Australia’s space security strategy needs to aim higher

Thursday, 9 December 2021

Space will become the new battlefield for cyberattacks.

University of Newcastle logo

As I am sitting down to pen this article, a massive Chinese rocket booster is plummeting out of space will plummet out of space. The core stage of a Long March rocket which China launched last week at the end of April is making an uncontrolled fall back to earth. Though statistically it is likely to fall somewhere over the water on earth, it is the uncontrolled fall which has exercised many including several government agencies in the world. The UCS Satellite Database1 shows that there are 3,372 satellites currently orbiting Earth; over the next decade, some 57000 satellites are expected to be launched worldwide over the next decade. When it comes to space debris, that is, defunct human-mad objects in space, principally in earth that no longer serve a useful function, it is estimated that there are over 20,000 such objects and probably over a million smaller pieces of debris.

Clearly all these space objects orbiting the earth can lead to heavy congestion, potentially increasing the possibility of accidental collisions in the space. Such collisions can hinder the potential of satellites and the downstream industries they support. But just imagine if the space objects can be manoeuvred to cause collisions by malicious actors. This is not inconceivable in the future as space becomes more and more contested. Furthermore, as much of the world’s critical infrastructure - such as defence systems, communications and air transport – depends on the space infrastructure and assets, such malicious acts can have significant consequences at national and international levels.

Space systems, just like other systems in the digital infrastructure, are vulnerable to cyberattacks. However, policy makers often fail to include the space assets and infrastructures as critical infrastructures. Recently last year, the Australian Government has introduced the security legislation amendment which seeks to amend the critical infrastructure act establishing a framework for managing risks to national security related to 'critical infrastructure assets'. With the space getting not only more congested but also increasingly contested, it is critical for Australia to step up its space security not only to protect its space infrastructures but also to maximize the potential opportunities critical for its strategic and economic interests.

“Space systems are attractive to target”

Cyberattacks on space assets present a more subtle, stealthier and even a more effective form of attack compared to the more direct kinetic attacks. The ability to impact multiple systems by compromising a central point of failure makes space systems attractive targets for the attackers. The attacker can choose the simpler route to compromising a nation’s commerce by targeting communication satellites that provide connectivity enabling banking systems.

Another factor that makes space systems attractive targets is their vast area of attack surface. The complexity of these systems imply that they require technologies from different manufacturers with various specialties and a system integrator to synthesize all the components to function as one. Such a supply chain to create these systems make them attractive to attackers. Different vendors’ technologies can provide various access points for an attacker to compromise a satellite. This is further aggravated by recent trends in the production of low-cost satellites being launched into orbit often using commercial-off-the-shelf (COTS) technology. COTS technologies can contain open-source components such as operating systems, which can have security vulnerabilities that can affect the core functions of a satellite. This opens up opportunities for the attackers to disable satellites or even maliciously direct a satellite to collide with others. Collisions among small satellites such as cubesats are known phenomena. The attacker having compromised the satellites can go to compromise the critical services on the ground that are enabled by the space system. This can lead to stealthy attacks as well as can cause serious damage to end-users’ operations. For instance, the attacker can intercept links and inject false data to impact adversely the behaviour of critical systems resulting in system overrides or even crashing them.

A well-known space-based attack is the compromise of GPS systems, which rely on satellites to triangulate specific positions on earth. For instance, Russia had installed GPS jammers on over 250,000 cellular towers to disrupt the navigation of incoming missiles from the US2. GPS spoofing, which involves the manipulation of the GPS signal is far more dangerous than jamming because the GPS appears to be working as intended. The trust in the device is not broken for a spoof, which becomes dangerous when dealing with critical systems. There are multiple ways to spoof a GPS satellite. One mechanism is where an adversary uses a software defined spoofer to insert a barely detectable fake signal behind the true signal, and gradually increases the power of the fake signal to the point where the receiver thinks the fake signal is actually the real signal.

In the recent years there have been several incidents of cyberattacks on space assets and this trend is set to increase due to not only a greater number of space infrastructure but also due to the absence of regulatory foresight in space security and the increased importance of space in the economic interests of the nation states. Hence the urgency for Australia to step up and develop strategies and plans for cyber security and space.

“Space and Cyber” – The Way Forward

Though among the space industry community, the lack of cyber security measures has been acknowledged, the responses have been somewhat mixed. Though attacks such as jamming and spoofing against satellites have been well documented, a broader analysis of the range of cyberattacks against space systems, space networks and the impact of these attacks on the ground infrastructures has been lacking. The vulnerability of space assets themselves is often overlooked in wider discussions of cyber threats to critical national infrastructure. For instance, technologies used in satellites can come from a broad international supply chain with many components, several of which requiring regular security upgrades. Carrying out these upgrades via remote connections can make these space assets vulnerable. Furthermore, as satellites are regularly used to provide Internet and other services used by infrastructures not only on the ground but also potentially to other space systems, propagation of malicious software can have significant adverse effects. Hence as the space sector grows supporting critical infrastructures across the world, one attack on a key node in the space sector could have the leveraged potential to affect critical national and international capabilities. This situation is further aggravated as many of the current space assets lack the security functionalities to detect and counteract cyberattacks, resulting in a low probability of discovering cyberattacks.

Furthermore, the rapid advances in cyber and artificial intelligence (AI) technologies provide the opportunity to embed intelligent autonomous systems in the space to detect, respond and adapt to dynamic security threats. Developments in large scale cloud technologies can enable creation of dynamic distributed virtual infrastructures and services in the space systems. Furthermore, such technologies can lead to reimagining the space infrastructure with new cloud services such as a ground-station-as-a-service allowing users to directly manage assets such as satellites and data moving from/to space via cloud data centres. However, these technologies also create new security challenges for space systems. I believe it is now time for Australia to develop a comprehensive strategy for cyber security of space systems and infrastructures cognizant of recent developments in cyber and AI. It is critically important to establish a security culture for all those who work on space assets and set up cyber security capabilities for mission systems.

Vijay Varadharajan

Global Innovation Chair Professor in Cyber Security

The University of Newcastle

8 May 2021

Related news