NATO and its key members recognize space as vital to security, with national policies shaping the alliance’s approach to the space–cyber nexus. Growing reliance on civilian systems and emerging technologies increases vulnerabilities, making cyberattacks an escalating threat to critical space infrastructure.
NATO
In May 2018, the North Atlantic Council (NAC) adopted the policy of NATO space support in operations. A year later, in June 2019, the members formulated the new NATO space policy at a defence ministers’ meeting in Brussels. That new policy led to the declaration of space as a fifth domain of operations in November 2019.
Through its space policy, NATO integrates considerations around outer space into its three core tasks of collective security, crisis management and cooperative security. It engages in consultations across the alliance to reach a common understanding on opportunities, risks, challenges and vulnerabilities in line with the intergovernmental deliberations on responsible behaviours in outer space.
Other developments have mainstreamed outer space across the alliance. One was the establishment of the NATO Space Centre at Allied Air Command in Ramstein, Germany, in October 2020. The centre works with national space agencies to develop interoperable space products and services across the alliance, for use in satellite imagery, PNT and early warning. Another was the establishment in July 2023 of the NATO Space Centre of Excellence (CoE) in Toulouse, France – a known hub for the space industry – to focus on space-related development, education and training for the alliance. The CoE provides knowledge and analysis around ‘space domain awareness’, operational space support and space domain coordination. The centre aims to be fully operational by 2026.
NATO’s task also involves raising awareness and leveraging the value of the space domain across the alliance.
NATO’s task also involves raising awareness and leveraging the value of the space domain across the alliance. In this regard, the NATO Bilateral Strategic Command (Bi-SC) working group focuses on empowering members that possess fewer capabilities to become significant space actors. This has been achieved in the cyber domain with Estonia leading the cybersecurity field. A similar cooperative approach is being explored for addressing challenges in Arctic communications, with initiatives like Northlink where 13 members are exploring the development of a ‘secure, resilient, and reliable multinational Arctic satellite communications capability’.
Additionally, as part of implementing its overarching space policy, NATO launched the Alliance Persistent Surveillance from Space (APSS) initiative in February 2023. Rather than creating NATO-owned and operated space assets, APSS uses existing and future space assets from allied countries, integrating them into a NATO virtual constellation known as ‘Aquila’. This initiative addresses gaps in NATO’s access to specific intelligence products from outer space when needed. APSS aims to ensure that these intelligence products are available within a specific time frame. This initiative highlights the growing need to ensure the cybersecurity of space-based assets to protect both the assets themselves and the valuable data they provide. At present, APSS is a voluntary commitment from 18 NATO nations. Cyberattacks on space systems can compromise not just the assets themselves, but also the critical data they provide, posing risks to NATO’s operational effectiveness.
The alliance has also developed a NATO Intelligence, Surveillance and Reconnaissance Force (NISRF) to address capability gaps (tactics, techniques, procedures) in ground surveillance.
A mechanism for assisting partners in the space domain has not yet been established but existing cooperative security arrangements – for instance, the Defence and Related Security Capability Building (DCB) initiative – could be used for partner states to request assistance from NATO. DCB packages launched so far cover support to Georgia, Tunisia, Iraq, Jordan and Moldova; a package is also provided for UN peacekeeping purposes in Uganda.
At the technical level, work is ongoing to improve diversity in the space segment by developing numerous satellite platforms and multiplying service providers. NATO is working on providing multiple reinforced anchors and ground stations to protect the ground segment. NATO is also protecting its systems from cyberthreats through data encryption and by securing transmission links and bearer services.
The national space policies of NATO’s
key members
In parallel with NATO’s efforts, key NATO members (the US, UK, France, Canada, etc.) have adopted specific outer space policies and doctrines that reflect their national priorities and capabilities. There are clear convergences between members in how they perceive outer space security, such as the recognition of space as a critical domain for security and defence. Yet, there is no unified position on the optimal strategies for addressing outer space threats. This divergence is particularly evident when comparing NATO’s cautious approach, which avoids framing space as a warfighting domain, to the more assertive policies of some members including the US, which emphasize counterspace capabilities.
This divergence in approach stems from varying national priorities, capabilities and perceptions of the threats posed in outer space. Moreover, the evolving outer space landscape, including the proliferation of commercial actors, space debris and emerging technologies, has made it increasingly challenging for NATO members to arrive at a unified one-size-fits-all approach. Broader geopolitics – such as shifting transatlantic security dynamics and changing US defence policies – could further shape NATO’s ability to coordinate space security efforts in the coming years.
United States
In 2019, in his first term, President Trump announced the formation of the US Space Force, within the US Armed Forces, and the US Space Command. These were part of the Department of Defense’s initiative to achieve and maintain ‘space superiority’, and were thus criticized by other countries like Russia and China. The Biden administration issued a new framework for space policy, changing the rhetoric from superiority to US ‘leadership in space exploration and space science’. The same terminology, referring to the need to maintain space superiority, continues to be used by leading representatives of the US military. It is also a focus of the US chief of space operations’ approach to maintaining space superiority, as outlined in March 2024.
The US issued a National Space Policy in 2020 that emphasized the need to ‘ensure space systems and their supporting infrastructure […] are designed, developed, and operated using risk-based, cybersecurity-informed engineering’. This policy also expressed the intention to collaborate with industry and other space system operators to develop ‘best practices and mitigations’. In the same year, the Department of Defense issued a Space Policy Directive on Cybersecurity Principles for Space Systems, setting clear cybersecurity standards for space systems at all stages of their life cycle.
Building on this, in 2022, the US released a specific Department of Defense Space Policy that ‘recognizes space as a priority domain of national military power’. The US also issued the Memorandum on Space Policy Directive-5 on Cybersecurity Principles for Space Systems, effective September 2020. This directive sets out clear definitions and cybersecurity principles and practices that can be integrated into space systems before they are launched.
Furthermore, the US also has extensive international collaboration with Australia, Canada, France, Germany, New Zealand and the UK under the Combined Space Operations initiative. This collaboration involves sharing intelligence and information with each other and increasing interoperability of space infrastructure among partner nations. The US also extended its operational plan to protect outer space, known as Operation Olympic Defender, to include participation of NATO members. The US is part of NATO’s APSS initiative.
However, as the second Trump administration continues to reassess US defence commitments and burden-sharing expectations within NATO, the long-term trajectory of the country’s space security partnerships is in question. The increasing reliance of the US and other militaries on commercial satellite networks, particularly Starlink, has introduced new dynamics into transatlantic space security. Starlink’s critical role in military operations, including its use in Ukraine, has raised concerns about the implications of privately owned infrastructure in shaping national security outcomes. Although Washington remains a leader in military space policy, its strategic priorities and willingness to extend full-spectrum space security guarantees to NATO partners may evolve in response to broader geopolitical considerations.
United Kingdom
The UK has increasingly positioned itself as a key player in the space domain and published its first national space strategy in September 2021, setting out its defence capability priority areas as satellite communications, Earth observation, ISR, command and control operations, space control for defensive purposes, PNT capabilities, orbital launch capability, in-orbit servicing and manufacturing, and space domain awareness. This strategy set the UK’s commitment to invest at £5 billion over 10 years in the military satellite communications sector and £1.4 billion in new technologies and capabilities.
The UK sees great value in an integrated approach between civilian and military space policy actors. To this end, UK Space Command, formed in April 2021, is structured as a joint operation between the UK military forces and civil service. The space command has several duties, including monitoring threats (through the UK Space Operations Centre) and providing ballistic missile early warning and space surveillance capability through RAF Fylingdales. The military-grade space sensor at RAF Fylingdales provides services not only to the UK but also to the US.
The UK also set its Defence Space Strategy in February 2022, categorizing threats in terms of their impact, ranging from non-kinetic to kinetic effects. The strategy mentions cyberthreats as having ‘the potential to deny, disrupt or deceive satellites data’. The UK’s focus on space security is also closely tied to its collaboration with international partners, and the UK is a participant in NATO’s APSS initiative and contributes to the Combined Space Operations partnership alongside the US, Canada, Australia and other members. The UK’s National Cyber Force also works to address the growing cyberthreats to space-based assets, among other critical national infrastructure, underscoring the intersection of cyber and space security in the country’s defence priorities.
France
France is a leading European power in space. In 2019, it published its Space Defence Strategy, recognizing a broad spectrum of threats in outer space, including anti-satellite tests, cyberattacks, electromagnetic jamming, directed energy weapons and unfriendly proximity operations. The same strategy states that ‘cyber-attacks on the software parts of the different segments of space capability are among the most likely threats’ and notes the difficulty of attributing these threats. In its space policy, France identified one of its main objectives as ensuring strategic autonomy by developing space capabilities and being able to monitor activity in all orbits through enhanced space situational awareness. Through this capability, France would be able to ‘detect and attribute unfriendly or hostile acts’.
In its space policy, France identified one of its main objectives as ensuring strategic autonomy by developing space capabilities and being able to monitor activity in all orbits through enhanced space situational awareness.
In 2019, President Emmanuel Macron also announced the creation of a space command attached to the French Air Force. This led to rebranding the French Air Force as the French Air and Space Force in 2020. Lastly, in order to better collaborate with the space industry, France established a national space innovation laboratory (LISA) within the Ministry of Armed Forces.
French space defence strategy outlines the importance of partnership, particularly with the US on space situational awareness, with India on civilian satellite launches, with Japan on space surveillance, and with Canada and Australia on finding new avenues of cooperation. France also is a participant in NATO’s APSS but the country has openly acknowledged the need to prepare for potential conflict in space, unlike NATO which avoids framing space as a ‘warfighting domain’. France’s strategy also acknowledges the growing threats to space security, including space debris, cyberattacks and the development of counterspace capabilities by adversaries.
Canada
Canada’s approach to space is guided by its new defence policy, ‘Our North, Strong and Free: Renewed Vision for Canada’s Defence’ published in April 2024, which emphasizes the critical importance of space in safeguarding national security and detecting, deterring and defeating threats. This strategy also highlights the importance of resilience in the space domain, calling for forces that can operate across cyber and space domains that are ‘digitalized and networked for the information age’.
In July 2022, Canada established its 3 Canadian Space Division (3 CSD), which is the Air Force’s main agency for delivering the space initiatives outlined in Canada’s defence policy. This space division will ‘streamline, focus, and improve how space-based capabilities support critical CAF requirements such as communications, command and control, navigation, weather and situational awareness’. Canada’s previous defence policy from 2017 also outlined a framework for the country to ensure consistent, long-term financial support for various space defence initiatives. This encompassed improving situational awareness, enhancing Earth observation capabilities, and bolstering satellite communications infrastructure. That policy also emphasized the importance of space-based assets for modern militaries and highlighted the potential vulnerabilities and risks to satellites, without explicitly mentioning the cyberthreats to these assets.
Protecting the alliance’s space–cyber nexus
Changes to national-level space policy also affect NATO’s security, defence and deterrence strategy. Having realized the need for a multifaceted and integrated domain of operations, NATO and key members (such as the US and the UK), have prioritized the integration of cyber and space capabilities alongside traditional physical domains. The multi-domain operations concept in essence is different from simply joining up the core physical domains (air, land and maritime). It calls for integration across all domains (including cyber and space) to a level whereby each domain can access near real-time information from other domains at all times.
In practice, multi-domain operations come with certain challenges, some of which are related to information and data security. For instance, if real-time information is transmitted through a cloud-based single operating environment then that would raise questions around protection of this environment from cyberattacks given that a single point of failure might cause cascading impacts across domains. Therefore, dependency on a single cloud server to collect and diffuse data – even though such networks may have military-grade cybersecurity solutions – may pose mission-critical risks. Another challenge is to overcome classification barriers across land, sea and maritime domains both within NATO and within each ally country as this would be integral to near real-time information sharing.
Having realized the need for a multifaceted and integrated domain of operations, NATO and key members (such as the US and the UK), have prioritized the integration of cyber and space capabilities alongside traditional physical domains.
NATO and its members may also require new capabilities to successfully execute multi-domain operations. In order to achieve multi-domain autonomy in air, land and maritime domains, the alliance is said to require more than 50 satellites to be operational at all times. Such a level of readiness requires partnership and cooperation across the members. These operations will likely require significant processing power, with artificial intelligence (AI), machine learning and automation solutions. They will also benefit from advancements in quantum technologies, including quantum computing, advanced sensors and quantum communications (such as encryption) technologies, to assist in understanding the environment in which NATO forces are operating.
In the operational space, NATO forces are also dependent on civilian and commercial sectors: 90 per cent of military transport is accomplished using civilian assets chartered or requisitioned from the commercial sector; more than 70 per cent of satellite communications used for defence purposes are provided by the commercial sector; and 75 per cent of host-nation support to NATO operations is sourced from local commercial infrastructure and services.
This dependence introduces additional vulnerabilities, as civilian-operated systems may not always adhere to military-grade security standards. This is particularly concerning in the context of multi-domain operations, where the seamless integration of data across domains is essential for mission success. A breach in a civilian-operated system could cascade across NATO’s operations, affecting real-time communication, situational awareness and decision-making.
At the same time, the weaponization of space presents escalating risks to both Earth-based critical infrastructure and the peaceful uses of outer space. Despite the potential long-term consequences for orbital sustainability, states continue to invest in military and dual-purpose counterspace capabilities. These include technologies developed for benign purposes, such as rendezvous and proximity operations (RPO) or on-orbit servicing (OOS), which can be repurposed into aggressive tools like anti-satellite (ASAT) weapons. Such dual-purpose systems blur the line between their intended functions and their potential use as offensive tools. Counterspace capabilities can be categorized as follows: a) capabilities with kinetic physical effects such as ASAT, including direct-ascent ASAT and co-orbital ASAT weapons; b) capabilities with non-kinetic but physical effects, such as lasers and high-powered microwave (HPM) weapons; c) electronic means that target the electromagnetic spectrum, such as jamming capability; and d) cyber means that could result in either short-term or permanent effects, depending on the targeted system and intention of the adversary. The expansion of counterspace capabilities by states has exacerbated vulnerabilities in the space domain while heightening the risk of unintended escalation.
Cyberattacks, in particular, offer a degree of flexibility and deniability, due to the lengthy and often disputed process of attribution. Cyberattacks are also typically lower cost and more accessible compared to developing and deploying sophisticated kinetic counterspace weapons that require overt physical destruction. Offensive cyber operations can disable, disrupt or manipulate satellites and their supporting infrastructure.
This potential for impact and the scope for deniability make cyberattacks a preferred tool for a broader range of actors, including states with limited resources, which are seeking to disrupt space-based systems without the more overt consequences of kinetic actions. Kinetic and non-kinetic physical capabilities, such as ASAT weapons or high-powered lasers, often carry the risk of unintended or unnecessary escalation that a state may not be willing to take at that point in time.