3. Threats, Risks and Trends
Cybersecurity threats and risks represent a systemic challenge to modern society. A system-level response is therefore the only viable approach, enabling the full set of agencies and organizations to work together in a synergistic and complementary manner. However, collectively harnessing the myriad national, regional and international agencies and organizations that characterize the space industry is not amenable to central organization and direction. What is required is a mutually agreed framework within which strategic and operational approaches can be networked so as to cross-fertilize information and foster an innovative, self-governing and accountable culture.
The intersection of space security and cybersecurity is not a new problem, but it has remained largely unrecognized as a potentially significant vulnerability. It thus remains unaddressed in practical mechanisms. This is despite the increasing dependence on the space-related goods and services to support modern communities as space becomes increasingly intrinsic to all elements of national and international infrastructure. Even outside the space domain, cybersecurity cultures across national and international communities are immature and inconsistent in their development.
The intersection of space security and cybersecurity is not a new problem, but it has remained largely unrecognized as a potentially significant vulnerability.
Although there is now a growing recognition of the problem, many national space security policies,20 even those in countries where cybersecurity is more advanced, have been slow to identify the significant cyber risk to space-based assets. Moreover, very little is as yet being done to address cybersecurity at a system-of-systems level.21
The dialogue on cybersecurity in space cannot be confined to a broad but fragmented approach by individual states and international organizations, albeit each acting in good faith. National approaches in isolation will do little to mitigate harm already being experienced in space assets. So far, however, no international body has taken on the challenge, and so there is a gap in the international dialogue and plans for action. A lack of consistency in the internationalized domain addressing threat-response vulnerabilities has resulted in a failure to examine the range of risks. In common with other domains, such as the civil nuclear industry, the lack of documented or reported events in the space cyber domain leads to a false sense of security: little seems to be happening, little is likely to happen, and so what is the point in adopting any countermeasures? But the evidence suggests that imagining the risk to be small could be a fatal blunder.22
Mapping the threats
Cyberthreats against space-based systems may be classified as follows:
- States setting out to create military advantages in space, or seeking to steal strategic quantities of intellectual property and having sufficient computing power to crack encryption codes, for example;
- Often well-resourced organized criminal elements seeking financial gain;
- Terrorist groups wishing to promote their causes, even up to the catastrophic level of satellite collisions with space debris including a cascade of collisions – called the Kessler Effect,23 denying the use of space for all actors;
- Individual hackers who simply want to prove and fanfare their skills;
- Any combinations of the organizations and individuals above.
And their methods would be:24
- Jamming, spoofing and hacking attacks on, for example, communication networks, by using space infrastructure;
- Attacks on satellites, by targeting their control systems or mission packages, perhaps taking control of the satellite to exploit its inherent capabilities, shut it down, alter its orbit (perhaps thereby ‘weaponizing’ it), or ‘cook’ or ‘grill’ its solar cells through deliberate exposure to damaging levels of highly ionizing radiation;
- Attacks on the ground infrastructure, such as satellite control centres, the associated networks and data centres, leading to potential global impacts (for example on weather forecasting systems, which use large quantities of space-derived data).
International cooperation will be crucial in any response to space-based cyberthreats, and is at the heart of current debates, for the following reasons:
- Large numbers of satellites orbit the Earth, traversing all territories, and their uplinks and downlinks are transmitted via ground stations from all around the world;
- These satellites are used worldwide, whether for communications, Earth observation or precise navigation and timing capabilities;
- Satellites are built with components from an internationalized supply chain.
Space is thus no longer a technological playground for the privileged few countries involved in sending humans to the moon, spying on others or putting communications leviathans into geo-stationary orbit.
For some states, there is still the simple allure of national prestige to be gained by entering the space race, with the successful launch of a sovereign vehicle being seen as a demonstration of technological achievement. More importantly, however, an ever increasing number of countries and private enterprises are commissioning satellites or buying timeshares in satellites for an equivalent number of reasons; and market forces and technological advances are leading to lower-cost launches, smaller and more reliable satellites, and satellite constellations that can provide aggregated capability. As service providers become more aware of how space can be used, they are looking to satellites to deliver reliable, cheap and persistent capabilities that support commercial enterprises.
Factors such as these are now bringing space capability into the reach of states, international organizations, corporations and individuals that 10 years ago had no realistic ambition in this domain. The space market in both the upstream (the building of rockets and vehicles) and the downstream (goods and services enabled by space technology – i.e. the ‘applications’ market) is estimated to be worth £125 billion per annum today, and some £400 billion by 2030.25 This suggests long-term double-digit growth. Entrepreneurship will create disruptive influences as the commercial opportunities provided by space become mainstream. Reductions in launch costs, miniaturization of payloads, standardization of data outputs and increases in capability are giving space mass market status, such that a wide variety of payloads can, and will, be put into orbit.
Space is thus developing from a domain for selective use by wealthy states or well-resourced academia, into one in which market forces dominate. Importantly, this will entail risk-management decisions on how much to spend on each mission’s security. Space-based offerings in the commercial domain now include capabilities possessed a few years ago only by government security agencies: Earth observation optical satellites seeing in 16 spectrum bands able to detect specific materials to a resolution of approximately 25 cm; radar satellites able to detect millimetric movements of buildings, terrain or vehicles; high-definition Earth observation CCTV, now being trialled in the International Space Station (ISS); commercial organizations rather than government agencies contracted to resupply the ISS, now using rockets that return to base and make a controlled soft landing.
To give some examples of the vulnerability of satellite systems, a draft report to the US Congress in 2011 recorded that at least two US environment-monitoring satellites had suffered interference four or more times in 2007 and 2008. A Landsat-7 Earth observation satellite built by NASA and managed by the US Geological Survey experienced 12 or more minutes of interference in October 2007 and July 2008. A NASA-managed Terra AM-1 Earth observation satellite suffered similar interference for two minutes or more on a single day in June 2008, and at least nine minutes on one day in October 2008.26 The US National Oceanographic and Atmospheric Administration (NOAA) reported that its Satellite Data Information System was taken offline in September 2014 after a serious hacking incident; this denied high volumes of data to weather forecasting agencies around the world for 48 hours.27
Figure 1 provides a general overview on future trends in space usage. This indicates that the global space-enabled economy is truly in a period of market-driven change.
Figure 1: Satellite roadmap overview: Future trends in space usage, 2020–35
2020 |
2035 |
|
---|---|---|
New Space |
||
Launchers |
Rocket-based: semi-single use |
Early tests for space planes, multiple air-launch solutions |
Microsat air-launch: up to 650 kg |
Heavy air-launch: up to 6,000 kg |
|
Nanosat constellations |
Increasing constellations of various sizes |
Targeted launch to bring low-capability microsats |
Larger constellations: up to 100s |
Ubiquitous coverage and redundancy |
|
COTS avionics technologies |
Level-1 and -2 data product processing On-board reconfigurable computing and soft-core processor upgrades |
RAD-Hard/MIL-SPEC computing processing capabilities equal to contemporary COTS |
Widespread use of MEMS for altitude control |
System-on-a-chip avionics |
|
Optics |
Mechanized pointing |
Aperture synthesis using nanosat constellations assemblies |
Miniaturized and compact optical arrays |
Deployable structures to increase aperture |
|
Micropropulsion |
MEMS microthrusters |
High-effort orbital manoeuvres |
Simple electric propulsion |
High-effort orbital manoeuvres |
|
Satellite Communication |
||
Broadband |
Performance: 2 MB/s |
Performance: 200 MB/s |
Global capacity: 10 TB/s |
Global capacity: 100 TB/s |
|
Broadcast |
100 million users, £50/month |
1 billion users, £5/month |
Data-intensive media |
||
Mobility |
Enable users |
Empower users |
1 million users, £200/month |
1 billion users, £2/month |
|
Always connected |
||
Network resilience services |
Point–point link performance: n x 100 MB/s – microwave |
Point–point link performace: 1 TB/s – optical |
Mobile backhaul: 10,000 nodes |
Mobile backhaul: 1 million nodes |
|
Internet of things and M2M |
Internet of things |
Autonomous system, self-optimizing |
1 million devices, £10/month |
1 billion devices, £0.10/month |
|
Earth observation |
||
Resolution |
0.25 metres |
0.10 metres |
Revisit time |
Several a day |
Several an hour |
GEO satellites and LEO constellations, HAPS and UAS |
||
Continuous surveillance |
||
Processing method |
Early on-board processing |
Complex on-board satellite processing, e.g neurosynaptic chip |
Cloud computing, high-performance computing |
New business models |
|
Synthetic Aperture Radar |
Ground-based InSAR capabilities |
Near-real-time ability |
Multi-frequency |
||
Fully polarmetric |
||
Spectral bands |
16 spectral bands |
50+ spectral bands high resolution |
Position, Navigation and Timing |
||
Outdoor position accuracy with a mass-market device |
1 metre |
0.1–0.5 metres |
Indoor position accuracy |
0.5–2.5 metres |
0.1–0.5 metres |
Miniature atomic clock accuracy |
Lose 2.5 picoseconds in 1 second |
Lose 2.5 femtoseconds in 1 second |
Time to first position fix for cm-level accuracy |
15–300 seconds |
1–20 seconds |
Vulnerability protection on a mass-market device |
Against multipath |
Against spoofing |
Against jamming |
Source: Satellite Applications Catapult, https://sa.catapult.org.uk.
To manage this appetite for space, the sector has to cater for increased demands in, for example:
- Satellite orbits that require deconfliction;
- Satellite constellations in which vehicles communicate with each other on an autonomous machine-to-machine basis;
- Data relay systems to reduce latency in delivering data;
- Satellite-based internet services involving a plethora of access points around the world;
- Supply chains of multinational corporations providing space-enabled goods and services, involving internationalization of the various tiers of suppliers.
The pace of change in space technology and the unregulated market forces that then demand development of space offerings are deepening to the extent that space is significantly interwoven with our daily life. In the near future, if it is not already the case, the space domain, including its ground elements, will be permanently embedded in the global infrastructure. This infrastructure, which accounts for trillions of data transactions every day, involving communications, precise navigation and timing, Earth observation (and the more niche space observation), means that space must now unavoidably be regarded as a constantly expanding and changing domain in which market applications are constantly developing at a pace that governments cannot control.
It is hard to map this change, even if segments or niches of space-related structure can be traced accurately. A chart of ‘how space works’ or ‘how space delivers’ can only be transiently accurate, a snapshot. Likewise, attempts at increased national-level regulation of the space sector to install structured approaches in the supply chain will bring resistance from powerful commercial organizations which constantly seek advantage through early adoption of quick-to-market offerings; regulation tends to be the antithesis of innovation and the exploitation of commercial opportunity.
Threat pathways
The threat pathways are hugely complex, but the main strands can be summarized as follows:
- Increasing numbers of individual satellites and constellations providing an ever-increasing number of entry points;
- Increasing connectedness through communications paths, and increasing connectedness of satellites while in orbit;
- Autonomous communications paths to billions of devices with little opportunity for humans to intervene;
- An international supply chain of satellite components, with the associated uncertainties about provenance and standards of production;
- The imperatives of speed to market, forcing designers and manufacturers to skip or pay only passing attention to important security controls;
- Security costs that are disproportionate to the costs of manufacture of smaller and cheaper satellites;
- Back-door holes in encryption and otherwise secure control systems.
But what are the likely consequences of cyberattacks on space infrastructure? There are many potential outcomes (suggesting that a response mechanism has to be flexible enough to cope with the unpredictable nature of attacks), but examples would include:28
- Reduction in national security or defence capability;
- Reduction in capacity of communications, observation capability or navigation precision (perhaps through denial of service attacks);
- Corruption of communications, including precise timing systems, leading to lack of confidence;
- Denial of orbits following a contrived collision;
- Destruction of a space vehicle, or holding it to ransom;
- Destruction of a complete launcher and payload assembly, possibly during the launch phase, putting the uninvolved general public at risk;
- Corruption or deletion of data being transmitted from satellites;
- Interception of communications including sensitive intellectual property;
- Rerouting of communications to allow easier interception;
- Jamming of signals or spoofing of data (discussed in more detail below).
Mapping threats, assessing vulnerabilities
Discussion at the Chatham House expert roundtables concluded that traditional approaches in vulnerability assessment, with their origins in physical security methodologies, are no longer applicable to this problem. Space is changing from a domain where the development of technology, principally via academic research, was the determining factor, to one where market forces are driving an ever more rapid pace of change. For example, the market is increasingly hungry for bandwidth to satisfy the demand for internet-based services, for more precise timing and navigation systems to enable new capabilities such as autonomous vehicles, and for better provision of analysed data to provide better situational awareness of incidents on Earth and in outer space.
The life cycle of technology in satellites is completely different from that of most other technologies in the critical infrastructure. Many satellites – depending on their purpose, function and orbits – are designed to have very long lives. As a result, the technology installed in them and in some ground systems can become obsolete, creating serious legacy problems. The pace at which technology evolves makes it hard, or even impossible, to devise a timely response to space cyberthreats. Humans too are affected by different ‘digital ageing’ and legacy issues; younger people use space-based and cyber communications in ways that make it harder for older generations to understand the range of threats. But older people are often the senior decision-makers, and therefore need to understand the technologies far better than many currently do. This points to a need for ‘digital bridging’ between both human and hardware generations, in which both are updated and adapted to enhance system resilience.
Security is not simply created through agencies and operators; it is also achieved through coordination with manufacturers, software developers and operators. Numerous parties contribute to developing the integrated systems for typical satellite operations, and as with any complex technical architecture, the more parties are involved, the greater the vulnerability. Further problems arise as space becomes more cluttered. For example, there is a severe lack of available frequencies for space-based communications; orbit allocation is becoming increasingly problematic; and the amount of space junk is rising to critical levels.
Overall, the costs associated with cybersecurity – such as to guarantee the performance of each part of the various space missions – are high and rising. If the commoditized supply chain, constrained by the need to deliver profit to stakeholders, is not able to meet these costs, vulnerabilities will increase further. The problem becomes even more acute with low-cost space missions, where the commercial price of implementing cybersecurity measures rivals the value of the mission and makes little economic sense to the operator.
In addition, although standard-setting can reduce costs, in some cases standardization will serve to make some systems more prone to attack because the strength of the system is often only as good as the weakest point. Maximizing interoperability and efficiency could therefore inadvertently weaken the whole networked system by allowing threats to concentrate on the more vulnerable segments – most probably in the smaller and less expensive satellites where the cybersecurity components have been neglected on grounds of cost. Commercially attractive solutions are needed.
Secure encryption seems to be the most plausible response to cyberthreats to space assets, although it has its limits. Some security is better than no security – as long as the experts know what that security is capable of providing and what its limitations are. Part of the problem appears to be that neither the cyber community nor the space community understands the security requirements and vulnerabilities of each other’s domain. However, the cyber and space communities do not just lack knowledge; they also need a wider understanding of the concept of security. The biggest limit to security might be the high costs that the different stakeholders are faced with; not all of them are prepared to spend a considerable amount of money to protect their systems.
Clearly there is a need to assess the level of vulnerability and manage the risk. How to ensure that introducing a solution does not inadvertently introduce a new, even worse problem is an important consideration. Solutions can never be a simple matter of technology but will always require a combination of different elements and approaches. The ‘market’ will not, for example, wait for long-winded security processes to be developed and imposed and for subsystems to be assessed for compliance. If such controls are imposed more rigorously in country A than country B, then systems integrators will simply switch allegiance from A to B. Thus the imposition of rigid controls to increase levels of cybersecurity assurance in the space market will be met with resistance on both the supply and the demand side, as such controls will be seen as impediments to innovation, market development and progress more generally.
Market trends
The market changes currently under way present problems in both analysis and delivery of solutions. Whereas a ‘technology push’ paradigm can force compliance with protocols such as ‘secure by design’, a ‘market-pull’ environment forces suppliers to speed up development and production in order to create competitive advantage. The temptation for these suppliers to cut corners in areas that are secondary to achieving the much desired early-adopter position, in which maximum financial returns are gained, becomes compelling; experience shows that those shortcuts are likely to include cybersecurity measures to a greater or lesser degree.
The controls required by a cybersecurity response to the threats that exist at the intersection of space and cyberspace are unlikely to cause problems where there is already a culture of regulatory compliance (such as in defence and intelligence). Elsewhere, however, where cash is king, the rules regarded as impediments to sales are much more likely to be circumvented; stakeholders will not become energized, cyber responses will become disjointed and allow plenty of opportunities for attack from those who wish either to jeopardize the space infrastructure or to use that infrastructure for destructive purposes.
The transition observed is truly towards the commoditization of space, a trend away from military and research, to one where ‘the market’ (in which there is a persistent need to innovate in a data-hungry world) holds sway. The pace of change can only quicken as launch systems become cheaper (through ‘low-cost access to space’ initiatives) and more reliable. In this unique environment, the world is on the cusp of a new dynamic in which the issue of cybersecurity has not even caught up with the old, just as a major change in market forces and corresponding supply chains is under way. What is becoming increasingly obvious is that there needs to be a radical review of cybersecurity in space. This more universal access now provides just such an opportunity for significant changes.
One of the key attributes of the new order must be an imperative to instil a culture of cybersecurity in the commercial supply chain that must be sympathetic to the fast-moving market and new technologies such as quantum computing, that allows (or even enables) innovation and that has a normative function. A lightly regulated framework should be selected as the default position, and the insurance industry could serve to create a level playing field and a set of incentives. Instead of the highly regulated and highly secure defence and intelligence segment driving policy, business interests would then become the principal driver of cybersecurity within the space sector.