The Weaponization of Space: a Worrisome Trend
Recent years have seen a growing arms-race in space, with nations striving to develop and test offensive space capabilities, and space force-building processes taking place within their militaries:1 In December 2018, the US Air Force’s National Air and Space Intelligence Center published a report, arguing that both China and Russia are developing space weapons.2 During 2019 the US and France have established dedicated space commands.3 In March 2019, India conducted its first test of an anti-satellite weapon. The case of India, a country without a history of offensive space activities, illustrates the magnitude of the space arms-race. With space becoming increasingly weaponized, the vulnerabilities of space systems, initially built without basic or sufficient security mechanisms, are becoming both apparent and dangerous, rendering them exposed to cyber threats.
In December 2019, NATO foreign ministers formally declared space as an ‘operational domain,’ extending the alliance’s range from land, sea, air and cyberspace to operations in space. Cyber threats to space systems run the wide range from vulnerabilities in the physical ground and space segments to the satellites’ data links and supply chains. As cyber warfare and hybrid threats become the ‘weapon of choice’ for state and non-state actors, and global economy and daily life grow increasingly dependent on space, space systems may well become the next front in cyber conflict.
This paper suggests a comprehensive approach to this threat landscape, and offers integrated strategic solutions for the cyber defence of space systems.
Existing Cyber Threats to Space Assets
Space systems are usually divided into three technological and operational segments, which are responsible for different functions and are therefore exposed to different cyber threats: the ground segment, the space segment, and the link segment.
The ground segment consists of all the ground elements of space systems and allows command, control and management of the satellite itself and the data arriving from the payload and delivered to the users.4
Due to their role in collecting data, the ground stations and terminals are exposed to the threat of cyber espionage from states and non-state actors. Moreover, the military aspect of satellites and their importance to national security render them prime targets for hostile takeover, disruption and shutdown. Most cyberattacks on the ground segment exploit web vulnerabilities and allow the attacker to lure ground station personnel to download malwares and Trojans to ground stations’ computers.5
Infiltrating the ground station’s network can allow the attackers to access the satellite itself. Hostile access could enable the attacker to execute a Denial of Service (DoS) attack6 and may involve taking over Industrial Control Systems (ICS) in order to control the satellite and damage it.7
The space segment consists of the satellites themselves. Major security gaps within satellites’ architecture exist in both old and new satellites. Old satellites with life spans of decades were built with no awareness for cyber security; today, small satellites manufacturers tend to prioritize fast and cheap production, in which the investment in cyber security is perceived as a hurdle.
Cyber threats to space segments usually derive from vulnerabilities in ground stations, in network components, and in the receivers which receive the data from the satellite, thus allowing the attacker to infiltrate to the network and remain undetected. Another threat may involve the introduction of a malware into the satellite’s hardware in the supply chain, in order to compromise ground units at a later stage.8
Consequences of cyberattacks on satellites could also be aggravated due to the rising connection and use of Internet of Things (IoT) devices. An attack on a communication satellite could cause wide disruptions to communication channels across countries, cause panic, and endanger national security.9
The link segment consists of the signal transmission between the satellite and the ground station, as well as between satellites.
The most common threat is GPS jamming. As GPS systems rely on radio signals sent from the satellite in order to determine the location of the users, GPS jammers send signals over the same frequency as the GPS device, in order to override or distort the GPS satellite signals. GPS jammers are widely accessible and cheap to purchase, rendering them available also to poorer state-actors. In November 2018, Russia was suspected of disrupting GPS signals in northern Norway and Finland as the two nations participated in NATO’s Trident Juncture exercise.10 Another type of attack is ‘spoofing’ – faking signals by broadcasting incorrect GPS signals, structured to resemble genuine ones. Spoofing is harder to carry out than jamming, but if executed effectively, can be much more dangerous, mainly because the victims do not necessarily know that they are being spoofed. According to a 2017 US Maritime Administration report, the GPS systems of at least 20 ships were spoofed, leading the ships 32 kilometres inland to the Gelendzhik Airport in the Black Sea, away from the original destination. The incident raised assumptions among experts that Russia had been experimenting new GPS spoofing techniques as part of its electronic warfare capabilities.11
While some experts define jamming and spoofing as physical threats as they involve disrupting or tampering with frequency signalling, an attacker could also intercept unencrypted satellite traffic.
As cyber threats are becoming more substantial, the lack of procedures and policies is hampering efforts to mitigate the threats. However, several solutions have been suggested in recent years.
Threat Response and Mitigation
Mitigating cyber threats to space systems can be divided into technological solutions, which consist of introducing new technologies as well as upgrading existing ones, and policy solutions, which consist of actions and protocols of conduct.
In response to the rising cyber threats to space systems, many state agencies, contractors and commercial companies have started developing new technologies, or upgrading existing ones which were not secured by design. In December 2018, Lockheed Martin was awarded a US Air Force contract to modernize GPS ground control systems to support an anti-jamming GPS signal named M-Code, which will allow the Air Force to continue operating the GPS3 constellation with existing ground systems until 2025.12 In January 2019, NASA announced that it would start testing an open-source Blockchain platform in order to address potential issues of privacy and to prevent spoofing, DoS and other attacks.13
In March 2019, Lockheed Martin announced it had developed a new software-defined satellite architecture called SmartSat as a space segment solution, which will enable more capabilities and greater control of in-orbit satellites for ground operators. This architecture is expected to gain operators greater precision in diagnosing problems such as cyber incidents, as well as to allow satellites to back each other up. Operators will also be able to update on-board cyber defences to address new threats.14
While the technological solutions being developed will mitigate cyber threats, these tend to address very particular threats. In addition, being provided by a host of different entities, these are difficult to bring together within a unified, coordinated framework. A comprehensive problem requires a comprehensive, unified and systematic policy solution to guide the efforts to protect space assets and services.
As the military space sector increasingly relies on commercial technologies, a comprehensive policy solution should focus on commercial space companies and government acquisition contracts. A possible solution which could include both civilian and military space assets and activities would be introducing strict cybersecurity requirements for all components of space systems and their supply chains. A recent example of such requirements is the Cybersecurity Maturity Model Certification (CMMC) which was introduced by the US Department of Defense for all defence contractors, including small vendors.15 A smart model system which defines different levels of requirements for different products and technologies would demand a high-security level for inherently vulnerable products, without imposing a disproportionate burden on smaller companies. Such a model of cybersecurity standards should be a threshold condition for bidding for government contracts. Additionally, employing strict standards in government contracts is likely to usher in changes across the whole industry, and will therefore help promote the security of commercial and off-the-shelf technologies.
The Role of NATO
NATO as an Alliance was founded for providing a collective defence and cooperative security for its member states. So far, research has suggested that the EU may prove a more suitable entity for promoting new industrial approaches, due to its economic and regulatory authorities.16 However, NATO has an important role to play in any inclusive comprehensive solution due to the importance of the US. Any industry standards mechanism should include the US space industry, as Europe’s production relies heavily on US-produced components and technologies which should endeavour to design for trans-Atlantic interoperability17. NATO’s leading role as a coordinator and mediator is crucial, as the US is likely to resist any standards mechanism that would push American vendors out of the European space market. NATO’s role would therefore derive from its position as a transatlantic alliance with connections to both Europe and the US, and its ability to require common standards and compliance across the alliance. As a unified standards mechanism should be agreed by all member states, NATO could act as a forum for negotiations between its member states and the industry, as well as between Europe and the US. Discussions and consultations as well as further research can take place in conjunction with NATO’s Industry Advisory Group (NIAG) and NATO’s Industry Cyber Partnership (NCIP), as final results would be incorporated into the NATO Defence Planning Process (NDPP).