1. Introduction
Space is a vital part of national and international infrastructures. Since the launch of the first artificial satellite, Sputnik 1, in 1957, humanity has used space for the purposes of communication, monitoring the environment, collecting intelligence, conducting vital scientific experiments, and providing data for global positioning, navigation and time keeping. Countries are increasingly dependent on global satellite capabilities for national and international infrastructures, which include systems governing the navigation of aircraft and ships, military manoeuvres, financial transactions, the internet and telecommunications.
Strategic space capabilities are generally composed of three elements: a space segment, a ground segment, and a user segment – also known as an uplink, a downlink and a crosslink – that transmit telemetry data.1 Military commanders, staff and senior decision-making cadres within NATO receive mission-significant data through products2 – e.g. space imagery and weather maps – and services3 – e.g. satellite communications and position, navigation and timing (PNT) data – provided by member states with space capabilities. Although emerging technologies such as artificial intelligence (AI) and the Internet of Things (IoT) could be force multipliers for space capabilities,4 increased prevalence of cyber means may also challenge the integrity of data carried through these technologies.
Most countries either own satellites or have a stake in space-based assets for meteorological purposes and communications.5 The functioning of all satellites is dependent on cyber technology, including software, hardware and other digital components. Any threats that could impact a satellite’s controls, reliability, or bandwidth availability would pose a direct challenge to national critical assets.6 If cyberthreats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security. Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning. In the event of crisis escalation, such as in Ukraine, the Middle East or in South Asia, the assumption is that weapons systems will perform as planned. But this should not be taken for granted. It is mission-critical for NATO to manage, preserve and protect space capabilities, inter alia, by means of agreements and policies. Understanding space vulnerabilities and ensuring that mitigation measures and redundancies are in place, will help to protect NATO’s space capabilities.
NATO’s missions and operations are conducted in four areas: air, land, cyber and sea.7 Space-based architecture is fundamental to the provision of data and services to all domains. Therefore, any vulnerability in space infrastructure will likely spread to other domains.8 The critical interdependency between space and other domains increases the threat of cyber risks, which disproportionately affect mission assurance. Investing in mitigation measures and in the resilience of space systems are key priorities in protecting all domains.
Since NATO relies on the space-based assets of its member states and allies, any consideration of mitigation measures – such as systems redundancy and increased technical resilience – would require the consent and involvement of all parties.
There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyberthreat to space-based command and control systems. It is difficult to define what constitutes a country’s strategic military assets. Depending on where they are deployed, even short- to medium-range ballistic missiles or tactical nuclear weapons may be viewed as strategic assets.
There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries.
Strategic military systems depend heavily on space-based assets for navigation and targeting, timing, positioning, command and control, operational monitoring, intelligence gathering and reconnaissance, among other functions. However, the increasing vulnerability of space-based assets, ground stations, associated command and control systems, and the personnel who manage the systems, has not yet received the attention it deserves. This is particularly true in regard to the so-called ‘New Space’ revolution: the growing role of the private sector in space. For example, during the Iraq war of 2003–11, there was a 560 per cent increase in the US reliance on commercial satellites for military purposes.9
Policy influencers and policymakers are struggling to grasp the full impact of cyber vulnerabilities in the context of both space-based assets and strategic systems. Just as with physical attacks on space-based assets – such as anti-satellite weapon (ASAT) strikes10 – cyberattacks have the potential to wreak havoc on strategic weapons systems and undermine deterrence by creating uncertainty and confusion. Cyberthreats pose a significant and complex challenge due to the absence of a warning and speed of an attack, the difficulty of attribution, and the complexities associated with carrying out a proportionate response. Given the progress made in the areas of strategic conventional weapon systems – for example, the development of advanced cruise missiles and hypersonic glide vehicles – it is essential for NATO and its allies to be able to rely upon space-based systems for early observation and detection; this may enable them to identify and attribute activities and to launch effective, calibrated responses. Cyber technology and innovation are accessible across much of the world, levelling the field and creating opportunities for states outside the NATO alliance – such as China, Russia and North Korea, for example – to instigate high-impact attacks on allied-owned strategic assets.
This research paper will first introduce the cyber risks to strategic systems, through an evaluation of threats, vulnerabilities and consequences. The paper aims to frame the problem by analysing ongoing incidents, and to conduct an analysis of threats and resilience measures in order to offset the risks. Second, it will discuss cyber risks for specific space-dependent strategic weapons systems. Third, it will explore mitigation measures against such cyber risks, through examining NATO’s capability development approach, which is known as DOTMLPF-I (doctrine, organization, training, materiel, leadership, personnel, facilities, and interoperability).