A radical review of cybersecurity in space is needed to avoid potentially catastrophic attacks.
- Much of the world’s critical infrastructure – such as communications, air transport, maritime trade, financial and other business services, weather and environmental monitoring and defence systems – depends on the space infrastructure, including satellites, ground stations and data links at national, regional and international levels.
- Satellites and other space assets, just like other parts of the digitized critical infrastructure, are vulnerable to cyberattack. Cyber vulnerabilities in space therefore pose serious risks for ground-based critical infrastructure, and insecurities in the space environment will hinder economic development and increase the risks to society.
- Cyberattacks on satellites can include jamming, spoofing and hacking attacks on communication networks; targeting control systems or mission packages; and attacks on the ground infrastructure such as satellite control centres. Possible cyberthreats against space-based systems include state-to-state and military actions; well-resourced organized criminal elements seeking financial gain; terrorist groups wishing to promote their causes, even up to the catastrophic level of cascading satellite collisions; and individual hackers who want to fanfare their skills.
- Space is changing from a selective preserve of wealthy states or well-resourced academia, into one in which market forces dominate. Current technologies bring space capability into the reach of states, international organizations, corporations and individuals that a decade ago had no realistic ambition in this regard; and capabilities possessed a few years ago only by government security agencies are now in the commercial domain.
- The pace at which technology evolves makes it hard, or even impossible, to devise a timely response to space cyberthreats. Humans too are affected by ‘digital ageing’ and legacy issues, and younger people use space-based and cyber communications in ways that make it difficult for older generations – and thus by implication some senior decision-makers – to fully understand the range of technologies and threats.
- Technology alone cannot provide the basis for policymaking on cybersecurity. Entirely or largely technological approaches do not have the breadth or depth to allow comprehensive participation, and would exclude many stakeholders who could otherwise contribute usefully to responses to the variety of threats propagated through the internet.
- Development of a flexible, multilateral space and cybersecurity regime is urgently required. International cooperation will be crucial, but highly regulated action led by government or similar institutions is likely to be too slow to enable an effective response to space-based cyberthreats. Instead, a lightly regulated approach developing industry-led standards, particularly on collaboration, risk assessment, knowledge exchange and innovation, will better promote agility and effective threat responses.
- An international ‘community of the willing’ – made up of able states and other critical stakeholders within the international space supply chain and insurance industry – is likely to provide the best opportunity to develop a space cybersecurity regime competent to match the range of threats.