The Organization presented its proposals for enhancing safety and security of modern satellite systems. Speaking at one of the panel discussions on current and future threats to space systems, Elina Morozova, Intersputnik Executive Director, outlined the cyber threats faced by satellite operators, she discussed how the landscape of these threats is changing and how they can be addressed.
Cyber security is an essential component of the sustainability of space systems
Regulation of space activities to ensure the sustainability of space is crucial today. Space applications play an important role in the daily lives of people worldwide, and they increasingly rely on space technology and the results of its use. Therefore, the sustainability of space is an indispensable condition for the harmonious development of humanity.
The modern satellite industry is becoming vulnerable to one of the most important threats – cyberattacks. They can be classified in accordance with their anticipated impact on the space system:
- Manipulation of data collected and transmitted by satellite systems, for instance, theft of confidential information or spoofing of data underlying decisions made, including critical ones;
- Creation of permanent or temporary obstacles to the operation of systems, including cases when it is done to cause disruption in the performance of services and applications that rely on satellite data, such as the internet of things, smart cities, etc.;
- Interception of a spacecraft control for a ransom, to render a spacecraft inoperative or force it out of an orbit.
How does the cyber threat environment change?
Dramatic shifts in the global space industry landscape are leading to a growing number of cyber threats against satellite systems. Two groups of factors can be identified as the reasons for such growth.
First, there are technical and operational aspects, such as development of a new space systems architecture comprising hundreds or thousands of spacecraft; transition to linear satellite production with generic and modular technology; simplification of satellite technology and disposal of all ancillary equipment; digitisation of the services provided and increasing a number of connected devices that mean more entry points and new potential for cyberattacks, that increase space systems vulnerability to cyber threats.
In addition, the entry threshold in the space industry is decreasing. Many new entrants to space sector boost competition within the industry. To stay afloat, market players have to increase production rates and lower costs, and this cannot but affect the reliability and safety of space systems. In addition, not all new players are sufficiently funded to take into account all risks, when planning a project, or have appropriate skills in the area of protection against cyber threats.
Meanwhile, cyber-infiltration tools, which are getting cheaper, traditional, and therefore well-known hardware and software used in satellite communications, difficult-to-detect and investigate malicious interference – these persistent trends play right into the hands of attackers.
Reducing threats is a shared concern
Cyberthreats can be countered at various levels.
At operators’ level it is required to improve digital hygiene of the employees and monitor the operation of space systems on an ongoing basis, including monitoring traffic in the satellite control channels for atypical behaviour and, consequently, possible interference. The timely dissemination of information on vulnerabilities discovered in space system components and on methods to address them plays the key role, as well as the sharing of experience among industry players. Incentives should be created for open discussion and investigation of cyberattacks, as most of the information on cyberattacks is not disclosed, for fear of reputational risks. At the same time, cyber interference should be addressed regionally and globally. It would be useful to draw on the experience and expertise of other sectors, such as banking sector, where cyber threats have been dealt with successfully for a long time.
It will be easier to protect the interests of space system users by putting into play different orbits, satellite constellations and spacecraft, and different traffic routing options to ensure that critical services do not operate in a no-alternative way. Key satellite data require particular attention and verification mechanisms, i.e., comparison with data from other sources. In countering cyber threats, a particular focus should be placed on protecting critical civil infrastructure in space. Greater use by States of the UN Register of Objects Launched into Outer Space could help capture the performance of a socially significant or otherwise important function of a space infrastructure object.
At the national regulators’ level, measures to counter cyber threats could include classifying both the orbital and ground segments of space systems as critical infrastructure and establishing cyber security requirements for each element of a space system: spacecraft, ground-based facilities, software, and any persons involved in the creation, operation and maintenance of such a system.
The potential of the Outer Space Treaty
In the event of any violations, the relevant state shall bear international responsibility for outer space activities of its governmental or private entities. The state then passes the responsibility on to other space actors. This means that all stakeholders have a common interest in ensuring that space activities are carried out in a responsible manner. International laws and regulations along with national laws and the promotion of highest standards for conducting space activities, should serve this purpose.
Thus, a potential mechanism for states to mitigate space threats is laid down in the fundamental international treaty governing space activities established by the United Nations, the 1967 Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies. Under this treaty, national activities in space must be conducted with the authorisation of states and under their continuing supervision. Pursuant to this provision, states adopt national laws on space activities, including provisions for their licensing. Compliance with cybersecurity requirements should become a part of mandatory prerequisites for granting a licence for space activities. Through national laws, countries can set high standards for responsible behaviour in space and encourage compliance with these standards.
About the Open-Ended Working Group on Reducing Space Threats
In December 2020, the UN General Assembly adopted UNGA Resolution 75/36 ‘Reducing Space Threats Through Norms, Rules and Principles of Responsible Behaviours.’ The resolution expresses the willingness of states which supported this document to preserve outer space as a peaceful, safe, stable and sustainable environment.
The General Assembly encouraged the Member States to study existing and potential threats to space security, identify actions and activities that could be considered responsible, irresponsible or threatening, and share their ideas on the further development and implementation of norms, rules and principles of responsible behaviours.
A number of countries, including those that voted against the resolution, commented on the issues raised. These comments were included in the report of the UN Secretary-General presented to the General Assembly in 2021.
The outcome of the report was the convening of the Open-Ended Working Group on Reducing Space Threats through Norms, Rules and Principles of Responsible Behaviours (OEWG). The OEWG is mandated to hold four substantive sessions, two of which took place in May and September 2022. The third session is planned for early next year, and the fourth is scheduled for August 2023.
The OEWG works by consensus, which makes it difficult to adopt the final report: previous sessions have shown that states have different views on some aspects of space threats. The situation is complicated by space security issues being discussed in parallel in several international forums: at the UN Committee on the Peaceful Uses of Outer Space, at the UN Disarmament Commission, at the Conference on Disarmament and now at the OEWG.
Sustainable space can become a reality only if all the stakeholders commit themselves to cooperating in a way that respects interests of all players, on the principle of transparency and trust. Intersputnik, as an international organisation, has always supported and promoted the principles of equitable collaboration in pursuit of a common goal. In this case, such goal is to maintain near-Earth space available for free use for scientific, social and commercial purposes. A unified approach to space use regulations can and should serve as a model for such cooperation.