We have to start thinking about cybersecurity in space

With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds.

Cybersecurity in space

But it shouldn’t be, say David Livingstone and Patricia Lewis, two fellows of the international security department at UK-based think-tank Chatham House.

“Because so much of human activity is now dependent on space-based assets and infrastructure, most countries’ critical infrastructure is potentially vulnerable to cyberattacks in that domain. An insecure environment in space will hinder economic development and increase risks to societies, particularly in crucial sectors such as communications, transport, energy, financial transactions, agriculture, food and other resources management, environmental and weather monitoring, and defence,” they noted in a recently released paper.

“Space-related cybersecurity gaps and weaknesses therefore need to be addressed as a matter of urgency.”

The threats and threat actors

Cybersecurity in space includes satellites, rockets, space-based systems and vehicles, and space-stations, but also ground stations (satellite control centres), and associated networks and data centres – all of which could be targeted by hackers.

“Possible cyberthreats against space-based systems include state-to-state and military actions; well-resourced organized criminal elements seeking financial gain; terrorist groups wishing to promote their causes, even up to the catastrophic level of cascading satellite collisions; and individual hackers who want to fanfare their skills,” the researchers believe.”

The researchers are realistic, and know that all threats and risks can’t be eliminated, but mitigation through security-by-design and risk management should be a goal.

What is needed for cybersecurity in space?

Who should spearhead policy changes and response to space cyberthreats? Not governments, the researchers argue, as “highly regulated institutional responses” typical of them are not nearly enough agile, flexible, nor fast to address the problem.

“An international multi-stakeholder space cybersecurity regime – based on an international community of the willing, and shared risk assessments and threat responses – is likely to provide the best opportunity for developing a sectoral response to match the range of threats,” they say, especially when space is slowly becoming a domain of not only wealthy states, but also less wealthy ones, as well as international organizations, corporations and individuals.

International cooperation in this effort is of crucial importance, not only because most satellites orbit the Earth and its communications are effected via ground stations disseminated across the planet, but also because they are usually constructed with components manufactured by different countries.

Another thing that such an effort should avoid is basing policies on technology alone.

“An over-reliance on technical fixes is why cybersecurity controls failed to make an effective impact on cyberthreats in the late 1990s and early 2000s,” they noted. “An effective regime requires a comprehensive technological response that is integrated into a wider circle of knowledge, understanding and collaboration.”

For more specific recommendations for the establishment of such a cybersecurity regime, check out the paper.