In a recently published book titled ‘2034’,1 Admiral Stavridis and Elliot Ackerman, two former military officers with deep operational and diplomatic backgrounds, tried to describe how and, apparently, when a future war with China might start. The novel provides a frightening view of an Orwellian dystopian future where the two global powers, the United States (US) and China clash, whereby powerful new forms of cyberspace weaponry and stealth capabilities are employed. According to the scenario, the hypothetical future war starts when the Chinese block the communications systems between the ships in the Pacific Ocean, thus blinding not just the entire fleet but also the US National Command Authority.
Although the book refers to a far-in-the-future nightmarish US-Chinese military conflict, one might claim that all the mentioned trends and disruptive technologies, no matter how fictional they seem, are real, present, and ready to be used in today’s modern military arsenals. Effective communications and navigations services, provided by space-based systems, are extremely vital for advanced militaries, global economies, and societies. Climate and natural disaster monitoring, early warning systems, weather forecasting, global imaging, commercial communications systems, precise positioning, navigation, and timing synchronization, as well as surveillance and reconnaissance, are just a few of the core space-based technologies which our daily lives are totally dependent on.2
A Newly Born Domain
Since the beginning of the 21st century, technological advancements have led to increasingly affordable space capabilities for various stakeholders, including governmental, academic, and commercial entities. Launching satellites into orbit is not the sophisticated and insanely expensive activity that used to be practiced only by a handful of state superpowers. Today, small businesses, private individuals and even academic institutions can afford to manufacture, launch, and operate satellites. This leads to the ever-expanding commercialization of space activities contrary to the military domination of the domain in years past.3 Notably, with the advent of 5G and 6G mobile networks, satellites are expected to play a far more central role to provide the nearly ubiquitous, instantaneous, and maximum connectivity those networks are promising.4
As recently as the 15th of September 2021,5 the private spaceflight company SpaceX launched four civilian passengers into orbit on the first-ever mission to space with an all-civilian crew. A few months earlier, two other private spaceflight companies, Virgin Galactic and Blue Origin, launched capsules into suborbital space, highlighting the evolution of human spaceflight and the ease of access to an area, which was previously dominated only by governments and their space agencies.6
Simultaneously, the rapidly increasing number of small satellites, nanosatellites, and microsatellites in outer space has exponentially multiplied the sheer volume, diversity, and global coverage of the produced data. To collect, process, and analyse this data, newer applications and services enabled by revolutionary technologies such as artificial intelligence, quantum computing, and automation had to be created. This new era for space, known as the ‘New Space Phenomenon’,7 has created new business opportunities and opened new markets around the world,8 thus increasing the growth and dependency of civil and military actors on space systems and services.
In the face of these developments, on the 4th of December 2019, the NATO Alliance adopted NATO’s Space Policy and recognized space as a new operational domain alongside air, land, sea, and cyberspace.9 Based on the use of satellites, NATO can now respond to crises faster, more effectively, and precisely. The recognition of Space as an Operational Domain emphasizes exactly its dynamic and rapidly evolving inherent capability to enhance the Alliance’s deterrence and defence posture in an age of global competition.10
Space Threat Categories
Modern space services and capabilities such as the Global Navigation Satellite System and Satellite Communications, used by both the military and civilian sectors, are considered critical national infrastructures.11 These core space-based technologies have become vital assets for public safety, economic welfare, and national security of all advanced countries. However, the threats and vulnerabilities of commercial satellites and other space assets have also increased significantly during recent years, especially due to the dynamically evolving cybersecurity threat landscape.
Of course, the weaponization of space is not only facilitated through the cyberspace domain. A US report, published in 2018, argues that China and Russia are developing space weapons12 ranging from non-kinetic physical attacks to ground sites and infrastructure to kinetic direct ascent attacks against orbiting assets. Additionally, on the 27th of March 2019, India had successfully tested its first Anti-Satellite (ASAT) missile (mission Shakti),13 becoming only the fourth nation to possess such a capability. In recognition of the growing threat in the space domain, on 8 March 2021, France launched its first-ever military space exercise ‘Aster X 2021’ simulating various space events and scenarios.14
Among the many emerging threats to space systems, the most apparent, irreversible, and likely attributable are the kinetic physical threats. These threats include attacks on static Command and Control (C2) facilities, detonations of warheads near the orbital path of a targeted satellite, and direct ascent ballistic missiles against specific satellites. More advanced versions of a co-orbital attack may also include robotic arms able to grab another satellite, thus displacing or destroying it.15 After all, satellites are lightweight devices moving at incredible speeds on predictable paths and, therefore, are extremely fragile; even a miniscule projectile can destroy them.
The threat category, which may be considered the biggest and most likely threat to the space assets, is the non-kinetic one. Without any direct physical contact, these threats can attack satellites and ground stations at the speed of light, without being observed by third parties and, thus, are difficult to attribute to one particular nation. These threats include directed energy weapons capable of damaging sensitive components and blinding critical satellite sensors, electronic attacks (jamming or spoofing) against radio frequency signals of the up- and down-links, and sophisticated cyberattacks targeting network components, processing units, and data streams.
Cyber Threats to Space Assets
As space has developed in modern times to become the ‘ultimate high ground’ of information-age warfare, so too has the space arms race intensified and focused on more interconnected and computational complex cyberattacks.16 During the 20th century, the so-called ‘old space’ or ‘traditional space’ systems were designed for long-lasting missions and tailor-made solutions.17 These systems were not built with sufficient security mechanisms that would protect them from the unique and constantly evolving characteristics and challenges of cyberspace threats.
The cyberspace domain consists of a fluid, highly contested, congested, cluttered, connected, and constrained environment. As a result, the cyber threat landscape is evolving with tremendous speed, bringing new vulnerabilities and challenges to the surface. Billions of connected Internet of Things (IoT) devices have enlarged the attack surface with a diversity of attack vectors.18 Moreover, cyberattacks can be almost instantaneous, global, asymmetric, invisible, and catastrophic without even reaching the threshold of an armed attack.
Different types of threat actors are persistently trying to exploit any possible weakness in and through cyberspace to maximize the destructive effects in the space domain. Nation-states, state-proxies, cyber terrorists, criminals, hacktivists and even insiders are considered potential actors to develop sophisticated offensive cyber capabilities targeting the vulnerabilities of space systems. The potential high impact supplemented by the low costs and minimum resources needed entices threat actors towards cyberattacks as a primary means. Whilst many of the tactics, techniques, and procedures developed in the cyberspace domain can be extensively adapted, reused, and shared among adversaries, avoiding the need for new toolsets and skills.
Cybersecurity requirements have to be applied to all segments that comprise an operational space system. These segments include the space, ground, link, and user portions. Significantly, the last three components rely on data systems and networks that can be compromised by injecting malicious code. Some of the most common types of cyberattacks, the distributed denial-of-service, man-in-the-middle, ransomware attacks, botnets, Advanced Persistent Threats (APTs) and the use of privacy-enhancing technologies, have developed so much that the conventional network defence tools, such as intrusion detection and prevention systems, and antiviruses may seem obsolete.19
Cyber Kill Chain
Well-resourced and trained adversaries targeting highly sensitive and national security information tend to conduct multi-year intrusion campaigns using advanced tools and techniques described as APTs. An APT method can stay undetected in a system or network until it fulfils its predetermined goals.20 Those APT actors, following a kill chain model, attempt long-term and multiple intrusions and adjust their strategy based on the results – positive or negative – of these attempts.
A kill chain ‘is a systematic process to target and engage an adversary to create desired effects’.21 According to the US military targeting doctrine, this process consists of the following steps: Find, Fix, Track, Target, Engage, and Assess. This integrated, end-to-end process is similar to a ‘chain’ in which all links must be fulfilled to complete the task.
Similarly, the cyber kill chain model describes the phases from conceptualization through to achieving the desired effects with respect to computer network attacks or espionage and was first introduced by Lockheed Martin.22 These phases include Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2 and Actions on Objectives. Following these steps, the aggressor tries to develop a payload to breach a trusted boundary, gain authorization inside the trusted environment, and take actions towards his original objectives. These objectives may be data exfiltration, disrupting the confidentiality of the victim’s environment, or violations of data integrity and availability.
A Cyber-ASAT Case Study
One of the most critical areas of spaceflight operations is the collection and use of Space Situational Awareness (SSA) data. Almost all space stakeholders, including the US, Russia, China, and the European Space Agency, have developed modern SSA platforms. These platforms are responsible for delivering timely and accurate information from the space environment to protect both orbit and ground infrastructure.23 Today, millions of objects of various sizes are travelling in Earth’s orbit, at velocities in excess of 8 km/s that can cause catastrophic failures to satellites and launchers. Reliable tracking and prediction of potential collisions with those objects are essential for the spaceflight controllers to navigate the satellites accordingly.
However, a study from 2019 tested the development of a simulated cyber-ASAT capability that could leverage orbital simulations and genetic algorithms ‘to artificially alter debris collision forecasts and cause direct harm to critical space systems without firing a single rocket’.24 This research proved that a sophisticated cyberattack, based on the intrusion kill chains described above, can gain access to SSA’s database and manipulate the objects’ coordinates. A continuous, updated and transnational SSA data repository needs an extensive network of sensors distributed around the planet, providing an extensive and dynamic attack surface with numerous entry points to exploit.
An attacker taking advantage of backdoors in the network perimeter can alter the datasets so that a near-miss between the targeted satellite and a debris object can be misinterpreted as a collision. As a result, the controller will try to execute unnecessary corrective manoeuvres consuming valuable resources of the satellite and, thus, shortening its lifetime. Vice versa, the attacker may conceal a projected collision with debris depriving the controller of the ability to respond in a timely manner and save the satellite.
Since space systems, both military and commercial, have been considered essential parts of the NATO Nations’ critical infrastructure, it is vital to address all cyber concerns and challenges effectively for their protection. Specific cybersecurity principles and practices must be applied in every phase of the space component’s development life cycle process. As the lifespan of satellites may exceed 15 years, it is critical to integrate, already from the design stage, sophisticated cybersecurity – and cryptographic – solutions, which allow the controllers to remotely install updates and to be able to respond to incidents when necessary.
The development and implementation of comprehensive cybersecurity plans for all system elements will provide the requirement for high-level cybersecurity hygiene across a whole range, from detecting network intrusions to managing the supply chain risks of all manufactured products. Therefore, the Alliance must protect their space assets and ensure continuity of operations by strengthening the national and collective resilience of their respective critical infrastructure.