There is a growing global consensus that governments and businesses need to prioritize security when securing the frontier of space systems. The importance of satellite and space cybersecurity in this new digital era is due to our integral reliance on space, specifically satellites, for communications, security, intelligence, and business.
Due to the falling cost of space access and the growing financial possibilities in the space industry, cybercrime against space systems is becoming more prevalent, which presents a great problem. Because of the dramatic increase in the volume of data arriving from satellites, concerns have been raised about the security and integrity of data transport and storage between satellites and ground systems.
The vulnerabilities are overt. The space community is reminded by the cyber incursion on the satellites during the Ukraine crisis that cybersecurity regulations are essential and, if neglected, might have an impact on both national security and the advancement of global economic development. Malware, which can be uploaded to satellite terminals by hackers, can take control of the devices, shut them down, or break communication with the ground. A mass attack against satellites may disrupt everything from text messaging services to GPS navigation.
And the quantity of satellite launches has increased in the last few years. Thousands of satellites are in low Earth orbit, making them susceptible to above- and below-earth intrusions. Many communication networks are currently switching from terrestrial (land-based) to cloud-based communications due to the ability of satellites to transfer data over enormous, global distances. By 2030, 25,000 satellites carrying over 500,000 petabytes of data will be launched. This emphasizes the risks associated with this increased susceptibility for the economy and data security.
More satellites are in low Earth orbit than ever due to the sharp decline in launch costs. This has expanded the pool of targets that hackers may go after, both at Earth-based control centers and in space. This has become a global concern for both governments and commercial interests.
This year, I was honored to participate in a groundbreaking space security conference in Farnborough, UK called Space-Comm. THE UK’S LARGEST SPACE EXPO SERIES (space-comm.co.uk) The Space-Comm Expo gathered space, aerospace, defense, downstream, and upstream industries for two days of high-level networking, discussions, education, and business, focused on the commercial future of space. That included our panel on cybersecurity called: “ Tracking and Ensuring Space Multi-Domain Integration, Space’s Role in the Future MDA.”
It was an exceptional and informative event and I have included some of the highlights of the panel I moderated with distinguished experts on their observations on securing space systems from the European perspective.
The panel included Stefanie Grundner who is a consultant to the German Federal Office for Information Security (BSI). She is also a dedicated expert in the field of Earth observation and satellite security. Stefanie noted in the panel that the increasing size, scale, and interdependence of space technologies across countries and between different actors requires a new level of cybersecurity capabilities. She stated that “International cooperation between governments and organizations in implementing cybersecurity measures to protect their space systems and infrastructures from cyber threats is therefore more important than ever.”
Another renowned panelist, Dr Sharon Lemac-Vincere is an interdisciplinary academic at Strathclyde University and a visiting academic at the International Space University. She observed that “One thing is certain, space is an attractive proposition for cyber criminals. As such, secure by design cyber resilience has to be an essential part of any Space business. Globally, academia can and does play a key part in supporting the space sector through innovative research and education, but I believe that executives in the space sector need sector-specific cyber resilience training.” [Strathclyde will be hosting an Executive Space Course in partnership with the International Space University in May to push this issue forward]. She continued “If leaders understand cyber security, then they are more likely to see it as a critical part of the picture and engage with it. I would like to see more ambition and disruptive innovation in the cyber resilience market focusing on the space sector specifically, ensuring that cyber security innovation matches the ambition and innovation in the burgeoning space sector, and is ahead of the cybercriminals.”
Panelist Arne Matthyssen, RHEA Group Chief Technology and Innovation Officer noted that “In an era where the boundaries between space and terrestrial infrastructures blur, the panel at SpaceComm Expo 2024 underlined the crucial, yet still often underestimated threat of cyber-attacks, not only affecting specific assets, but also society. The solution is not just to be found in technology; it’s also about innovative operational concepts, increasing awareness, sharing cyber solutions and cyber threat knowledge across the supply and value chains, and embracing security-by-design. The use of Cyber Digital Twins (e.g. CITEF of RHEA Group) allows to assess the cyber resilience of existing and ‘under design’ infrastructures in virtualized emulation environments will enhance the overall readiness for rapid changes in threat vectors and society. The same Cyber Digital Twins provide us with a platform for harnessing generative AI for crafting unforeseen attack scenarios and pioneering mitigation solutions. The future of Cybersecurity in Space relies on the understanding by all of us that Space assets and services are heavily intertwined with and rely on terrestrial infrastructures and vice versa, every day 24/7, for services that we as end users see as being obvious and available by default.”
And Panelist Richard Goodall, Head of Strategy for Airbus Cyber Security in the UK noted that “much can be learnt from the experience of other industries and how they have addressed the cyber threat through a focus on ‘Security by Design’ principles where security is baked into solutions from the outset. This is easier when cyber security is a hot-topic at board level and leads to a cascade of security awareness and training through an organisation. It could also be suggested that one of the challenges which we face is that cyber and space professionals talk a different language, and a common lexicon would be a useful way of bringing the two domains closer together.”
The panels’ observations provided insights into the increased priorities of governments in securing space systems, especially in Europe, the United States, and Asia. The prevailing theme was that global cooperation is essential to cyber secure space systems.
Government Recognizes The Importance of Cybersecurity Space
In the United States, DHS, NASA, DOD, USAF, and Space Command are initiating programmatic initiatives to protect space assets essential to all domain activities. Moving forward in a rapid, ambitious, and focused manner is crucial.
The government recognizes that it is critical to secure space systems. All aspects of terrestrial and orbiting satellites, including end-user routers and ground communications systems, need to be covered by comprehensive satellite security. Assets in space are under non-kinetic threat. Adversaries can employ a range of strategies to disrupt or destroy ground-based and satellite systems. Satellite operations can offer thieves multiple options for hacking through Earth-bound entry points. One of the drawbacks of satellite systems is the need to use long-range telemetry for communication with ground stations. The open protocols used to transmit the uplinks and downlinks are accessible to cybercriminals.
Malware that allows hackers to take control of the devices, shut them down, or break contact with the ground can be uploaded to satellite terminals. Col. Jennifer Krolikowski, the former chief information officer for Space Force’s Space Systems Command, claims that a cyberattack might even cause a satellite to overheat to the point of exploding in a “kinetic boom.”
The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security formed a Space Systems Critical Infrastructure Working Group last year. The group operates under the auspices of the vital Infrastructure Partnership Advisory Council (CIPAC) and brings together parties involved in the vital infrastructure of the space system. Its members include leaders from business and government.
It is an honor for me to be a part of that working group, and shortly there will be activities and recommendations on cybersecurity for space systems targeted at the sector. The working group’s function is particularly crucial as networks shift from terrestrial (land-based) communications to cloud-based communications, which use satellites to transport data across long, international distances. CISA Launches a Space Systems Critical Infrastructure Working Group | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) would have to assist in defending commercial satellite owners’ and operators’ networks against disruptive cyberattacks, according to bipartisan legislation drafted by U.S. Senators Gary Peters (D-MI) and John Cornyn (R-TX) called The Satellite Cybersecurity Act.
The legislation mandates that CISA compile suggestions for voluntary satellite cybersecurity, including advice tailored especially for small enterprises, to assist firms in determining the most effective ways to safeguard their networks. To guarantee that businesses can quickly obtain cybersecurity tools and advice tailored to satellite-specific networks, the bill also mandates that CISA create an online resource that is accessible to the general public.
The Act will also require the Government Accountability Office to do a study on how the federal government promotes cybersecurity in the commercial satellite industry. It will guarantee that the potential effects of network vulnerabilities in commercial satellites on vital infrastructure are better understood. To strengthen federal government collaboration in addressing cybersecurity risks to these systems, the bill also mandates that the National Space Council and the National Cyber Director create a plan.
A new publication by the National Aeronautics and Space Administration (NASA) is a must read for space systems security. NASA’s Space Security Best Practices Guide was released to support mission cybersecurity efforts for both public and private sector space activities, as space missions and technology become more interconnected. NASA has explored uncharted territory for all of Earth’s inhabitants since its founding in 1958 by pushing the bounds of science and technology.
NASA’s ongoing commitment to assisting in the development of precise cybersecurity guidelines for its space systems, as embodied in its Space System Protection Standard, is reflected in the handbook. The manual was created by the government in order to promote the objectives of Cybersecurity Principles for Space Systems, Space Policy Directive 5.
Beyond NASA, the Space Security Best Practices Guide was intended for use by industry, international partners, and other professionals involved in the developing fields of space exploration and development. 7.22 – Space Security: Best Practices Guide – SW Engineering Handbook Ver D – Global Site (nasa.gov)
Europe’s, and The Global Response to Securing Space Systems
Currently, no formal global treaties exist that forbid cyberattacks against satellites and other space systems. Security has been primarily regional although international cooperation is growing, particularly between NATO countries and the United States.
In the EU, there has been a rise in the development and use of space assets for defense and security objectives due to the EU and its Member States’ recognition of the importance of space and defense. European Union leaders have approved a shared defense plan for space assets for the first time, urging the 27 member states to increase their capacity to respond when needed as well as their awareness of space threats.
The heads of state of the member nations, the president of the council, and the president of the commission recently endorsed the “Space Strategy for Security and Defense,” which was written by the European Commission.
The development of space and defense capabilities is progressing, thanks to a number of European Defence Fund and permanent structured cooperation (PESCO) initiatives that are building the capacities the EU will require in these areas. The civil, defense, and space industries are looking to collaborate. Additionally, as it works to strengthen its alliances on space security, such as those with the United States and the North Atlantic Treaty Organization, the EU is becoming increasingly involved in global governance concerning space-related matters.
To sustainably support a safe European space sector is a shared goal of the European Space Agency (ESA), the European Union (EU), and the European Commission. The ESA sees security in space and on earth as being inextricably linked for resilient and secure connectivity. The goal of ESA’s ARTES 4.0 strategic programme line, “Space Systems for Safety & Security,” is to improve safety, resilience, and security in society through the development of innovative, secure satellite communication systems and their integration into public and commercial terrestrial networks.
The concern over threats to space systems is not limited to the United States or Europe. Prioritizing space security has also been emphasized recently by Japan. Their Space Security Initiative will list the steps required for space security over the next ten years, in accordance with Japan’s 2022 National Security Strategy, which calls for outlining the agenda and policies pertinent to space security.
Traditionally spearheaded by the Indian Space Research Organization, India’s space endeavors seem low-key. However, with collaborative security measures with allies in both the US and Europe, it is beginning to change.
India’s decision to invest in military space capabilities has been prompted by broader trends in space security throughout the world as well as particular events in the Indo-Pacific, particularly from China.
A growing number of allied nations are depending on space capabilities as a vital and unexplored area for information exchange and surveillance. Through the monitoring of hostile threats and geopolitical movements, their combined duties have a major effect on security.
Safeguarding space systems requires it. A thorough understanding of satellite security is necessary for both terrestrial and orbiting satellites, including end-user routers and ground communications systems. It is crucial for nations to work together to protect the ground, satellites, data, and relays, among other system components.
For science and emerging technologies, this will be an extremely fascinating and perhaps transformative decade. We are just beginning to explore the ways in which new technological applications can influence our global community’s accomplishments. There is little doubt that space systems will play a major role in that journey if they remain secure.
About the author:
Chuck Brooks serves as President and Consultant of Brooks Consulting International with over 25 years of experience in cybersecurity, emerging technologies, marketing, business development, and government relations. Chuck also serves as an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity.
Chuck has received numerous global accolades for his work and promotion of cybersecurity. Recently, he was named the top cybersecurity expert to follow on social media, and also as one top cybersecurity leaders for 2024 along with a very select group of industry and government colleagues. He has also been named “Cybersecurity Person of the Year” by Cyber Express, Cybersecurity Marketer of the Year, and a “Top 5 Tech Person to Follow” by LinkedIn” where he has 116,000 followers on his profile.
In his career, Chuck has received presidential appointments for executive service by two U.S. presidents and served as the first Director of Legislative Affairs at the DHS Science & Technology Directorate. He has also served in executive roles for companies such as General Dynamics, Rapiscan, and Xerox. Chuck has an MA from the University of Chicago, a BA from DePauw University, and a certificate in International Law from The Hague Academy of International Law.