US military and intelligence agencies release guidance on safeguarding space industry from cyber threats

The Federal Bureau of Investigation (FBI) along with the National Counterintelligence and Security Center (NCSC) and the Office of Special Investigations of the U.S. Justice Department called for safeguarding the nation’s space industry and ‘keeping intellectual property in orbit.’ The warning comes as space is fundamental to every aspect of society, including emergency services, energy, financial services, telecommunications, transportation, and food and agriculture – all relying on space services to operate.

According to U.S. financial sector estimates, the global space economy is projected to grow from US$469 billion in 2021 to more than $1 trillion by 2030. The U.S. is the main driver of this growth through its role as a global leader in space investment, research, innovation, and production. 

“Foreign intelligence entities (FIEs) recognize the importance of the commercial space industry to the US economy and national security, including the growing dependence of critical infrastructure on space-based assets,” the two-page joint alert said. “They see US space-related innovation and assets as potential threats as well as valuable opportunities to acquire vital technologies and expertise. FIEs use cyberattacks, strategic investment (including joint ventures and acquisitions), the targeting of key supply chain nodes, and other techniques to gain access to the US space industry.”

The document outlined that the FIE’s efforts to target and exploit the U.S. space industry can harm the nation’s commercial firms and broader national and economic security in several ways. These were divided into global competition, national security, and economic security. 

Addressing global competition, the document identified siphoning intellectual property and other proprietary data from U.S. space firms for the benefit of foreign powers’ national security programs. It also included leapfrogging innovation that costs U.S. space firms substantial time and resources to generate, using state-backed resources and unfair business practices to disadvantage U.S. space firms, and harming U.S. corporate reputations by proliferating counterfeit products or falsely authenticated reproductions.

When it came to national security, the document listed collecting sensitive data related to satellite payloads, disrupting and degrading US satellite communications, remote sensing, and imaging capabilities, degrading the nation’s ability to provide critical services during emergencies; and identifying vulnerabilities and targeting U.S. commercial space infrastructure during conflict.

On economic security, the joint alert warns of harming the U.S. commercial space sector by causing losses of revenue and global market competitiveness, exploiting critical resources and supply chain dependencies, and influencing international laws, norms, and host country business regulations governing space to disadvantage U.S. space firms.

The document identified that employees, contractors, and suppliers are vital to protecting the organization. It recommends unusually high cyber activity targeting the company from unknown parties; requests to visit company facilities from unknown or foreign entities; specific and probing questions about sensitive, internal, and proprietary information; elicitation at conferences or online fora; and unsolicited offers to establish joint ventures with companies tied to foreign governments or state-owned enterprises.

It also listed attempts to recruit a company’s technical experts, including through invitations to travel to a foreign country, offers of employment (such as consultancy work), and the provision of financial incentives in exchange for proprietary information. It also covered acquisition or investment efforts by foreign companies via wholly-owned subsidiaries registered in third countries that are designed to obscure the parent company’s connections.

The joint alert called upon the space industry to mitigate these risks by developing an ‘anomaly’ log to track peculiar incidents to potentially spot malicious trends against the organization; establishing an insider threat program within the organization and considering appropriate vetting and oversight for those with sensitive positions or access; and fostering an enterprise-wide security posture at the company, ensuring security, cyber, IT, insider threat, legal, human resources, and procurement offices all collaborate on security efforts.

It also recommends identifying ‘crown jewels’ that are key to the company’s competitiveness and developing strategies to prevent or mitigate their loss; while also conducting robust due diligence on suppliers, understanding their security practices, and setting and enforcing minimum standards for them. 

The joint alert also suggests mitigations to incorporate security requirements, such as incident reporting, into third-party contracts and monitor compliance throughout the lifecycle of a product or service; ensuring that the business is familiar with host country laws and regulations that require the sharing of company data; conducting appropriate due diligence on investors; and building resilience and redundancy into operations to minimize harm from FIE targeting. 

Commenting on the joint alert, Bob Gourley, an experienced chief technology officer (CTO) and board-qualified technical executive (QTE) wrote in an OODA Loop post that the guidance “gives insights from the perspective of our nation’s intelligence and law enforcement professionals and makes it clear this is a serious threat. And it provides general recommendations relevant to almost any firm in the US Space Industry.”

Gourley added that some major recommendations were left out. “We assume this is because the government is in a hard position and cannot take action that might make it seem like they are making business recommendations or endorsing work with any particular group. We are not handcuffed by those problems so will tell you what we think.”

Earlier this month, the Aerospace Corporation released v1.4 of its Space Attack Research and Tactic Analysis (SPARTA) framework, delivering significant updates. The latest version will offer TTP notional risk scores, ISO 27001 mapping, D3FEND technique and artifact mappings, additional references, and DEF CON 31 SPARTA presentation.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.