The proposed framework of mitigation, adaptation and resilience offers NATO a strategic method to protect space systems from cyberattacks, combining technical defences, proactive planning, and recovery capabilities for sustained operational strength.
Protecting NATO’s space-based assets from cyberattacks requires a holistic approach: one that ensures operational continuity while preparing for evolving challenges. This paper builds upon existing cybersecurity and resilience models to propose a three-tiered framework – based on mitigation, adaptation and resilience – as a structured method for addressing both immediate and long-term threats to critical systems.
While elements of this approach are reflected in NATO’s broader cybersecurity and other defence strategies, its application to space-based assets is underexplored. This framework offers a new way of conceptualizing NATO’s space cybersecurity posture, integrating insights from cybersecurity best practices, resilience theory and NATO’s own ongoing efforts to enhance its space and cyber capabilities. By focusing on these three tiers, this paper provides a roadmap for NATO and its members to develop more coordinated and forward-looking strategies for securing space infrastructure against cyberthreats.
The three tiers each play a vital role in this framework. Mitigation measures are fundamental for implementing ‘quick fixes’ in order to limit or minimize the impact of threats. As these are often technical and operationally focused, they are among the most feasible for near-term implementation across the alliance.
There is a direct relationship between mitigation and adaptation: if threats cannot be mitigated or prevented, the military needs to learn how to adapt to new realities within the changing security environment.
Adaptation, by contrast, requires a long-term commitment to innovation and flexibility. It involves the development of new strategies, training programmes and technologies to adjust to an evolving threat landscape. There is a direct relationship between mitigation and adaptation: if threats cannot be mitigated or prevented, the military needs to learn how to adapt to new realities within the changing security environment.
The third tier is resilience. Resilience measures that are focused on long-term solutions will enable a system not only to recover from shocks but also to adapt and evolve towards a new more sustainable state. Resilience involves integrating lessons learned into operational practices and fostering a culture of preparedness across the alliance. Resilience measures often require significant investment and coordination, but their long-term benefits are critical for NATO’s ability to maintain its operational edge in an increasingly contested space environment.
Mitigation measures
Mitigation measures aim to minimize the impact of cyberattacks on critical infrastructure by implementing initiatives that limit vulnerabilities and reduce potential damage. For space-based assets, these strategies focus on proactively addressing risks and enhancing the security of systems at every stage of their life cycle, from design and development to operation and decommissioning.
Traditional security approaches to protecting critical assets and systems against cyberattacks are also relevant for securing space assets. These approaches include establishing defence layers throughout critical systems or securing systems throughout their life cycle, and should be part of any mitigation strategy.
Measures to mitigate cyberattacks on space-based assets could include leveraging cryptography techniques, harnessing AI and machine-learning techniques, addressing cryptographic limitations, prioritizing investment in post-quantum cryptography, and enhancing interference and intrusion detection.
The cryptography methods for securing data and communications are constantly advancing in response to new and evolving cyberthreats. As a result, adopting the latest encryption techniques has become standard practice for safeguarding both information and operational technologies. These techniques should be approved by NATO agencies prior to their use. Other than providing end-to-end encryption methods and authentication of the user’s identity across critical systems, it is fundamental to make use of cryptographic algorithms to provide encryption between satellite communication anchor stations and terminals. Establishing the necessary requirements for ‘payload telemetry encryption’ across NATO members’ capabilities (e.g. in Earth observation, communications) would strengthen these systems.
AI and machine-learning techniques could also be used for ‘cryptographic problems’ – for instance, to detect intrusions or discover vulnerabilities in real time. While NATO members should harness the positive applications of AI-enabled techniques, they should also make sure that those techniques and technologies adhere to the NATO principles of responsible use of AI, adopted in October 2021.
While cryptography techniques are valuable for securing data, they come with limitations, including the possibility of developers employing algorithms containing unidentified problems, or users selecting weak cryptographic private keys, all of which can potentially result in vulnerabilities and easier decryption. Using pseudorandom binary codes would make it harder for the intruder to predict the cryptographic algorithm or the key to access sensitive information. These techniques should be part of transmission security.
It is also fundamental to roll out policies around quantum key distribution (a form of encryption that uses quantum properties) and to prioritize investment in post-quantum cryptography today to safeguard critical national infrastructure within the alliance against potential vulnerabilities, particularly as the threat that quantum computers pose to current cryptography increases. The US’s Cybersecurity and Infrastructure Security Agency (CISA) has released a ‘Post-Quantum Cryptography Roadmap’ that outlines actionable guidelines for organizations, such as carrying out an inventory of current cryptographic technologies, creating acquisition policies on post-quantum cryptography, and educating the workforce about changes ahead.
States should also invest in technical capabilities to separate random errors from genuine threats. Reliable interference or intrusion detection capabilities – for instance, warnings on spoofing incidents – could provide protection against sophisticated cyberattacks.
The alliance should establish smart procurement requirements for integrated capabilities and have a directory of accredited providers that offer mature cybersecurity products and services. Additionally, information assurance requirements should be incorporated throughout the entire life cycle of space systems.
Adaptation measures
While mitigation strategies aim to resist attacks and, if possible, prevent them and minimize their impact on a system, adaptation strategies involve accepting the inevitability of an attack and its effects, as well as adjusting to the new operating environment. As observed in cyberattacks on other critical national infrastructure, adaptation is a key part of coping with such a threat.
In biology, adaptation is a ‘process of change by which an organism or species becomes better suited to its environment’. It has been increasingly used in systems engineering and social sciences. For instance, adaptation has been part of the debate around climate, especially regarding the processes of adjusting to the effects of climate change.
Both reactive and proactive adaptation measures are key in strengthening NATO forces and their response to cyberattacks. Reactive adaptation requires adapting to the operating environment when an adversary neutralizes NATO’s space services and products. Reactive adaptation happens on the ground due to an unexpected change. Military forces may need to adapt to a new operating environment for multiple reasons, including situations where GNSS is disrupted, instances where there is insufficient or excessive information inundating early warning systems, or when allied forces become aware of a reliance on spoofed data.
Proactive adaptation happens gradually, and it relies on future-looking capabilities (such as strategic foresight). Examples of proactive adaptation may include conducting training and teaching operators to switch between high-tech and low-tech environments.
Resilience measures
From protecting critical national infrastructure to societal and individual awareness against disinformation campaigns, resilience has a key preventative role in NATO’s defence. One key outcome of the Brussels NATO summit in 2021 was to ‘adopt a more integrated and better coordinated approach’ to resilience. Resilience is not a new concept within NATO. Article 3 of the Washington Treaty provides the basis for each NATO ally to be resilient, requiring that ‘separately and jointly, by means of continuous and effective self-help and mutual aid [the members] will maintain and develop their individual and collective capacity to resist armed attack’.
At the Warsaw Summit in 2016, allied leaders committed to enhancing resilience, indicating the need to reinforce civilian infrastructure and boost resources that are fundamental to supporting military operations. The framework noted seven baseline requirements:
- assured continuity of government and critical government services;
- resilient energy supplies;
- ability to deal effectively with the uncontrolled movement of people;
- resilient food and water resources;
- ability to deal with mass casualties;
- resilient communication systems; and
- resilient transportation systems.
An unidentified theme across the seven baseline requirements is the dependency of critical infrastructure on space-based assets. The government sector in each NATO state, for instance, requires both cables and satellites to have secure and encrypted communication channels between capitals and their permanent missions in sensitive regions and across members. The energy sector relies on space data for monitoring oil and gas pipelines, the grid, power stations and wind turbines, among other things. The continuous functioning of the energy sector is critical for national and economic security. Earth observation services are essential for monitoring the uncontrolled movement of people, such as migrants and internally displaced persons, as well as for forecasting floods, and monitoring crops and natural coastal defences against extreme weather. Emergency services (such as ambulance or fire units) that deal with mass casualties also rely on satellite communications and PNT technologies for command-and-control functions. Even moving patients from one place to another relies on GPS; airliners, ports and rail services are equally dependent on satellite navigation and communication systems. These services are vital both in periods of peace and times of conflict.
The key approaches to resilience in this realm can be summarized as:
- Adopting a systems approach by identifying critical systems and by mapping system architecture. All NATO members should conduct a similar exercise and confidentially share information with NATO when possible. This would help the alliance to assess weaknesses across systems, and to tailor resilience approaches according to the needs of each ally.
- Preparing for and reacting to disturbances by diversifying systems and incorporating necessary redundancy measures before an incident occurs. In defence terms, redundancy refers to the deliberate inclusion of back-up systems or elements that can assume the function of a primary system if it fails or is compromised. This would include diversifying vulnerabilities across multiple systems so as to minimize a single point of failure. For instance, this could be achieved by incorporating redundancy capabilities to take over from primary ones in case of stress.
Diversification can be achieved in different areas. Some researchers, for instance, argue that to secure satellites, it is better to invest in smaller satellites rather than larger ones, because ‘the distribution of greater numbers of satellites would make the loss of any one satellite less catastrophic to the architecture as a whole’. Such a distributed architecture could have thousands of satellites providing continuous coverage. For example, Starlink is composed of ‘1,000 satellites circling in LEO to provide continuous coverage over large parts of the Earth, with users of the system automatically being transferred between satellites as they pass in and out of range’.
In order to prevent vulnerabilities within highly networked systems, NATO’s baseline requirements could incorporate ‘defence-in-depth’ strategies, which would create protection across systems by using multiple layers of cybersecurity.
Highly networked small satellites could nonetheless be as vulnerable to cyberattacks as larger satellites. In order to prevent vulnerabilities within highly networked systems, NATO’s baseline requirements could incorporate ‘defence-in-depth’ strategies, which would create protection across systems by using multiple layers of cybersecurity. This could require integrating zero-trust security architecture across all allied states; such an approach ensures that every user and device must undergo rigorous identity verification before accessing any network resources, even if they are already operating inside the network’s perimeter. Other defence-in-depth strategies cover the mitigation measures discussed earlier, including protection against viruses and malware, patching, intrusion detection methods, encryption and authentication measures.
