A cyberattack is not an indivisible threat — it can take many shapes and hues, and have disparate entry points, veiled actors and have debilitating effects when launched by an adversary.
Space systems often face ambushes from various attack vectors, including orbital, kinetic and electronic warfare, but they are equally vulnerable to digital threats. Cyberattacks can occur across multiple theatres — affecting space assets, communications links and ground operations — within a space system architecture and are often overlooked while building a larger narrative of cyberthreats, including those targeting critical infrastructure (CI).
Satellites are more prone to risk than often perceived. The National Institute of Standards and Technology defines a cyberattack,1 via cyberspace, as one that targets an enterprise by destroying or administering a computing infrastructure in a hostile manner, or by undermining the integrity of data or pilfering proprietary information.
The rapid progression of knowledge around space technologies has attenuated the construct of “security by obscurity” for space systems. Satellites have become more digitized and digitally piloted, thereby expanding the surface area of incursion. The adversary can use a variety of modi operandi to disrupt, disable, destroy or maliciously control satellites or their ground-based systems. These attacks range from “script kiddie” attacks, mainly by individuals on the ground, to nation-state-level attacks, including supply-chain incursions or space-based attacks.
As space systems grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space-cyber issues. This view is problematic because digital threats are relatively cheap to advance compared to other anti-satellite (ASAT) technologies. Additionally, cyberattacks can target an entire constellation of satellites.
Cyberthreats to Satellites
Like other high-tech systems, space systems are entirely based on information systems and networks, not only during their design and manufacture, but also from launch until the space vehicle is finally abandoned in space and allowed to burn out. Its core systems, such as telemetry links to ground stations, channels for data transmission and onboard controls, are all extremely vulnerable to malicious acts designed to deny, degrade or disrupt their operations. Deflection of a hacked satellite from its orbit could potentially be disastrous. Hostile cyber activities could take various forms: spoofing sensor data; tampering with sensor systems to make them generate false responses; jamming command links; sending malware into the software controlling spy or communications satellites in orbit; and even denial of service attacks for ransomware. For satellites, loss of mission data (a severe event in the case of military surveillance satellites in times of war), decreased lifespan in orbit, loss of positive control of space platforms and so forth could potentially affect the outcome of such attacks.
In apparent recognition of these threats, the US government released its “Memorandum on Space Policy Directive-5: Cybersecurity Principles for Space Systems” in 2020 (The White House 2020). The SPD-5, as it is known, has designated space as CI and given it the same priority for a cybersecurity shield as other CIs.
India’s Space Program
India’s space program was conceived in 1962 and actioned in 1969 with the founding of the Indian Space Research Organisation (ISRO). The Indian government instituted the Space Commission of India (the Space Commission) and the Department of Space (DoS) in mid-1972 and brought the ISRO under the management of the DoS in September 1972. India launched its first satellite in 1975.
India’s space program has been adapting to changing paradigms in the security environment in Asia. It dedicated its first military satellite, GSAT-7 (Chhina 2022), to the Indian Navy in August 2013; this move was intended to enhance space-based maritime communications and has improved India’s maritime security capabilities. The GSAT-7 replaced the British Inmarsat, long used by mariners for satellite communications.
In August 2015, India operationalized its second military satellite, the GSAT-6, which provided secure communication channels to the military. The military’s communications have been further reinforced through GSAT-7A, launched in 2018. Another achievement of the ISRO has been the electromagnetic intelligence-gathering satellite, launched in 2019, which can intercept enemy radars.
Because of the vast maritime domain for which it is responsible, the Indian Navy has been investing heavily in space-based assets. In 2012, it operationalized the Communications, Space and Network Centric Operations to oversee and manage its space-based capability. The Indian Navy aims to move from a “platform-centric navy” to a “network-enabled” force.
As an overall coordinator among the three services, the Defence Space Agency (DSA) was established in 2018 as a core around which a possible Indian Aerospace Command could be ultimately built.
Indian Policy and Regulatory Framework
India is part of most existing treaties dealing with space exploration and usage as a maturing space power. These treaties include:
- the Outer Space Treaty, signed in 1967 and ratified in 1982;
- the Convention on International Liability for Damage Caused by Space Objects, recognized in 1979;
- the Agreement on the Rescue of Astronauts, the Return of Astronauts and the Return of Objects Launched into Outer Space, endorsed in 1979; and
- the Convention on Registration of Objects Launched into Outer Space, agreed to in 1982.
The primacy accorded to the space domain can be gauged by the fact that the Indian space program falls directly under the Prime Minister’s Office and is managed through the Space Commission and the DoS.
The Space Commission, charged with policy formulation, is, in turn, implemented by the DoS.2 The ISRO is the lead agency in space research and development. The Indian space program’s aim is to “harness, sustain and augment space technology for national development, while pursuing space science research and planetary exploration.”3 Fishermen in coastal parts of the country use the Indian National Centre for Ocean Information Services4 to determine areas ideal for fishing. The ISRO started its telemedicine program5 in 2001 to ensure medical access in remote regions of the country.
Three policy doctrines govern space regulations. The Remote Sensing Data Policy,6 revised in 2011, lays down the ground rules for distributing and using satellite remote sensing data by private users, both from Indian and foreign space platforms. The National Frequency Allocation Plan of 2018 is based on the International Telecommunication Union’s Radio Regulations (2016 edition). India formulated its satellite communications policy in 1997.
India’s future success in space requires it to be a vocal contributor to space policy making.— CIGI (@CIGIonline) February 1, 2023
To learn more, read "Cyberproofing India’s Space Assets" by @TobbySimon: https://t.co/x5IyWDPUdp pic.twitter.com/EjQMLQ46Jt
Indian Space Infrastructure
Over the years, India has developed end-to-end capabilities in the space domain and posited itself among the world’s leading spacefaring nations. Established in 1958, the Defence Research and Development Organisation (DRDO) is responsible for designing, developing and producing state-of-the-art weapon systems. The DRDO successfully executed the homegrown Integrated Guided Missile Development Programme (IGMDP), which pivoted India into the nuclear club.
The DoS, which manages the ISRO (established in 1969), spearheaded India’s leap into space. The Indian military space programs, except for the IGMDP, are also supervised by the DoS.
The Defence Space Research Organisation (DSRO) is tasked with researching space warfare (Raghuvanshi 2019). The research products are shared with India’s newest space agency, the DSA, for developing counterstrategy and space-borne military systems (Negi 2021a). It currently has several military satellites in its arsenal and is also supervising the ballistic missile program in coordination with the DRDO (Raghuvanshi 2005).
Critical infrastructures increasingly depend on position, velocity and timing services provided by satellite-based navigation and augmentation systems, some foreign-owned.
The Indian National Space Promotion and Authorisation Centre (IN-SPACe) was established in 2020 as part of India’s pursuit of atmanirbhar (self-reliance). IN-SPACe is an independent nodal agency under the DoS, allowing space activities and usage of DoS-owned facilities by non-government private entities.
Critical infrastructures increasingly depend on position, velocity and timing services provided by satellite-based navigation and augmentation systems, some foreign-owned. These would also be vulnerable to cyberattack and malware. Accordingly, the DoS has established a robust and reliable navigation system called NavIC (Navigation with Indian Constellation) (Chan 2021; Negi 2021b) and an augmentation system called GAGAN (GPS Aided GEO Augmented Navigation) (Press Information Bureau 2020). This system’s vulnerability, unless cyber hardened, needs no elaboration.
Protecting Indian Space Assets
With its aggressive pursuit of space weaponization, China will morph space into another arena to challenge India. China can also direct its advanced cyber capabilities at Indian space assets to deny New Delhi critical data acquired or received by its satellites and conduct kinetic attacks to destroy them.
Two important facets of India’s national security space narrative are the growing buildout of China’s space infrastructure and Pakistan’s missile capability, with tactical implications for India’s border areas. First, China’s substantial intelligence, surveillance and reconnaissance (ISR) capacity in its border conflicts with India in the Ladakh region (Express Web Desk 2022) to the west and Arunachal Pradesh to the east has meant a growing justification within India to advance its ISR capabilities and augment its command and control (C2).
Mindful that the Line of Actual Control (LAC) between China and India is located in the higher Himalayas and challenging to monitor with human intelligence, the development of an “eye in the sky” or satellite surveillance adds to strategic forecasting and mapping capabilities of any intrusions in the contested areas. In May 2020, deploying such satellite-based support, China’s People’s Liberation Army crossed over to the Galwan River valley on the Indian side of the LAC, resulting in an India-China border skirmish and the deaths of 20 Indian soldiers and an undisclosed number of Chinese soldiers (Singh 2020).
The second major subcomponent for developing India’s national security space infrastructure is the altercation between India and Pakistan across the Line of Control in Kashmir and cross-border terrorism, an ongoing attribute of the disputed border between the two countries. Pakistan’s growing missile capacity and the Kashmir dispute imply the need for India to develop its satellite-based ISR and strength.
These are not idle postulations as, in the recent past, China-based cyber operations have supposedly targeted India’s energy and transportation sectors. Chinese hackers targeted power grids in northern India over the last several months, including in March 2022, as reported by Secureworks, a US-based private cybersecurity firm. The company said the seven targeted State Load Despatch Centres (SLDCs) were “in proximity to the disputed India-China border in Ladakh” (The Defense Post 2022). Using a malware family called ShadowPad, an advanced modular remote access trojan, Chinese hackers targeted SLDCs in northern Indian states, as reported by Recorded Future (2022), a Massachusetts-based cybersecurity firm that specializes in collecting, processing, analyzing and disseminating threat intelligence.
In addition, the DoS conducted the ISRO space situational assessment in 20217 and published it in March 2022. Growing threats of space objects, including orbital debris colliding with operational space assets, have become a perennial problem for outer space’s safe and sustainable use. These threats restrict unhindered access to space and prompt all space actors to take appropriate measures to mitigate them.
Over the years, India has been upping its organizational structure to deal with cyberthreats. The National Cyber Coordination Centre, under the Ministry of Electronics and Information Technology, generates situational awareness of existing and potential cybersecurity threats. The centre enables timely information sharing for individual entities’ proactive, preventive and protective actions.
The Indian Computer Emergency Response Team is the nodal agency within the Ministry of Electronics and Information Technology that deals with cybersecurity threats such as hacking and phishing.
While the latest National Cyber Security Strategy conceptualized by the Data Security Council of India does not mention space infrastructure, it does recognize the importance of cyber diplomacy.
Military Space Capacity
India’s DRDO has advocated for hypersonic launch vehicles, small intercontinental ballistic missiles and ASAT capability with the capacity to strike targets in both low-Earth orbit and geosynchronous orbit (Peri 2021).
Since 2000, India has invested in its military space capacity, significantly expending on developing high-resolution satellites for tactical military operations and generating ISR. A significant surveillance failure during the Kargil War in 1999 occurred when Indian intelligence failed to intercept Pakistani intrusion into Kargil (Bajoria 2008). The Technology Experiment Satellite, launched in 2001, was India’s first military application satellite.
In 2004, India established the National Technical Research Organisation to monitor ISR and unmanned aerial vehicles. India has about 15 military application satellites, with the GSAT-7 dedicated to the Indian Air Force but shared with the Indian Army. The need for higher-resolution imagery, especially along the disputed China-India border, has become a priority.
The geopolitical aspect of China’s enhanced military and counterspace capacities is influencing India’s strategic decision making. The contribution of satellites to space situational awareness, ISR and C2 led to India’s decision to establish a Space Security Coordination Group in 2010, chaired by its national security adviser, and, in 2019, the DSA and a centre dedicated to the development of military space capacities within the DRDO (Associated Press 2019).
The ISRO will build the Indian Navy’s communication satellite, GSAT-7R, at a cost of US$225 million, with an expected launch date in 2023. Such dedicated satellites for India’s defence forces enable communication between their warships, drones, aircraft and ground units.
In March 2019, India tested an ASAT weapon,8 as part of Mission Shakti (DRDO 2019), against the Microsat-R target, executing the test to minimize long-lasting debris. The RAND report on Responsible Space Behavior for the New Space Era: Preserving the Province of Humanity stated that “in March 2019, an Indian ASAT test generated approximately 400 fragments that will decay in weeks or perhaps a few months because the target was orbiting at less than 300 km. As of the end of 2019, less than 20 pieces of the debris created from the Indian ASAT test earlier that year remained on orbit” (McClintock et al. 2021, 17–18).
India’s space program rests on three pivots: nationalism, entrepreneurship and national security. Space accomplishments demonstrate India’s prowess as a technological power and add to its prestige on the global stage. The critical role that space plays in nuclear command, control and communication; military C2; global positioning systems; positioning, navigation and timing; and ISR is a vital driver for India to invest in its space program.
As a progressive space power with higher aspirations, India must strategize and, more importantly, implement a comprehensive, unified and systematic policy that protects space assets from kinetic attacks and cyberwarfare. Traditional cybersecurity measures designed for terrestrial systems, such as perimeter defence, access control and accountability, are outdated to counter these new threats. Instead, a comprehensive and evolving cybersecurity strategy with global collaboration that strengthens all systems used to launch and operate satellites will be critical going forward.