2. Cyber Risks to Space-based Strategic Systems
Risk is a product of probability and consequence. However, since estimating the probability of a cyberattack is unreliable at best,11 this paper focuses on the qualitative nature of potential threats, vulnerabilities and their impacts. Without knowing the actual likelihood of an event happening, it is still possible to assess threats and likely degree of exposure, which can identify potential resilience measures. In essence, the priority of NATO and its allies should be the readiness of their forces to identify potential threats and defend critical assets, rather than the likelihood of cyberattacks on space-based strategic systems. This approach minimizes risk by taking preparedness, resilience and continuity into the equation. Furthermore, it does not require detailed knowledge of an adversary’s motivation and capability.
Cyberattacks are a different beast to traditional forms of aggression. Whereas electronic attacks use physical means (such as jamming or ‘spoofing’) to interfere with the transmissions of radio frequency signals and cause reversible damage, cyberattacks employ digital manoeuvres to target data and access systems in order to cause permanent damage.12 Electronic warfare methods can physically cut out communication signals that go to satellites (upstream) and come back from satellites (downstream). The attacker could send fake signals (spoofing) and trick the system without the knowledge of the receiver. In a cyberattack, however, an adversary would be able to gain full access to satellites as well as data, enabling them to cause permanent damage.13
Spoofing information through cyber means is a more sophisticated form of jamming. In times of conflict, global positioning system (GPS) digital spoofing – which involves digital interception and manipulation – permits the transmission of false information without the awareness of either the transmitter or the receiver. This approach could be used to disorient troops or even control their deployment. In order to mitigate risks, military forces should have the means to validate information integrity and detect spoofing and manipulation of data. One possible approach would be to educate and train personnel in alternative navigation methods as a minimum requirement for those working for NATO and its allies.
Cyberthreats to strategic systems
Cyber research is a fast-moving and constantly evolving area of science, and the scope of cyberthreats that countries face is on the rise as malicious actors find new ways to infiltrate weapons systems.
The use of electronic warfare methods and cyberattacks in peacetime illustrates the blurred lines of engagement between nations even in the absence of conflict. According to Norwegian military and NATO officials, Russia persistently jammed civilian GPS signals during NATO’s 2018 Trident Juncture exercise in Europe’s High North region, which highlights the growing threat. In November 2018, NATO Secretary-General Jens Stoltenberg stated that electronic warfare and cyberattacks were increasingly being used in operations.14 It was also reported that NATO officials believed Russia is testing this capability through its large-scale exercises, such as Zapad 2017, which was conducted jointly with Belarus in September 2017.15
According to the Consultative Committee for Space Data Systems (CCSDS), the most common cyberthreats to the space segment, ground segment and space-link communication segment include data corruption/modification; ground system loss; interception of data; jamming; denial of service; masquerade (spoofing); replay; software threats; and unauthorized access.16 There is also crossover between offensive and defensive activities in cyberspace and space, given that – technologically – offence is easier and more cost-effective than defence.17 Furthermore, space-related personnel are vulnerable to cyberthreats. Social engineering is becoming an important tool when used by adversaries, and – whether it occurs deliberately or unwittingly – the potential for people to constitute the weakest link in cyber defence is an increasing reality.18
The nature of cyber activities must evolve from being purely defensive to include active, persistent engagement, in order to disrupt attackers of western critical space-based capabilities. Given the importance of space-based systems to critical infrastructure that supports NATO military capabilities, it would be prudent to assume that an adversary is already active in these networks and focus on resilience measures. This increases urgency for advanced techniques, such as AI and machine learning (ML),19 to identify and respond to modern threats.
Both China and Russia prioritize electronic warfare, cyberattacks and superiority within the electromagnetic battlespace as part of a strategy to achieve victory in future operations. Available doctrine from these nations highlights a key focus on preventing adversarial satellite-based communication systems from impacting their operational effectiveness20 – a focus shared in US military planning and policy.21
Russian space capabilities and their cybertechnologies pose particular threats to NATO. For its navigational system, Russia relies on its own satellite system GLONASS (Global Navigation Satellite System), rather than the US-provided GPS or the EU’s Galileo system. As part of a series of improvements to its communications technology and GLONASS, Russia is designing new navigation satellites, which are claimed to be highly accurate and longer lasting.22 Russia has been testing its capabilities in a hybrid context in Syria and in Ukraine, particularly relying on capabilities for jamming GPS signals to ground remotely piloted aircraft. It is reported to have conducted denial-of-service attacks on radio and telephone equipment, and to have attempted to steal encrypted military data.23
It is likely that several countries – such as the US, Russia and countries within the EU – will in future possess working quantum communications satellites.
China, too, is improving its space capabilities by investing in new areas of research, such as quantum communications satellite technology, which provides a new way to encrypt information transmitted between satellites, increasing the difficulty of hacking information.24 In this regard, China’s Micius satellite, the first of its kind when it was launched in 2016, may eventually be able to provide a quantum cryptography service.25 Other countries are following suit and it is likely that several countries – such as the US, Russia and countries within the EU – will in future possess working quantum communications satellites. The European Space Agency, for instance, signed a contract with Luxembourg-based SES Techcom SA to develop a quantum cryptography telecommunication system (to be known as QUARTZ).26 With this agreement, quantum communications have opened a new dimension in cryptography. Quantum capabilities are likely to make existing asymmetric-based, traditional cryptographic-based protection obsolete. The EU, the UK and the US are all investing heavily in a range of quantum technologies – including communication devices, computers and imaging enhancers.
Vulnerabilities to strategic systems
When analysing risk, understanding system vulnerabilities is as important as understanding the threat landscape. Threats alone would not pose a risk if there were no known vulnerabilities for an adversary to exploit. Similarly, system vulnerabilities would not always result in risk, especially in peacetime, when there is no incentive to attack or infiltrate.
In the military domain, some of the major system vulnerabilities include the use of commercial companies for military purposes; ‘back-doors’ in encryption; and the supply-chain security of satellites.27 This list can also be extended to include physical, personnel and procedural vulnerabilities. Risks also arise from the dual-use aspect of most of the space-related technology – where the technology can be used for both civilian and military purposes. For instance – whether fixed or mobile units – communications satellites and broadcasting satellite services have both civilian and military utility. Similarly, the utilization of satellite imagery capability in the civilian sphere for earth observations, environmental monitoring, and the provision of oceanographic and cartographic data, also extends to the military domain.28 There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications.
These capabilities aside, terminals located in ground stations constitute a critical vulnerability, as a terminal is an access point to a satellite and is usually not protected by authentication in order not to hinder operational actions. Terminals house software systems that can be compromised and require patching and upgrading. Moreover, software embedded in weapons systems (such as precision-guided munitions) could also be compromised.
At times, NATO allies procure equipment and software to be integrated into their national defence architecture, which becomes part of the overall NATO capability. The commercial supply chain is embedded in nearly every aspect of military equipment. This may not necessarily be a particular vulnerability, as long as commercial equipment is designed to military standards and is secure. However, if military standards are not met, items procured from commercial industry with design flaws may expose NATO’s systems to additional vulnerabilities.
While the absence of data is easy to detect, the manipulation of data or erosion of confidentiality at such an interface is potentially more difficult to discern.
Civil satellites, operated by private companies, may be used to fulfil specific missions in locations where NATO allies do not have their own space equipment. Ground stations constitute further elements that are relevant for the data flow. From a cybersecurity point of view, each interface could present a vulnerability and could become a weakness, as an interface typically requires manual processes to establish its operation, and/or the administration of the components involved. Adversaries infiltrating ground- or space-based systems could exploit weak software implementation, or the incompatibility of network or data transfer protocols in the chain. While the absence of data is easy to detect, the manipulation of data or erosion of confidentiality at such an interface is potentially more difficult to discern. Vulnerabilities can stem from:
- A higher number of data exchange interfaces used between the military and civil sectors;
- The fact that each actor has its own isolated view of its data network, protected by its own security standard;
- The use of old and proprietary IT hardware and software; and
- The failure or inability to conduct regular software updates to remove known vulnerabilities.
In such an environment, it seems difficult to ensure security of the information delivered.
Space-specific risks for the NATO alliance and for key NATO countries
Space systems, which include both satellites and ground stations, as well as related space products and services, provide mission-critical information both for NATO’s member states and for the alliance as a whole. NATO relies on space-based assets for almost all of its operations and missions.29 Some of the critical missions that rely on space assets include: defence of NATO’s territory and the neighbouring regions; peacekeeping missions; humanitarian assistance and disaster relief; counterterrorism; and conflict prevention activities.
NATO does not own satellites. It owns and operates a few terrestrial elements, such as satellite communications (SATCOM) anchor stations and terminals. It requests access to products and services but does not have direct access to satellites, leaving it up to its allies to determine whether they provide access to their satellite capabilities. NATO has established memoranda of understanding with allies for possible use of space products and services.
Originally, in the US, space systems used by the military were separated from commercial and civilian assets in terms of their development and operation.30 One of the reasons for this separation was to protect the military structure against physical and cyberthreats. Military space system safety and security requirements were also higher and more stringent than in the commercial sphere (for example, requirements to invest in survivability enhancement mechanisms in order to resist jamming, or special design approaches for military space architecture). In recent years commercial methods, for instance the capture and analysis of satellite imagery, have been shown to be as effective as military means. As a result, NATO uses a mix of military, civilian, commercial, and national/multinational assets to conduct its operations. The joint use of these assets, however, comes with an acceptance of inherent risk, not only to the countries that provide such capability but also to the alliance as a whole. In response, the European Defence Agency, through its Governmental Satellite Communications (GOVSATCOM) development programme, decided to build an intermediary class of satellites between commercial SATCOM and military SATCOM, with security requirements able to address the needs of critical missions, including crisis management.31
There is increased dependence on space-based systems in modern military engagement. During the US engagement in Iraq in 2003, 68 per cent of munitions were guided utilizing space-based means (including laser-, infrared- and satellite-guided munitions); this percentage had risen sharply from 10 per cent in 1990–91, during the first Gulf war.32 In its operations in Afghanistan in 2001, 60 per cent of the weapons used by the US were precision-guided munitions: these included bombs, missiles, and other weapons, many of which had the capability to correct their own positioning to hit the target, using space-derived information.33
Cyber vulnerabilities undermine confidence in strategic systems; they increase uncertainty in information and analysis, which impacts the credibility of deterrence and strategic stability. Loss of trust in technology also has implications for attribution and strategic calculus in crisis decision-making and may increase the risk of misperception.
This dependency on space-based technology has major implications for the way NATO conducts warfare today, and how it will do so in the future. For instance, in order to conduct precision strikes or earth observation through the use of unmanned aerial vehicles (UAVs – such as military drones), systems rely on so-called ‘beyond-line-of-sight’ (BLOS) communication via satellites – especially in times of crisis and conflict, since ground-based line-of-sight communications are vulnerable to physical attacks. Yet, cyberattacks on space technology or on the UAVs may lead them to misinterpret commands, or to lose contact with the command centre and fail in operation.
NATO currently uses six space-dependent capabilities for its alliance operations and missions:
- Position, navigation and timing (PNT)
- Intelligence, surveillance and reconnaissance (ISR)
- Missile defence
- Communications
- Space situational awareness (SSA)
- Environmental monitoring (weather forecasting)
The core functioning of these six capabilities for NATO operations includes:
- Providing communication in military operations and missions, for instance between a commander and their troops;
- Providing early warning, through detecting the hot plumes of a ballistic missile launch – thus, increasing the time available to respond to an upcoming threat;
- Providing a precise location for targeted strikes;34
- Providing imagery of targets, in order to observe, detect and analyse their status (situational awareness);
- Providing GPS for weapon guidance;
- Providing timing for secure communications; and
- Providing space surveillance and tracking.
The table below outlines the key roles for each capability:
Table 1: NATO space-dependent capabilities and their roles
NATO space-dependent capabilities |
Role |
---|---|
Position, navigation and timing (PNT) |
|
Intelligence, surveillance and reconnaissance (ISR) |
|
Missile defence |
|
Communications |
|
Space situational awareness (SSA) |
|
Environmental monitoring (weather forecasting) |
|
Identification is another important capability that is used in the NATO maritime domain for coastal tracking, and for identifying and locating ships and vessels. Using automatic identification systems (AIS), data is electronically transmitted between ships and the coastal stations. By providing similar functions, AIS supplements and provides resilience to maritime radar and is fundamental for avoiding collisions.36
NATO’s space-dependent capabilities have individual functions, as described above. These capabilities are also coupled to each other, with complex cross-dependencies, so that the loss of one capability may have a collateral impact on other capabilities. For instance, most of the assets that transmit communications to support command and control are also dependent on GPS for timing and synchronization.37 Although there would be a number of contenders for technologies of utmost importance to NATO missions and operations, preliminary research indicates that PNT signals (which utilize GPS) are a much-needed priority capability in almost all NATO operations.