4. Capability Requirements
The NATO Defence Planning Process (NDPP) identifies capability needs. These requirements can be identified through following the DOTMLPF-I (doctrine, organization, training, materiel, leadership, personnel, facilities and interoperability) capability development approach, which is analysed in detail for space capabilities (see below).
Doctrine and policy
NATO needs to revise NATO concept, policy and doctrine to encompass the use of space systems and assets in military capabilities. While doctrine provides the main principles by which military forces shape and guide their actions, policy provides the ‘prudent course of action or conduct to be applied in the application of a principle.’ 61 NATO has not yet agreed on a space doctrine. Currently NATO is developing a comprehensive Space Policy, which is a positive outcome of the 2018 Brussels Summit.62
As every NATO operation requires and depends on space capabilities, it is a fundamental necessity to develop a space doctrine to guide operations. Below are some guidelines for the development of such a doctrine:
- Identify the objectives, threats and principles;
- Identify the level of ambition regarding the extent to which NATO wants (or does not want) to become an autonomous actor in space;
- Define cyber offensive and defensive capabilities of allies, and cyber defensive capabilities for NATO;
- Set out minimum capability requirements for satellite services, with consideration of non-survivability of assets and significance of redundancy; and
- Define the interaction with other organizations, including in the private sector and partnerships. The NATO Industry Cyber Partnership, launched in 2014, allows NATO to develop new concepts for technological advancement. The senior cadres should prioritize science and technology to a higher level in their agenda. The NATO–EU partnership is also important, particularly because the EU’s Galileo navigational system could provide resilience to NATO systems.
Some of the issues cited above could be included in the forthcoming NATO Space Policy, rather than in a doctrine. For instance:
- A NATO Space Policy could identify the considerations of potential Article 5 incidents, which is the principle of collective defence. Cyberattacks that might disturb communications or destroy satellites are more likely to constitute part of a broader strategic campaign than an isolated incident. It is not the form a cyberattack takes, but the impact of such an attack that would lead NATO members to consider invoking Article 5.
- It is also worth acknowledging the geographical nature of Article 5. The North Atlantic Treaty (Washington Treaty) of 1949 states: ‘The Parties agree that an armed attack against one or more of them in Europe and North America shall be considered an attack against them all […]’. There is an interpretational challenge to this, as cyberattacks are not bound by borders; moreover, they can be initiated outside Europe or North America but might have an indirect impact on those continents. The same applies to attacks on space assets, since they lie outside territorial boundaries. The NATO Space Policy will need to take into account a geography that includes the ownership of these assets and the geographical impact of any cyberattack on or through them.
- NATO’s deterrence and defence policy involves ballistic missile defence (BMD), including interceptors, radars and the Active Layered Theatre Ballistic Missile Defence (ALTBMD) capability, which is a single battle management network that integrates all theatre ballistic missile systems, such as the Patriot missiles,63 the SAMP-T system,64 and the Medium Extended Air Defense System.65 Cybersecurity considerations should include space technology that is used within the BMD capability.
While developing capabilities through doctrine and policies, legal considerations also play a significant role. In the Wales Summit Declaration of September 2014, NATO leaders agreed that a cyberattack could trigger Article 5 (to be assessed on a case-by-case basis) and that cyber domain was a valid operational area (similar to air, sea and land). In principle, by extension, cyberattacks on space systems may fall within this framework. The main question is whether a cyberattack on a space system’s software without kinetic consequences might be considered as an armed attack that could trigger Article 5, or whether there must be direct or indirect kinetic consequences (such as the destruction of a satellite resulting in debris).66 There is also the question of the application of international humanitarian law (IHL). NATO has stated repeatedly that international law and IHL apply in cyberspace. The Tallinn Manual, a non-binding advisory document,67 also affirms the applicability of IHL to cyberspace. However, there are questions over differentiating cyberattacks against military objectives versus cyberattacks on civilian infrastructure, and over the assessment of the proportionality of a cyberattack prior to its execution. Realizing that civil and military assets are interlinked to a large extent, it is hard to estimate whether an attack is proportionate or not. Discussions with experts and NATO officials indicate that any Article 5 consideration would depend on the severity, consequences and political circumstances of an attack.
In future the use of emerging technologies, which includes AI, quantum-based cryptography, quantum computing and the development of space-based internet infrastructure, will define the future of warfare.
In future the use of emerging technologies, which includes AI, quantum-based cryptography, quantum computing and the development of space-based internet infrastructure, will define the future of warfare. Finding ways to transfer all necessary civilian capability to the military area with appropriate security measures could improve NATO’s capabilities, and incorporating a forward-looking approach to its doctrine and policies would benefit NATO in the long run.
Organization
Based on open-source analysis and on information shared among the members of the alliance, NATO is already mapping out the space capabilities of its allies. This will help assess both NATO’s existing resources and those that will be required. How quickly NATO can be fully operational in times of conflict and warfare and whether space is integrated into the planning structure are both important issues.
At the organizational level, the following considerations apply:
- The expertise on space technology rests with the private, public and military sectors. Strengthening the relationship across these three sectors would improve NATO’s organizational capacity.
- Although the cyber domain and space are intrinsically interlinked with each other, day-to-day tasks may hinder the development of common strategies by military staff. At the organizational level, there is compartmentalization. Increasing the coordination between the space and cyber communities would help to break down ‘silos’ (or barriers), and personnel could be trained in multifaceted skills.
- NATO could consider establishing new frameworks with the European Space Agency. One such framework that has already come under discussion includes the possible use of GNSS in military operations.
Training
Training is essential to create awareness and prepare the alliance for worst case scenarios. NATO could promote different types of training that would capture space security and system vulnerabilities to cyberattacks. Training areas could be selected through a lessons-learned analysis where former cases could be used to highlight areas of greatest need.
Some examples are as follows:
- At the political-strategic level, crisis management exercises (CMX), hybrid warfare exercises and similar training could incorporate cyber resilience and bring space elements into cybersecurity training.
- At the technical level, given the complexity of space systems, focused training, modelling and simulation would be key to ensuring design integrity.
- Bringing the technical and political communities together in training modules would be helpful. Often the political community and technical community do not metaphorically speak the same language and their concerns do not merge. Such training would be technology-driven and could incorporate modelling and simulation. Thus, technical expertise and knowledge could be transferred into political action plans.
- Training may also involve the private sector or contractors. NATO decides whether or not it should delegate parts of the training to the private sector or to conduct it internally. There are advantages and disadvantages in both. One of the advantages in delegating the work to an outside party is that the latter could conduct an analysis without any NATO restrictions and could significantly test NATO’s planning and operations. The main disadvantage is that NATO may not be able to share classified information, which would make the training less comprehensive.
- Some of the most useful training methods involve exercises, ‘war gaming’, crisis simulations and scenario planning, as well as online training education programmes, training manuals, and certifications. NATO should also measure the impact of the training and assess its skill-maintenance capacity.
Materiel
Materiel involves military equipment and tools that could support the decision-making and operational planning entailed in considerations of the space-based systems sector. It also involves logistics and supply chain management, and the integration of cybersecurity system design into the mainstream development and design of space systems. Analysing which companies are habitually relied upon in the supply of satellite systems may help NATO allies to prioritize their supply chain security efforts. Software vendors have control over putting ‘back-doors’ in the system that may not be visible or known during the procurement stage. Requesting the establishment of security requirements at the design stage of a hardware project may also increase resilience and form part of a defence-in-depth strategy.
Additional points to be considered with regards to materiel may include the following:
- Should NATO have some sort of space capability, and, if so, what should the minimum capability be? Historically, NATO owned SATCOM capability, but political considerations led to the decision to rely instead upon the capabilities of alliance member states. To date, some countries within the alliance have not shown sufficient interest in NATO having its own satellite capability, and there has been no appetite to return to the old system.
- It is necessary to find approaches to incorporate EU assets and equipment into NATO capability in order to increase redundancy.
Leadership
Leadership considerations involve awareness, education and training in the vulnerabilities of strategic systems to cyberattacks; leadership capabilities should also cover the issue of the defence sector’s interdependency with other sectors while conducting its operations. For instance, the telecommunications and defence sectors both use commercial space assets. The mutual dependency between the defence sector and other critical national infrastructure is particularly important in understanding the possible consequences of a cyberattack across all sectors.
Possible ways to improve leadership-level involvement may include:
- Conducting non-technical training for the North Atlantic Council (NAC) on space security. This type of training could also be conducted with NATO’s Military Committee and Supreme Commanders.
- The establishment of a high-level scientific board comprising the chief scientific advisers to NATO senior cadres. This group could distil any technical information to the political group.
Personnel and facilities
Member states assign personnel to operate the NATO defence and military systems that are dependent on space assets. Allies may also choose to deploy space support teams to the conflict zone (such as those deployed in Afghanistan by France and the US).68
The qualifications of personnel can be improved by:
- Establishing personnel requirements for teams working on space issues.
- Creating incentives for career promotion and retention of skills in order to improve resilience.
- Creating memoranda of understanding with the private sector to set up joint work environments and establish hiring programmes where personnel with security clearances would be working at NATO through private-sector engagement.69
- Finding ways to convince the member states to send highly qualified personnel to NATO as nations bid to fill these posts. Creating minimum requirements for the bidding process would help to attract personnel with the right qualifications.
- As with the model followed by Estonia in the cyber domain,70 it is critical for alliance countries to start investing in programmes of academic study on space technology, including at masters level, through which NATO personnel can receive training and certification. Such programmes will equip personnel with essential skills and provide the alliance member states with qualified assets.
Interoperability
Interoperability enables allies to operate their space systems without having to make adaptations so that their systems can function efficiently.
Interoperability has been an issue in the land, air, and maritime domains. Space-assets planning would benefit from the lessons learned in those domains – for instance, by studying and understanding the complexities involved in intelligence- and information-sharing across all domains. Allies could allocate funds towards a body of work that could focus on interoperability in space. Doctrines and standardization could help to improve interoperability among allied systems. Yet, allies should also realize that standardization would mean using the same vectors as a baseline, thus leading to an increase in risk (in the remaining vulnerabilities) across the alliance as a whole.
Allies should realize that standardization would mean using the same vectors as a baseline, thus leading to an increase in risk across the alliance as a whole.
In order to share secure information through SATCOM units, France, Germany, Norway and the US have formed the multilateral Coalition Network for Secure Information Sharing (CoNSIS). Through secure communications systems, CoNSIS’s objective is to enable better and more accurate decision-making, within a shorter period of time.71 In order to ease interoperability, CoNSIS uses commercial standards as its baseline.72 For future applications, it is advisable to check whether commercial standards meet cybersecurity demands for military requirements.
Interoperability in technology is desirable but remains a challenging construct. It could become the role of NATO to make national space services interoperable. Creating a catalogue of national services might be a good starting point. Interoperability could also be established at the product level (for example, in the field of space weather information) where the products are standardized across the alliance. In order to incentivize nations to invest in this endeavour, it might be helpful to calculate the cost of inadequate interoperability across the alliance to demonstrate current or potential monetary losses.