Space threats are changing at an incredibly rapid pace. Cyber threats pose a significant and complex challenge due to the absence of a warning and the speed of an attack by an adversary, the difficulty of attribution, and the complexities associated with carrying out a proportionate response. Spacecraft, ground systems, mission operations centers, and links are all at risk.
Calls for sharing spectral bands previously allocated for space-based services and encroachment of high-power terrestrial transmitters into the frequency bands adjacent to space-based services could place many critical national security, navigation, and weather- and water-monitoring systems at risk.
With greater spectrum-sharing and the proliferation of cyber threats, operators and users of space-based systems can no longer presume interference-free operation. The Space Safety Institute (SSI) is helping Aerospace advance a threat-informed risk mitigation strategy to protect our critical space systems. SSI conducts cybersecurity and spectrum research and provides development initiatives, assessment strategies, and capabilities for space missions.
Independent Assessments
Risk management is a key component when architecting a secure space system or assessing its security gaps. Not all security controls can be implemented due to resources, technology, or schedules. Establishing which cybersecurity controls should be employed by missions should be a risk-based decision not solely driven by compliance. Aerospace performs risk-based cyber analysis for each critical mission or capability, including vulnerability assessments, non-invasive cyber assessments, threat modeling, mission resiliency modeling, and threat hunting, supported and enabled by space cyber laboratories and test ranges.
The increasing demand for spectrum and its finite supply will continue to present tough choices for regulators and commercial communications companies. A series of Aerospace papers illustrate the context of this ongoing debate and examine various policies for managing spectrum-sharing.
Standards and Best Practices
The U.S. National Space Policy states that unfettered access and freedom to operate in space is a vital national interest, and that it is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of critical U.S. infrastructure. The U.S. governance structure for general information technology (IT)-based cybersecurity has made strides in recent years with the maturation of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and Cybersecurity Framework (CSF).
NIST cybersecurity maturity standards and guidelines help organizations improve cybersecurity measures and best practices, but these are not directly applicable to the space domain, especially the spacecraft. Aerospace supports the development of space-centric cybersecurity standards utilizing defense-in-depth techniques for space systems to ensure their resiliency to cyber intrusions. SSI focuses on best practices and engagement with a range of government and commercial entities to ensure common baselines.
Research and Development
SSI provides a range of research and development initiatives, including cloud security research, defensive cyber operations for space and ground to identify anomalies using machine learning and artificial intelligence, red/blue team training and testing, telemetry simulations, and analytic capabilities. In addition, SSI provides access to a range of cyber labs and space-proven prototypes representing the entire space architecture, including space and ground segments.
Aerospace developed the Space Attack Research and Tactic Analysis (SPARTA) matrix to provide unclassified information to space professionals about the types of space-cyber threats they need to be resilient against. SPARTA empowers the space-cyber community to continually educate engineers and system defenders so they can overcome the unique cyber threats they face in the domain.
The Moonlighter prototype, a 3U CubeSat developed by Aerospace in partnership with Space Systems Command and the Air Force Research Laboratory, launched in June 2023 as the final arena target object for Hack-a-Sat 4. Moonlighter provided the national security space community the ability to perform realtime space-cyber tests against an asset in orbit—the first time an in-space platform has been used in a Capture-the-Flag exercise.
Policy and Strategy
Historically, spacecraft have been considered relatively safe from cyber intrusions; however, emerging threats bring spacecraft into play as a direct target by an adversary. The U.S. government has given significant prominence to cybersecurity concerns. SPD-5 serves as the foundation for the U.S. government approach, which includes working with the commercial space industry and other nongovernment space operators to further define best practices, establish cybersecurity-informed norms, and promote improved cybersecurity behaviors. Based on SPD-5, our future space systems, which include spacecraft and payloads, must be made cyber-resilient and secure.
Currently, few international, legally binding agreements exist that constrain a country’s freedom of action in space. One exception is regulations for the use of the electromagnetic spectrum by the International Telecommunications Union.
Aerospace is paving the way forward with a variety of solutions, including increased cooperation across disciplines to establish cybersecurity best practices and norms of behavior through a blend of policy, governance/oversight, and technical solutions. SSI experts participate in cyber and spectrum policy development at the national and global levels.
Previous: Launch and Reentry Safety Next: Human Spaceflight Safety