The cyber dimension of space systems – an analysis of offensive cyber operations targeting space infrastructure

Cyber security and space security are merging due to increased digitalization of space infrastructure and operations. Non-kinetic counterspace capabilities such as cyber operations are an attractive alternative to kinetic weapons due to their ability to avoid hazardous debris and operate below the threshold of armed conflict. This continued intertwining of outer space and cyber space introduces a larger cyber dimension to space infrastructure. This report is a step towards building an understanding of what this development may entail by exploring how offensive cyber operations can be used to target space infrastructure. It serves as a starting point for understanding the implications of these developments for security and strategy.

The research question guiding the analysis is “how does the space-cyberspace nexus influence the risk of offensive cyberoperations targeting space infrastructure?” The question is answered by analyzing how a motivated actor can gain access to key components of the infrastructure and what effect such operations may create. The analysis begins with a description of the elements of space infrastructure before expanding on a conceptualization of offensive cyber operations derived from cyber conflict literature. Further, we analyze how offensive cyber operations may be used to target space infrastructure. Focus is on two of the three components in space infrastructure: the ground segment and the space segment. Finally, we present a summary of effects and a categorization of vulnerabilities, before concluding and pointing to recommendations.

We identify two interlinked groups of vulnerabilities. The first is the vulnerabilities following from the practices in the contemporary space industry popularly called New Space. The second group of vulnerabilities follow from the lack of implementation of well-known best practices in ensuring adequate cyber security. The reasoning for these not being implemented is twofold. Firstly, there are practical challenges stemming from the physical qualities of space technology and infrastructure. Secondly, the New Space industry is still in its youth and has yet to establish a security culture incorporating an understanding of the cyber threat landscape. The limited attention allotted to cyber security responsibilities and risk in the supply chain of the space industry is a testament to this reality. This points to a need to prioritize an adequate risk awareness, security culture and cyber security in space systems.

We recommend strengthening the security and resilience of space infrastructure against offensive cyber operations by promoting comprehensive risk assessments, enhancing cyber security practices, cultivating a robust security culture, improving supply chain security, and enhancing preparedness through contingency planning and scenario-based implication analysis.