targeting space networks in an effort to disrupt their adversaries without opening themselves up to clear attribution.
This presents two important and challenging questions —
What’s the current state of play regarding the cyber threat landscape?
How can we ensure the resilience of space systems now and into the future?
A Growing
Target The priority being put on space by state actors and cyber-criminals has shifted in recent years as the space domain, becoming a core component of defence and national security apparatus, has introduced more commercial data sources to capitalize on the agility of space to augment traditional monolithic space-based capabilities.
Multiple nations including the UK, France and the U.S. are investing heavily in space defence programs to enhance their intelligence,
It is, therefore, not surprising that the ongoing threat to peace and stability of the international community through interference with information and communications technology is acknowledged by the United Nations in the paper ‘Advancing Responsible State Behaviour in Cyberspace in the Context of International Security,’ guided* by the use of 11 non-binding norms of behaviour.
The norm relevant to space says member states “…should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment, and the nature and extent of the consequences.”
This is relevant due to the nature of state actor interference in space leading to the attribution of cyber intrusions and a proportionate response, noting the possible far-reaching impacts and potential threats to civilian life.
Points of
Vulnerability
Global space infrastructure is firmly in the cyber crosshairs, but what’s the level of vulnerability to attack?
When we look at space from a cybersecurity perspective, we must consider the attack surface available for threat actors to exploit. This attack surface has expanded significantly in recent years, largely due to the growing number of satellite networks in operation (particularly driven by small, low cost LEO constellations and satellites), expansions to the associated ground infrastructure, and the increasing use of technologies such as Machine Language/Artifcial Inelligence (ML/AI) and data analytics.
What’s more, edge processing is becoming more prevalent. More satellite networks are able to process data at the edge (i.e. on-orbit) and it’s common for threat actors to leverage edge vulnerabilities in their hacking campaigns.
This, combined with an enlarged space supply chain consisting of companies ranging from start-ups to multi-national enterprises — all provide more entry points for hackers to exploit. Furthermore, the combined effects of large satellite constellations and COTS (Commercial-Off-The-Shelf) components are increasingly complicating security at a time when attacks are accelerating in sophistication.
The days of ‘security through obscurity’ are largely gone, with common cyber issues, such as software backdoors, Denial of Service (DoS) attacks and social engineering all real concerns in the space domain.
The risk is made even more acute given how interconnected space is — an attack targeting one particular network or system can end up having a wide-ranging impact — known as a spill effect — whereby a targeted space cyber intrusion can have significant and unintentional consequences.
This was demonstrated by NotPetya in 2017 and its destructive impact across the Ukraine and beyond, and the attack on Viasat in 2022.
While the core objective of this more recent attack appears to have been to disrupt Ukraine’s military communications, the affected service area ultimately included Germany, Greece, Poland, Hungary and France — including residential broadband as well as industrial applications such as wind turbines in Germany.
Protecting
Space Assets
This all brings us to the challenge of ensuring space security. With the Space 2.0 era upon us, we must acknowledge the shifting nature of the threat landscape and put cyber security at the forefront of our space strategies to support the sector’s future.
For example, we must continue to drive collaboration across the sector. Space consists of multiple sub-disciplines that require extraordinary levels of expertise to be successful.
As such, getting the appropriate system engineers and security experts working together to build more secure space systems by breaking down silos between government, industry and academia, is vital.
We should also be prioritizing a ‘resilience-in-depth’ approach by building systems that can withstand a breach at one level and effectively contain an attacker there. While this is a challenge given the multi-system and multi-stakeholder nature of space infrastructure, building systems that can contain the impact of a breach or vulnerability are worth considering.
Regulation will also have a key role to play. While this area is evolving, space system developers still face different regulations across firms and countries — making it difficult to ensure that components from all supply chain levels maintain the same quality of cyber security and protection. This is an issue we need to get ahead of through innovation and engagement, particularly cross-sector, to help drive standardised legislation across the international space community.
Ultimately, the cyber security of space isn’t much different than on Earth. The vulnerabilities and potential access points are similar – the only difference is that we’re applying it to objects and networks hundreds of miles above our heads.
Of course, this presents a challenge. However, given the speed and motivation of today’s threat actors, this is challenge one we must be prepared to tackle head on.
www.baesystems.com/en/capability/space-systems
Author Nathan Parsons is the Sales Lead for Space and C5ISR at BAE Systems Space.