Space systems are leveraged by many government and commercial entities to provide global capabilities unique to the space domain. During a conflict, adversaries will seek to disrupt, deny, degrade, deceive, or destroy those capabilities. Cyberattacks are a complex but effective and increasingly prevalent attack vector in the space domain. To counter the threat posed by cyberattack, cybersecurity and space operations are becoming inextricably linked.
Historically, spacecraft had been considered relatively safe from cyber threats and space system vulnerabilities were often overlooked in evaluation of critical infrastructure. With space cyber threats emerging from nation-state actors, government and industry stakeholders identified that additional defenses should be implemented. Space-centric cybersecurity standards and governance have been slow to materialize, however, and are lagging behind the growth of the cyber threat. Defense-in-depth techniques for space system protection must be adopted across the government, industry, and international community to ensure space systems are resilient to cyber compromise. Potential solutions will include increased cooperation across these domains and require a blend of policy, standards, and technical solutions.
One thrust of this collaborative effort is a threat-informed risk mitigation strategy to protect space systems. This analysis describes the background of space system cybersecurity and the state of existing standards, the concepts of defense-in-depth protection necessary to protect spacecraft, and then a threat-oriented approach to space cyber risk assessment. The ultimate result of this analysis is a set of products that define risk driven requirements to utilize during acquisition and operations for better space system protection.