Escalating need to increase cybersecurity of space-based services, while building up regulatory frameworks, stakeholders’ collaboration

The World Economic Forum (WEF) assessed that space-based services get drawn into geopolitical conflicts on Earth, and thus there needs to be increased cybersecurity around space-based services, apart from regulatory frameworks and collaboration of all stakeholders. Just as space services are central to modern-day life, they also support essential services such as military, utilities, aviation, and emergency communications. Thus, making them particularly attractive, especially at times of geopolitical unrest, for cyberattacks, the impact of which is unpredictable. 

“Traditionally, space and terrestrial systems were largely isolated from each other, each serving a different set of users and requirements,” according to the authors of the WEF post. “This model has changed in recent years, as systems become more complex with greater interconnections between Earth-Space networks. Future generations of smartphones, for instance, may well have satellite messaging capabilities for emergency communication where there is no terrestrial connectivity,” they added.

Digital transformation has also resulted in the establishing of interfaces between systems and, more importantly, across traditional trust boundaries such as partners and customers, the WEF post said. Furthermore, the adoption of large satellite constellations is driving the number and complexity of ground control and service support infrastructures, thereby increasing the potential attack surface, it added.

The WEF post assessed that space communication technology will change the lives of millions by enabling connectivity in places that are not accessible by terrestrial broadband connectivity. “Space exploration is projected to create USD 1.2 trillion in retail revenues in 2020-2030. The potential of space-based services has driven an influx of private actors into what was once viewed as a predominantly government-dominated environment,” it added.

The conflict in Ukraine has showcased that space has been and will continue to be extremely relevant at times of geopolitical conflict, WEF said. “As these trends are likely to continue, we will see new threat actors, targeting space systems to impact the critical services enabled by satellites. Against this background, how do we ensure that the growing interest in space-based services does not expose society to more cyber vulnerabilities? What can be done to ensure developments of new space technology and services are more secure?” the post added. 

Earlier this year, cyberattacks on satellites servicing one country could disrupt critical national infrastructure in another were demonstrated. In February 2022, just as the Russian invasion of Ukraine started, a large number of satellite modems in Ukraine and elsewhere in Europe were subject to a cyberattack and disabled, requiring global operator Viasat to do a hard-reset following which it could continue to deliver vital communication, including to Ukrainian refugees in neighboring Slovakia. In March, SpaceX sent thousands of Starlink satellite internet terminals to Ukraine to provide Ukrainian citizens access to communication.

With the influx of new market participants, many more satellites are being launched into orbit, notably with large constellations, of 100s or even many 1,000s of satellites, the WEF post said. Ignoring ongoing space sustainability discussions, the sheer number of satellites in such networks means that if one satellite is compromised, a new path can be arranged but at the same time, however, potentially opens the door to take advantage of the satellite network due to their widely deployed terrestrial infrastructure and commoditized spacecraft design, it added.

“Going forward we can be certain that the resilience of critical services on Earth will become ever more entwined with the resilience of satellites in space. Satellite operators do however have experience in cybersecurity,” the WEF post said. “They have long been skilled in hardware and network security and are experienced in serving sectors with strict security requirements such as governments, military, oil & gas, shipping, and finance.” 

In addition, satellite operators increasingly use cybersecurity tools and products to provide enhanced security to key customers and differentiate themselves and create a competitive advantage, WEF said. Some satellite operators are working on new methods of data encryption such as QKD which are ideally suited to the space environment, it added.

The WEF post also addressed the complexity introduced by third-party relationships. As satellite-based service infrastructures become more complex and evolve into full end-to-end services, they involve more stakeholders operating different parts of the infrastructure. “The supply chain for hardware and software is dependent on multiple component parts, making it difficult to identify responsibility and liability for the ultimate security and resilience of the services supplied. Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators, and commercial users begin and end?” it added.

Another aspect is regulatory frameworks that have not been able to keep pace with technology evolution, WEF said. This is a problem for cyber resilience in all sectors, not just in space. Appropriate regulatory frameworks are part of the solution, but these take time to develop, especially if they are to be internationally harmonized, and action is needed now, it added.

Last June, two senators introduced a bill in the U.S. Congress that would direct the Secretary of Homeland Security to issue guidance to designate space technology, including systems and services, as critical infrastructure. The bill has since been referred to the House Committee on Science, Space, and Technology.

Over the longer-term clear lines of communication to support information sharing prior to, during, and after cyber incidents should be created to complement the work of the Space ISAC (Space Information Sharing and Analysis Center), and to improve the cyber security of space-based services that depend on satellites networks, WEF said. This will require collaboration between governments, satellite manufacturers, operators, software developers, and service users. Each has a role to play, including the sharing of lessons and experiences from each domain, it added. 

The WEF added that as terrestrial and space systems become ever more closely integrated and the distinctions blurred, a collaborative and informed exchange is needed between what has traditionally been seen as separate areas of cyber threat management.

In February, the U.K. government released its ‘Defence Space Strategy’ that works towards operationalizing the space domain at pace. It sets out the government’s vision for ‘defence’ as a global player in the space domain and expresses how its Ministry of Defence (MOD) will deliver the ‘protect and defend goal’ through space-related capabilities, operations, and partnerships.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.