5. Recommendations and Observations
Some of the recommendations and observations suggested below are activities that are currently in the planning stage – as part of the NATO Space Working Group Action Plan, or as part of ongoing discussions with allies. However, these activities have not yet been implemented and require continuous attention.
- Encouraging allied member countries to be responsible for protecting their own space capabilities, and to consider space in national force structures rather than in the NATO command structure. In addition, NATO should consider how the configuration for space assets between the allies and NATO would look in time of conflict.
- There is a need for a NATO Centre of Excellence (CoE) for space. In cyberspace, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) shares information between NATO, the allies and NATO partner countries. However, the alliance lacks an established CoE for space policy.
- NATO is trying to link national space operational centres (to date, these include those of the UK and Canada) in order to establish routine contact and for regular information-sharing. It would be valuable to incorporate all allies that have space capabilities into this initiative; and to start discussions with allies that have space aspirations.
- NATO lacks a 24/7 operational cell that can observe and monitor activities relating to space. It could create a space coordination cell, in order to coordinate knowledge and data in all of the six capability areas outlined in this paper.
- Further planning needs to go into the integration of new technologies when securing satellites from cyberattack. Aspirations in this area may include the ability for satellites to configure and fix themselves.
- A NATO Industrial Advisory Group (NIAG) study is required in order to examine ways of sharing information between NATO and the private sector. Through this study, NIAG could provide industry advice to the Conference of National Armaments Directors and to other NATO units. Such advice could shape NATO military capability requirements and be linked to the next cycle of the NDPP.
- Current cybersecurity maturity standards and guidelines (such as those published by the US National Institute of Standards and Technology) help organizations to improve their cybersecurity measures and best practices. How effectively cybersecurity maturity standards can be applied to space-sector maturity should be analysed further. If the two areas are different in essence, then separate standards and guidelines for space could be developed.
- Securing space assets against cyberattacks at the design stage is particularly important, and should be a fundamental component of satellite and ground station design from the initial concept – giving rise to a ‘security-by-design’ approach.
- Information Sharing and Analysis Centers (ISACs) help improve collaboration and resilience in the cyber realm. Similar types of national centres in the space sector could provide insights and could improve engagement between allies.
- The annual NATO Information Assurance Symposium (NIAS) Cyber Security Symposium could focus on space in upcoming years.
- The potential establishment of a NATO science and technology committee, involving or led by the NATO Communications and Information Agency (NCI Agency), could be further explored. Such a committee could be relied upon to give advice on relevant cyberthreats and vulnerabilities, such as those related to the integrity or security of supply chains.
- The NCI Agency is responsible for operating and defending NATO’s networks, and rapid sharing of information has proved to be one of the most effective defences in cyberspace. In the cyber domain, there are certain tools in place – such as the Malware Information Sharing Platform (MISP) – that promote cooperation and information-sharing among allies. Information-sharing could also be more closely examined in relation to the space sector. Through sharing information and explanations of operational impact, NATO could increase allies’ awareness with regards to space-based threats.
- NATO should further increase its efforts to strengthen its cyberdefence posture through the NATO Industry Cyber Partnership: enhancing collaboration between the public and private sectors is one of the fastest and least expensive ways to increase cyber resilience, improve incident handling and mitigate vulnerability to attack. Moreover, this should foster timely information-sharing on cyberthreats, allowing stakeholders to enhance situational awareness and better protect their networks. In practice, for instance, it should facilitate rapid and early bilateral exchange of non-classified technical information related to cyberthreats and vulnerabilities. Improvements in the cyber domain would have a positive impact on the space realm.
- Under a future NATO Space Policy, defence planners should define NATO’s space capability requirements and present them to all allies by means of the NDPP.73
- NATO Space Policy could lead to recognizing space as the fifth domain. This would help NATO better plan for future operations that use space assets and technology and to incorporate space into the defence planning structure.
- Increasing awareness at all levels require holistic exercises and tests in order to give end users experience in how these systems actually work. Therefore, space considerations should be incorporated into existing exercises and training.
- The entanglement between commercial and military space assets may also cause vulnerabilities. In future, military systems will be increasingly connected to non-military systems. This has important implications for the laws of armed conflict, as the combination of civilian, commercial and military capabilities in the cyber domain and space raises the risk that civilian capabilities used for military purposes qualify as legitimate military targets.
- NATO should ensure that contractors that rely on commercial standards follow minimum cybersecurity arrangements.
- NATO may consider ensuring that commercial contracts meet military protection standards, in order to mitigate the risk posed by the military’s use of commercial space assets.
- NATO should conduct a gap analysis that will identify the following: which countries NATO relies upon for space services; what type of capabilities these countries possess; what type of capabilities they should have for future warfare; and what actions NATO needs to take (the latter being subsequently enshrined in an action plan).
- Although NATO does not lead development of the space sector and it is the allies that provide space capabilities, NATO can still initiate informal discussions with the allies on the establishment of targets for space resilience. In the cyber realm, for instance, cybersecurity targets have been incorporated into the NDPP.
- Mapping out recurring threats to space systems and promoting standardization to address common weaknesses may increase resilience. If standardization is unwanted due to its risks, then a voluntary ‘best practice’ approach can be utilized. NATO’s military command may also enter into direct discussions with the allies to set up minimum requirements. In this regard, a commanders’ intent paper can also capture space infrastructure.
73 Fleischer, P. (2016), ‘Above the Moon: NATO Space Policy’, http://futurenato.org/articles/above-the-moon-nato-space-policy/ (accessed 28 Nov. 2018).