The Human Role in Cybersecurity Vulnerabilities

Speaker: Brian Gallant

January 30, 2023

The Human Role in Cybersecurity Vulnerabilities

Topic Video - Brian Gallant - CIGI Thumbnail

The Human Role in Cybersecurity Vulnerabilities

Brian Gallant

This video is part of Cybersecurity and Outer Space, an essay series that explores space governance through three themes: space security and risk, international governance challenges, and global perspectives and the pursuit of inclusivity.

Cyberattacks on space-based assets, such as communications and Earth observation satellites, are an effective way to interfere with military and national security activities and to interrupt private sector business for competitive advantage or ransomware-style attacks. Cybersecurity best practices are just as important to space-based equipment as they are to systems on Earth. Constructing, launching and operating a satellite involves a complex supply chain in which a cyber vulnerability could be introduced at any point. These vulnerabilities can sit idle until long after the satellite is in orbit.

In this video, Brian Gallant, CEO of Space Canada and former premier of New Brunswick, explains how the cyber vulnerability is most often intentionally introduced by a human. There are several factors, such as the human operator simply ignored cybersecurity best practices because they do not believe them to be important. More nefarious examples include a human who is bribed or blackmailed into adding a vulnerability by a foreign adversary. The human weak link makes for an ideal target: “For malicious external actors, targeting the human element is often much simpler than other forms of hacking and cyberattacks,” explains Gallant.

There are several ways to strengthen cybersecurity in space-based systems. Gallant outlines a few examples, including improving understanding and teaching of cybersecurity best practices in elementary schools, post-secondary institutions and STEM courses; greater transparency and communication between providers, including the private sector and governments to disclose vulnerabilities and attacks as they occur; and, finally, continuously updating and patching systems for future protection.

Space-based systems play such an important role in our daily lives. They support services that greatly enhance our collective quality of life; they facilitate commerce and enable economic opportunities; they help first responders respond to disasters and emergency situations; they provide us with telecommunications, GPS, Earth observation and data that is essential to fighting climate change; and they inspire us and help us better understand who we are, where we come from and where we’re going. In short, space systems are vital to daily activities today and will be vital to human aspirations for the future.

Just as we’ve seen with Earth-based systems, cyberattacks can happen to space-based systems too. And because of their interconnectedness and the importance of these systems, attacks can happen from anywhere by state and non-state actors wishing to cause harm.

Cybersecurity and the security of space-based systems is critically important. Think of it this way: certain attacks can disrupt vital systems such as banking, communications, government services, military assets and more.

While there are several forms of cyberattacks, we can’t forget that the cyber domain is human created and that the human remains the major threat to cybersecurity.

Some tech leaders have broken these human threats into four categories:

The first category has been coined as the pawn. This is a category of people who are unaware and are often manipulated into facilitating a cyberattack.

The second category is one they call the goof. In this category, we find people who bypass security practices because they underappreciate the threat their actions pose. People from the goof category account for 90 percent of all insider threats.

The third category is the collaborator. This category’s title is pretty self-explanatory: these are people who are actively working with outside entities such as competitors or nation-state actors to create cyber vulnerabilities.

And, finally, the lone wolf. This is a category of people who are often enjoying levels of higher security privileges and are often motivated by financial gain.

As you can see, there are many ways that the human link can play a central role in creating cyber vulnerabilities. For malicious external actors, targeting the human element is often much simpler than other forms of hacking and cyberattacks.

There is a massive supply chain involved in constructing, launching, operating and sustaining a satellite. There are so many actors in the supply chain providing parts and services from end to end that at any point in the process, a vulnerability could be introduced.

Managing the challenge of cybersecurity in space is made more complicated by the lack of a central authority monitoring all these activities. Governments and militaries have their own set of protocols and processes, sure, and so does the private sector, but there’s little commonality or coordination between all parties.

This is where governments can be leaders by setting standards, strengthening education — for example, by instilling cybersecurity best practices through STEM courses in elementary right through to post-secondary. And, finally, governments can be leaders by recognizing that space infrastructure is critical to human activities and prosperity and that there is a need to prioritize its protection. Space Canada also suggests that the Government of Canada create a National Space Council to help coordinate all of its policies, investments and programs regarding space.

The private sector has an important role to play as well. For businesses involved in any way with national security-related space systems like satellites, radar, and ground stations supporting situational awareness and telecommunications, they need to think about cyber defence as part of the product’s entire lifecycle by constantly looking for vulnerabilities — human or otherwise — and taking action to address them immediately.

And, finally, we need information sharing between governments and the private sector — observing the right protocols, of course — when incidents happen.

Both the space domain and the cyber domain offer immense potential for humanity as we look to address environmental, social and economic challenges. Let’s recognize the importance of space and cybersecurity, and let’s work together to minimize the threats to both domains to ensure a prosperous and peaceful future.

For media inquiries, usage rights or other questions please contact CIGI.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.