The space domain is undergoing a significant set of changes. An increasing number of countries are looking to use space to enhance their military capabilities and national security; this has also led more countries to look at developing their own counterspace capabilities that can be used to deceive, disrupt, deny, degrade or destroy space systems. While much of the debate over counterspace capabilities has focused on those that are physically destructive, cyberattacks on space systems are perceived as being viable threats and, in fact, are being employed during active conflicts. However, they do run the risk of inadvertent escalation and could lead to misunderstandings, miscalculations or mistrust. This essay will examine the nature of cyber as a counterspace capability, discuss how its unrestrained use could lead to overall instability and argue cybersecurity should become a key part of demonstrating responsible space behaviour.
Who Is behind Cyberattacks on Space Systems?
Multiple countries likely possess cyber capabilities that could be used against space systems; however, actual unclassified examples of cyberattacks are limited. China, Iran, North Korea, Russia and the United States have all demonstrated the ability and willingness to conduct offensive cyberattacks against non-space targets, so they potentially could also do the same against space systems. Additionally, there is an increasing number of cases of non-state actors seeking out cyber vulnerabilities in space systems. Generally speaking, though, it has been hard to get a clear picture of the state of cybersecurity of space systems because of an extremely strong reluctance by the space sector to speak publicly about and acknowledge cyberattacks.
There has been one very public example recently of a cyberattack against a space system. Russia’s February 2022 invasion of Ukraine was accompanied by a cyberattack against the Viasat network’s ground stations. The cyberattack released a wiper malware called AcidRain (Goodin 2022), damaging thousands of Viasat users’ satellite modems and taking them offline until patches could be applied (or, in cases where users could not connect to the internet at all to download the patches, new modems were physically sent to them). While Russia was the immediate suspect, this was not officially confirmed by other governments until May 2022, when US Secretary of State Antony Blinken announced, “The United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries. The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine” (Blinken 2022). While Russia, as of writing, has not confirmed it was behind the cyberattack, it is largely thought that Russia’s goal was to disrupt Ukrainian military communications to increase confusion around the time of its physical invasion of Ukraine (Page 2022).
As an interesting aside, in the early days of Russia’s invasion of Ukraine, there were reports that the hacker group Anonymous had accessed the control centre of Roscosmos, Russia’s civil space agency, and that Russia had “no more control over their own spy satellites” (Tangermann 2022). These reports were denied by Dmitri Rogozin, then-head of Roscosmos, who also added, “Offlining the satellites of any country is actually a casus belli, a cause for war” (Reuters 2022).
US intelligence officials responded to this hack in an atypical manner: by organizing a classified briefing for space executives where they gave those without an active security clearance (which was apparently not an insignificant number) a temporary one so that they could attend. According to Erin Miller, executive director of the Space Information Sharing and Analysis Center, there had been a “surge of attacks on space systems happening this year,” but “if I were to detail out any of the specifics, I think that’d be crossing the line” (quoted in Waterman 2022). There is still a reluctance by the space community to discuss openly specifics about hacks due to concerns about reputational damage, which hampers a complete response, as does unwarranted classification. In fact, in March 2022, the Cybersecurity & Infrastructure Security Agency requested “that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity” (Cybersecurity & Infrastructure Security Agency 2022) as a response to this cyberattack and the general geopolitical outlook, adding that it and the Federal Bureau of Investigation would update the advisory as “new information becomes available so that SATCOM providers and their customers can take additional mitigation steps pertinent to their environments” (ibid.).
Cyber as a Counterspace Weapon
Space systems have three parts, all of which are needed for the system to function properly: the satellites in orbit, the communications and data being sent to and from the satellites, and the ground stations that control the satellites or receive the data and signals from them. Satellites and other space assets are vulnerable to cyberattack. States actively pursuing the means to disrupt, damage or destroy any of those space system elements can inadvertently escalate existing tensions, or possibly even cause conflict on Earth to extend to space (or vice versa). There is an increasing number of techniques and tools to threaten each part of a space system. As a result, cyber capabilities are critically important to the overall space environment and the stability and predictability of space assets.
Often overlooked for the flashier kinetic counterspace threats, cyber has long been perceived as a usable capability, but little has been openly discussed about its actual use. This needs to change as space capabilities have become an attractive target for cyber counterspace efforts (Weeden and Samson 2022). Kinetic attacks are very obviously traced back to their perpetrator and (if successful) can leave physical debris in Earth’s orbit that can, in turn, endanger other spacecraft, including those of the attacker. Cyberattacks have plausible deniability in terms of who the aggressor is and, depending on the nature of the attack, generally do not leave debris in orbit. Furthermore, cyberattacks are seen as being temporary and reversible in nature (Harrison et al. 2022), so they are perceived as being less escalatory in nature and thus more usable than, say, a direct-ascent anti-satellite missile interceptor.
The issue is that the recipient of a cyberattack does not know that it is only temporary, and it is not guaranteed that the consequences are immediately or even eventually reversible. This interference with the information from or access to space assets can thus be inadvertently escalatory, particularly if it happens during a time of heightened tensions on the ground. Furthermore, it is unclear how the laws of armed conflict apply to space capabilities. The application of international humanitarian law and military rules of engagement in space is still being worked out, largely through two independent but mostly complementary efforts called the McGill Manual on International Law Applicable to Military Uses of Outer Space (Jakhu and Freeland 2022), which covers how rules apply to military use of space during times of peace, and the Woomera Manual on the International Law of Military Space Activities and Operations,1 which covers how international law is applicable to military space operations. In the interim, it is possible that a cyberattack on a space system may cross a red line for the recipient country and unintentionally provoke an armed response.
Cyberattacks against space systems are similar to cyberattacks elsewhere: they frequently involve attempts to input user-provided information into a system that causes software to perform unexpectedly, also known as “bugs.” Depending on their makeup, bugs can be used to run unauthorized code, crash systems or gain unauthorized access. Other common cyberattacks attempt entry into a system by exploiting poor or non-existent authentication of users and commands. The more software features or components in the system, and the more types and channels of data it processes, the higher the number of possible vulnerabilities for a cyberattack.
What is considered a proportional response to an attack that was not at the behest of a state actor?
There are concerns about the vulnerability of the global supply chain: because of its growing complexity, if there is a cyberattack, it is often unclear as to who the liable party is (or where the breach was, so it can be fixed). The supply chain also leads to multiple points of entry for determined hackers and can have second- or third-tier providers who are largely unaware of the role they play in ensuring space is protected against cyber intrusions. Communication between satellites and their ground-control stations or between satellites themselves can be interfered with or intercepted by outside actors; this could lead to a service disruption that could have widespread impact (Shadbolt 2021). Data relay stations that process data or other parts of a space system’s ground infrastructure could be attacked or profiled as a possible point of entry, as could users of a space system. As with non-space cyberattacks, the human factor is a major point of vulnerability (Holmes, n.d.).
Complicating matters is that these attacks can be done by state and non-state actors, given that the threshold for attempting a cyberattack is low and there are many access points to a space system. What is considered a proportional response to an attack that was not at the behest of a state actor? And how can it be determined who a non-state actor is working for, if anyone? New entrants to space mean new entry points for attacks, particularly if cybersecurity is not baked into a space system’s design from the very beginning. As well, there is an increased use of commercial-off-the-shelf components for many satellite networks, which drops the cost of developing and launching a new space asset, but also swells the number of points for possible cyber intrusions. Along those lines, the development of the Internet of Things means that many more devices are going to be connected, which, again, increases the number of potential entry points for cyberattackers.
The rise of hosted payloads can make it challenging to ensure resiliency. Cybersecurity vulnerabilities in one payload could open the rest to vulnerabilities, as satellite buses are often designed to freely communicate across their various platforms without considering the separate payloads’ levels of cybersecurity hygiene (Bailey et al. 2019). Legacy satellite operators tend to have older satellites, which are based on even older technology and were largely designed and built before cybersecurity was a serious consideration for satellite operators. (Interestingly, newer satellites, in particular constellations that are undergoing constant iteration such as SpaceX’s Starlink, have the potential both to be designed with cybersecurity in mind and to be able to update or patch known vulnerabilities once they have been identified in the replacement satellites that are launched.)
Finally, the distinction between cyberattacks and electronic warfare (such as radio frequency interference) is often unclear, with the two frequently being used in tandem, representing a growing sophistication in cyber counterspace tools and techniques.
The covert nature of #cyberattacks makes it difficult to pinpoint who is behind attacks against satellites.— CIGI (@CIGIonline) February 2, 2023
Satellite operators need to take cybersecurity threats seriously and continuously patch exploits, argues @VSamson_DC. Learn more here: https://t.co/c5KP49sTVi pic.twitter.com/V5updzHCp6
Military Utility of Cyber Counterspace Capabilities
Cyber weapons do have various advantages in terms of the military utility they can offer, both in terms of replacing more traditional counterspace capabilities and as a complement to them. First, they can create a wide variety of effects and thus can tailor themselves specifically to their target to generate the type of preferred result. Second, they often have an easier time gaining access than conventional weapons, which require more proximity to achieve their objectives. Third, the attribution of their starting point is much harder to do than for conventional counterspace weapons, so the aggressor can relatively easily deny responsibility for the attack (something that is virtually impossible for, say, a ground-launched interceptor). Fourth, an offensive cyber capability can be easier and cheaper to get than other counterspace capabilities, given the low barrier to entry and the fact that concurrent systems that other offensive counterspace systems require (such as space situational awareness, telemetry and command operations) are not needed for cyberattacks to be effective.
Cyber counterspace capabilities do have some negative aspects from a military utility perspective. Because attribution is so hard to do, cyberattacks are not great as tools for signalling intent or deterring future actions. Because of this, they can inadvertently lead to escalation in conflicts. Also, it is challenging for the actor behind the cyberattack to know if the attack was successful, or even if it occurred.
Responses to Mitigate Space’s Cyber Vulnerabilities
The increasing worry about cybersecurity of space assets can be seen by a concurrent increase in governance and bureaucratic buildup attempting to mitigate this vulnerability. For example, the United States released its “Space Policy Directive-5: Cybersecurity Principles for Space Systems” in September 2020 (The White House 2020a). It is intended to provide a whole-of-government framework to safeguard space assets, noting, “Effective cybersecurity practices stem from cultures of prevention, active defense, risk management, and the sharing of best practices” (ibid.). A few months later, in December 2020, the Donald Trump administration released the most recent US national space policy, which stated that the US government shall “seek to ensure space systems and their supporting infrastructure, including software, are designed, developed, and operated using risk-based, cybersecurity-informed engineering” (The White House 2020b, 18) as well as work with industry and international partners to promote and socialize best practices and mitigation. The US Space Force is comprised of nine deltas (roughly equivalent to Air Force wings); it has created Delta 6 to be responsible for defensive cyber operations. Lieutenant General Stephen Whiting, commander of the US Space Force’s Space Operations Command, has noted, “Cyberspace is the soft underbelly of our global space networks” (Erwin 2022).
More broadly, there are steps that any space actor can take to strengthen its cybersecurity. Being a responsible space actor should involve baking in cybersecurity from the very beginning of satellite or space network development: waiting until the satellite is in orbit to think about this, makes it a much bigger challenge and thus more expensive to mitigate. Cybersecurity of space systems is relevant to all, not just the more established space actors or the megaconstellation operators, and thus it should not be slated as something for the emerging space actors to get around to after all other technical challenges have been met (if they have the time and inclination). Given the interconnectedness of space systems today, cyber vulnerabilities in one actor can have ripple effects elsewhere. Along those lines, best practices, norms or regulations for cybersecurity of space should be approached in a manner that does not hamper new actors’ access to space.
The Viasat hacking underlined that often the most vulnerable part of space infrastructure is not the satellites in orbit but the stations on the ground: the non-space parts of a space system can be and are greatly threatened. The space sector often overlooks that leg of the space system triad, but it is a very crucial part. If the information cannot be disseminated, it is of little use and, again, the ground segment is much more accessible than a satellite hundreds or thousands of kilometres away from Earth.
Actors openly sharing information about cyberattacks, much like financial services organizations do to strengthen their responses to them, can help as well. Currently, while it is fairly certain that the space sector is threatened by cyber challenges, there are very few open-source examples of this threat being widely talked about. This observation is true for both government satellite operators (who often keep information classified), as well as commercial satellite operators (who frequently try to keep information about hacks from becoming publicly known out of concern for them affecting their business). If nothing else, perhaps the discussions prompted by the Viasat hack will lead to a new state of openness about cyber vulnerabilities so that satellite operators can share information about points of weakness and how to counter them.
Improving space situational awareness (SSA) can help mitigate the seriousness of cyberattacks. SSA can be defined as the knowledge and characterization of space objects and their operational environment to support safe, stable and sustainable space activities. SSA is foundational for determining patterns of life — satellite behaviour in orbit — to understand what is normal and what is abnormal, plus it helps clarify when intent is unclear. Specifically related to cybersecurity, SSA can help with overall transparency and identify sources of anomaly and malfunctions to avoid unplanned escalation.
Cybersecurity of SSA is an issue as well. “Responsive” SSA involves the sharing of SSA and space traffic management data with a wide variety of stakeholders. In the past, the concept of sharing and refreshing a catalogue of space objects was seen as a key aspect of SSA. However, it is not sufficient to just discuss a catalogue of entities; activities such as conjunctions, manoeuvres and emissions must also be shared. Thus, it is essential that all parties have confidence that the data is shared reliably and securely to enhance space operations assurance without eroding security.
Cyber counterspace is not only perceived as a usable counterspace capability but is also actively being used in current conflicts. Therefore, the cybersecurity of all space actors — and all parts of space systems, in particular the ground segments — is key to ensuring that space is secure, stable and accessible to all over the long term. Cybersecurity of space systems is a crucial part of being a responsible space actor and should be prioritized accordingly.