Kinetic weapons capabilities and the debris clouds they create have long dominated news headlines and space diplomacy. Such capabilities and consequences have also long been key considerations of space security. Our current understanding of space security, pioneered by the Space Security Index report two decades ago, can be defined as the safe, “secure and sustainable access to, and use of, space and freedom from space-based threats” (West 2019, v); this concept emphasizes the security of outer space as a distinct environment that is to be preserved for the safe, sustainable and secure use by all humans.
Much has changed in the last 20 years. Not only has the use of outer space flourished around the world, but the technology that allows the use of outer space has developed rapidly, often with unpredictable effects. The intersection between space-based technology and cyberspace (the space-cyber nexus) is at the heart of both.
For example, satellites increasingly participate in cyberspace, which is the internet’s virtual platform for communication and information. Tens of thousands of new satellites are expected to bring broadband internet and other digital connectivity services to billions of people around the world, signalling an unprecedented era of access to and use of both space and cyberspace.
At the same time, space systems — networks of satellites, ground stations, computer systems, software and end users — are increasingly vulnerable to cyber intrusions that target these systems, which collect, transmit, use and control the flow of data, as well as the data itself. Such vulnerability to cyber interference is significant, with the list of cyber incidents against satellite systems growing.1
Humans are both more dependent on space assets and more vulnerable to disruptions of those assets than ever before. So, while space security is increasingly valuable and relevant, its achievement is complicated by the space-cyber nexus.
This essay examines the safe, secure and sustainable use of space from the perspective of the context of the evolving space-cyber nexus. The implications are far from simple. Greater digital inclusion and access to space juxtapose benefits and value for civilians who gain new access to essential services with new threats to international peace and security, complications for operational safety and the need for an expanded view of sustainability. Ultimately, cyber connections bind Earth more closely to outer space. Thus, it is no longer sufficient to view space security as the security of a discrete location that is distinct from Earth. Our new reality demands a shift to a more Earth- and human-centric view that accounts for the vulnerabilities not only of outer space but of the people on Earth who use space assets.
The Hot-War Risk of Hybrid Threats
Space is increasingly viewed by militaries as a domain of warfighting. Key targets of space warfare are the lines of communication that transmit information and maintain the command and control (C2) of weapons systems, which are highly vulnerable to cyberattacks (United States Government Accountability Office 2021).
Cyber capabilities, less subjected to the physics of space warfare, can be used to conduct distributed attacks across an entire system, or multiple systems at once. But a big part of their appeal is that they do not go boom. Operating in the virtual realm, their use is often discreet. Although cyberattacks can cause large-scale disruption and even permanent damage to satellite systems, more often the harm inflicted is temporary, reversible and has limited impact on the environment (Rajagopalan 2019). Thus, the use of cyber counterspace capabilities is viewed as less escalatory than an attack by kinetic counterparts (Lonergan and Yarhi-Milo 2022).
Yet the effects of cyberattacks are far from benign: there is a real risk that their use could quickly escalate to a hot war or some other unpredictable disaster. In part, this is because the use of cyber capabilities is viewed as permissible in situations in which kinetic weapons are not. Tabletop exercises and simulations have shown that while there is reluctance to strike first kinetically, this same restraint does not limit the use of cyber capabilities (Secure World Foundation and Center for Strategic & International Studies 2017). The US military reports dealing with “reversible” (including cyber) attacks every day (Rogin 2021). But the very useability of such weapons introduces added dangers.
Cyber interference is difficult to detect, difficult to distinguish from unintentional or natural sources of satellite interference, and difficult to attribute to specific actors. And the fact that cyber capabilities are wielded not only by states but by non-state actors, including “hacktivists” or cyber vigilantes, only makes differentiating among perpetrators and intentions more difficult. Together, these factors make denials by perpetrators hard to disprove and increase the risks of miscommunication, misinformation and misperception that can drive conflict escalation in unpredictable and potentially dangerous ways.
Further compounding the risk is considerable uncertainty about the dynamics of conflict and escalation in space. US defence policy clearly states that the Department of Defense “has limited operational experience with conflict beginning in or extending into space” (US Department of Defense 2020, 4). And yet another layer of complexity is added by potential adversaries with the different conceptions of conflict escalation. For example, Russian officials have indicated that some types of cyberattack on satellites might be a cause for war. But the threshold is not well defined. There are real dangers that efforts to signal deterrence or test an adversary could have adverse effects.
Of particular concern is the potential vulnerability of nuclear weapons systems. Today, more than 13,000 nuclear warheads remain on Earth. Most are kept on high alert for rapid launch. Not only could they be used to respond to an actual kinetic or cyberattack on key assets in space, but they could also be used in cases of perceived or imminent nuclear attack. Critically, the systems for command, control, communications, computers, intelligence, surveillance and reconnaissance — which include real-time monitoring and early warning of missile launches and possible nuclear attacks — run through space.
Even when nukes are not part of the question, the consequences of cyberattacks could be escalatory military confrontations that begin in space but ultimately lead to war on Earth.
Interference — intentional or not — with these systems could cause confusion and inadvertent escalation, not least because interference with these systems is commonly viewed as a prelude to nuclear war (Acton and MacDonald 2021). Thus, any interference with the systems of nuclear C2 would create immense pressure to react pre-emptively. And because cyber activity against satellite systems is becoming so common, there is also a risk that benign sources of system malfunction could be misjudged.
Current extended nuclear deterrence strategies add to the risk. Both the United States and Russia claim to be willing to use nuclear weapons in response to “significant” non-nuclear threats, including a cyberattack (Klare 2019). For this reason, an escalation to nuclear war has been called “the biggest cyber risk in Ukraine” (Schneider 2022).
Even when nukes are not part of the question, the consequences of cyberattacks could be escalatory military confrontations that begin in space but ultimately lead to war on Earth.
Space Safety Gets More Complicated
The space-cyber nexus complicates efforts to achieve safe space operations, particularly of commercial satellites, which tend to be more vulnerable than military assets.
To date, space safety has focused on avoiding collisions in flight and damage from hazards in the space environment, such as orbital debris. Certainly, the space-cyber nexus will have a growing impact on these concerns. The expansion into space of the hardware of cyberspace — seen in the proliferation of massive constellations of satellites by companies such as SpaceX, Amazon, OneWeb and GalaxySpace — increases human access to space and cyber systems but also significantly increases the risk that satellites will collide and create catastrophic amounts of debris.
We must also consider the ways in which cyber capabilities could be used deliberately to harm both military and commercial satellites. It is feasible that cyber intrusions could allow satellites to be taken over and turned into projectiles that crash into other satellites (Akoto 2020). It is also possible that such intrusions would disable targeted satellites or cause secondary damage to render such systems unusable. An example of this occurred in 1998, when hackers took over the German ROSAT astronomy satellite and aimed its solar panels at the sun, overcharging and ultimately killing the satellite. Dead satellites then continue to pose safety risks to other objects and operators on orbit and can produce or turn into debris.
But the likeliest risk to space assets is earthbound: attacks that target computer systems on ground infrastructure, resulting in denial of service or information theft. Such attacks would put at risk not only actors who have assets in space, but also any actor linked to space through the shift to cloud computing, which sends data over vast distances via satellite (Brooks 2022).
These attacks are hard to prevent because the threats are constantly changing and the points of vulnerability are many, including not only computer systems and software, but also the complex web of components, services and providers that are the hallmark of satellite system supply chains. The multiple vendors required to supply components and assemble and integrate a satellite provide a variety of access points and opportunities for a hacker to compromise the hardware and/or software (Shadbolt 2021). The scope is even wider when the vast number of data and service providers linked to space systems is considered. Insider threats such as employee breaches are one more point of weakness (Lewis, Moloney and Ussery 2021).
Thus, we see that the risks to space operations and the remit of safety extend beyond space flight and safety in space to include ground stations and equipment, supply chains and safety of data. Daily concerns of space operators include “secure access management, secure execution environments, enhanced data encryption, and smart validation and authentication between sensors, gateways, and the software orchestration platform” (Inmarsat 2019, para. 6).
There are also safety risks to individual system users, who can be exposed to harm from cyber incidents and crimes such as data theft (Sharland et al. 2021). While access to cyber and digital platforms can enable greater inclusion and empowerment, these platforms are also sources of digital vulnerability and can cause significant harm to communities and individuals. Those that are more vulnerable are at increased risk; the internet is a key site of violence and discrimination against women, girls, and lesbian, gay, bisexual, transgender, queer or questioning and other sexualities (Broadband Commission for Digital Development 2015). These vulnerabilities to residents of Earth must also be considered consequences of the space-cyber nexus.
An Expanded View of Sustainability
Typically focused on such physical components of the space environment as orbital debris, space sustainability relates to the ability of humans to use outer space for peaceful purposes today and in the future. While this perspective on sustainability remains a pressing concern, the space-cyber nexus also requires an expanded view of sustainable use.
Increasingly, space is being used to provide critical services linked to cyberspace, such as broadband internet connectivity, to a broader segment of humanity, including underserved communities with persistently poor or no access to digital technologies (although there is some debate about the extent of this access). But achieving this goal through the use of large constellations of satellites in low-Earth orbit raises questions not only about safety but also about sustainability, including orbital carrying capacity and the potential for significant debris clouds if satellites collide (European Space Policy Institute 2022).
These constellations also raise important questions about who is included in the concept of sustainability. Growing congestion in space presents a direct challenge to the sustainable use of space by future actors. Today, only a few countries and private companies make intense use of orbital space. Will all actors, particularly developing countries that do not yet have many satellites, have equal access in the days to come? Will there be room for their satellites? The present configuration in space blatantly leaves out many, in particular “the world’s most minoritized communities, including Indigenous communities” (Venkatesan et al. 2020, 1043).
And let us not forget astronomers, who have monitored outer space for millennia, but now find that the reflective light from many thousands of satellites essentially “photobombs” astronomical images and impedes observation (Witze 2020).
There is growing awareness that the human cost of any war in space would be devastating on many levels.
On the other side of the nexus, the discussed vulnerabilities to cyber counterspace capabilities raise new challenges for the sustainable use of outer space by humans. It is hard to overstate the extent to which daily life on Earth is dependent on space systems. From banking to transportation to communication, weather forecasting, agriculture, mining, electricity grids, the internet and the movement of goods around the world, human lives depend on the physical hardware that populates outer space and the links provided by computer systems, data and ground-based hardware.
There is growing awareness that the human cost of any war in space would be devastating on many levels (International Committee of the Red Cross 2021). But seemingly minor disruptions to space systems could also result in crippling harm to human infrastructure and daily lives. Because space, cyber and data systems are so deeply interconnected, even a relatively targeted disruption of a satellite system could spread rapidly through vast networks that serve multiple types of users and spill over to unintended targets and citizens. For example, a Russian cyberattack on Viasat terminals in March 2022 targeted Ukrainian military C2 capabilities, but millions of other internet users also lost connectivity (see Laetitia Cesari’s essay in this series). The hacking of Global Navigation Satellite Systems capabilities, which serve billions of people across all sectors of society, has already had an impact on critical civilian infrastructure such as commercial airline service.
Such ripple effects are bound to become more widespread and common with the rise of the Internet of Things (IoT), which creates complex webs of connected computing devices, machines, data, objects and people. Space systems are a central IoT component.
Also worrying is the potential for the deliberate targeting of civilian infrastructure. The world is already witnessing a growing number of cyberattacks on public services such as hospitals and other elements of health infrastructure (Skahill and West 2021).
Once again, vulnerability is not equally shared. Commercial and civilian satellites are generally more vulnerable than those operated by the military. Services that rely on older legacy systems are more vulnerable than services from newly created capabilities. And, while the expertise and resources required to mitigate cyber vulnerabilities of space systems are extensive, they might not be equally accessible to all operators.
As might be expected, disruption of critical infrastructure systems, including those linked to space, is not experienced equally either. Entrenched inequalities, including those related to gender, are reflected in unequal digital security and vulnerability (World Economic Forum 2022). While initiatives such as the UN Space4Women are being developed to give women better access to and use of space-based capabilities, we must also be aware that because of entrenched gender roles and biases in the design of infrastructure, women tend to be disproportionately affected by disruption or loss of access (Morgan et al. 2020). (We should note that the determination of which services are deemed critical is also related to gender.)
Because of the impacts that cyberattacks can have on civilian infrastructure and civilians themselves, there is a growing movement to develop a human-centric approach to cybersecurity (Kumar 2021). Although it seems clear after all the discussion of interconnectedness that such an approach must include the outer-space environment, recognition of space systems as critical infrastructure has been slow in developing (The White House 2021). With the focus remaining on national security and industry users, there appears to be almost no awareness of the civilian, humanitarian and gendered significance of space-related infrastructure.
Bringing Space Security Down to Earth
At first glance, the space-cyber nexus can seem to be a highly technical, even esoteric concern. It is anything but. Unravelling just some of the connections related to the security, safety and sustainability of the use of outer space reveals an intricate web of connections between outer space and Earth’s inhabitants. Yet it is still the case that the many people who depend on outer space for essential services are often overlooked in conceptualizations of space systems. So, too, are the civilian and humanitarian impacts of security threats in space and disruptions to the use of space. But when we adopt a human-centric view of space security, we see clearly just how essential the security of outer space is to the security of Earth.