September 19, 2024
I have taken notice lately of the number of headlines that are discussing cyberspace threats in space. Well, not just threats in cyberspace space but also kinetic threats in space. In many ways the threats are interconnected as cyberspace attacks can lead to kinetic results in space. And the likely threat actors are significant as “growing threat of major space attack by China and Russia” is one recent headline that is sure to grab most anybody’s attention. And in another article I learned that U.S. adversaries including China and Russia are showing increased interest in disrupting American space assets through cyberattacks that could cripple military communications. According to Deputy Assistant Secretary of Defense for Cyber Policy, Mieke Eoyang, nation-state hackers are considering ways to disrupt space assets “at all segments,” and emphasized ground stations that transmit data to satellites and space stations are easiest to target. So I started to investigate how much impact these threats may have and identify what we are doing to protect our assets in space from cyber attack and from kinetic attack.
My first tasks were to determine “why is space an important target for our adversaries; and, what are the impacts of a loss of a satellite?” The answer is space provides a tremendous economic value to the United States and the world as commercial space assets are spearheading much of the digital transformation we exerience on earth. According to Forbes, “Many communication networks are currently switching from terrestrial (land-based) to cloud-based communications due to the ability of satellites to transfer data over enormous, global distances. By 2030, 25,000 satellites carrying over 500,000 petabytes of data will be launched.” SpaceX itself plans to launch 42,000 satellites over the next decade. SpaceX Starlink employs laser communication for inter-satellite links. This effectively creates a space-based optical mesh network between the satellites to move huge amounts of data at broadband speeds. Commercial space systems are taking over missions that were previously the sole domain of government entitities, including maritime domain awareness, communications, space-based optical sensing and surveillance, RF data collection, and more. The digitization of space systems has also afforded new robotic techniques and probabilistic autonomy of space assets, which presents an additional layer of mission cybersecurity. The increasing size, scale, and interdependence of space technologies across countries and between different actors also increases the attack surface and the impact of cyber and kinetic space attacks.
There are space-based systems that are especially important to the economy and to the military – such as GPS – the Global Positioning System. GPS is a constellation of 24 orbiting satellites that provide position, navigation, and timing data to military and civilian users globally. GPS is operated and controlled by Space Delta 8 of the Space Force, located at Schriever Air Force Base, Colo. GPS satellites orbit the earth every 12 hours, emitting continuous navigation signals. With the proper equipment, users can receive at least four satellite signals to calculate time, location and velocity. The signals are so accurate, time can be figured to within a millionth of a second, velocity within a fraction of a mile per hour and location to within 100 feet. Receivers have been developed for use in spacecraft, aircraft, ships, land vehicles, and precision-guided munitions, as well as for hand carrying.
The military and intelligence agencies are also heavily dependent on space assets for surveillance of our adversaries, from imaging satellites to satellites with sensors that collect RF signals of all types, to communication satellites. Spy satellites typically utilize either Low Earth Orbit (LEO) or Geosynchronous Orbit (GEO), depending on the desired surveillance capabilities, with LEO offering frequent passes over a target area and GEO providing continuous observation of a specific region. Both orbits are used for different aspects of intelligence gathering depending on the mission. Our spy and military satellites are of particular interest to our adversaries for obvious reasons. And our adversaries are active in tracking these and other communications satellites up close and personal. In the latest episode of cat-and-mouse, in May 2024, the U.S. accused Russia of launching a satellite that is tracking a U.S. spy satellite in orbit. The Russian satellite, Cosmos 2576, is believed to be a “counterspace weapon.” The satellite’s orbit allows it to stalk the U.S. spy satellite, USA 314, which is operated by the National Reconnaissance Office (NRO). The U.S. claims that Russia is weaponizing space, and that Cosmos 2576 is capable of inspecting and attacking other satellites in low Earth orbit. Cosmos 2576 shares similar characteristics to other anti-satellite “weapons” that Russia has deployed in the past, including in 2019 and 2022. Another Russian inspector satellite known as Luch 2 is continuing a pattern of unusual maneuvers that have raised eyebrows in the space intelligence community since launching in orbit for just over a year. It has been positioning itself near several communications satellites in what appears to be an ongoing signals intelligence-gathering mission.
Climate change, weather monitoring, and infrastructure monitoring satellites also provide significant economic value to global users. Weather monitoring satellites are estimated to generate over $30 billion annually in economic benefits by providing crucial data for weather forecasting, which is relied upon by various sectors like transportation, utilities, and construction, allowing them to plan ahead for severe weather events and minimize potential losses, thus contributing significantly to the economy. According to the World Meteorological Organization, there are currently around 322 Earth observation satellites in orbit, which are primarily used for weather forecasting and climate monitoring, with 23 of them being geostationary and 223 polar-orbiting satellites; this data includes satellites operated by various space agencies worldwide.
Besides the economic value of orbiting satellites, there is also the sunk costs of making and launching a satellite, which require a period of 3 to 10 years to recognize a break even point. A typical weather satellite carries a price tag of $290 million; a spy satellite might cost an additional $100 million to design and make [source: GlobalCom]. Launching a single satellite into space can cost anywhere between $10 million and $400 million, depending on the vehicle used. The total manufacturing and launching costs can exceed $11 billion in case of mega-constellations with several thousands of satellites. So the replacement cost of a satellite damaged by a kinetic attack or taken out of commission by a cyber attack by an adversary is significant. And even though insurance is available for satellites, few satellites are actually insured. According to Atrium Space Insurance Consortium (ASIC), of the ~10,000 satellites in orbit, only around 300 are actually insured, almost all in GEO. More than 9,000 satellites are in LEO, of which only around 50 are insured.
So it is obvious that if due to lack of insurance, a satellite provider would be out the revenue for the remaining life capability of the satellite in question if there was no recovery possible, plus the costs of a new satellite. In terms of economic impact, it would depend on the targeted satellite. For example, RTI International released a 2019 study commissioned by NIST that roughly estimated a 30 day outage of GPS would cost $1 billion a day. The study covered a period from 1984, when the nascent GPS network was first opened to commercial use, through 2017. It found that GPS has generated an estimated $1.4 trillion in economic benefits during that time period. The reliance on GPS has grown since then and therefore the loss impact would be much greater today. The heaviest reliance on GPS at the time of the study is telecommunications (e.g., 4G networks). [It is interesting to note that 5G networks can and do use GPS signals for time synchronization, but they don’t have to rely on GPS as there are alternatives for timing.]
There is also great risk of catastrophic loss of capabilities due to collisions as space becomes crowded with space systems and with more space debris. And the risks of collisions are growing, especially in low-earth orbit. NASA estimates this orbit contains around 34,000 pieces of debris larger than 10 cm in diameter, 900,000 objects between 1 cm and 10 cm, and more than 128 million fragments between 1 mm and 1 cm. And even small debris traveling at high velocities can trigger catastrophic collisions, with the added problem that fragments smaller than 10 cm are impossible to track with existing surveillance technology. Collisions can create more debris as in 2009 when the U.S. communications satellite Iridium 33 collided with the defunct Russian military satellite Kosmos 2251. That single collision created more than 2,200 pieces of new debris measuring over five centimeters in diameters, according to NASA. Over many decades, the growth in space debris will make tracking and avoiding the debris more complicated, costly, and operationally difficult. It might be tough to perform a mission if frequent maneuvers are required to avoid debris. And a satellite would have to carry extra fuel for these extra maneuvers and would likely need to shield critical areas from collisions with small debris. According to Scientific American, low-Earth orbit can only hold about 72,000 satellites without a real risk of a Kessler syndrome event, under current debris conditions.
One fear held by the Pentagon is a data poisioning cyber attack against data developed and maintained by the U.S. Space Surveillance Network (SSN) which detects, tracks, catalogs and identifies artificial objects orbiting Earth, e.g. active/inactive satellites, spent rocket bodies, or fragmentation debris. The SSN uses radar and optical sensors to track objects in space. The SSN can detect objects larger than a softball in low Earth orbit and basketball-sized objects or larger in higher orbits. The U.S. freely shares it Space Situational Awareness data through the Space-Track.org platform. Typically, a satellite operator will download SSA from Space-Track and use it to perform conjunction analysis for space missions. Space-Track provides opt-in conjunction alerts and collision avoidance services, but many operators still perform these tasks in-house. SSA cyber exploitation elevates simple data integrity compromises into Cyber-ASAT capabilities. Given that most Space-Track users lack the capability to independently verify SSA claims, this trust dynamic is essentially blind. As repositories are highly centralized and hard to verify, a small change to the integrity of data in the central repository could have massive effects.
These potential threats to satellites are not just hypothetical. Real cyber attacks and real satellite collisions with debris and with other satellites have been going on for years. In 2008, hackers, possibly from China, reportedly took full control of two NASA satellites, one for about two minutes and the other for about nine minutes. In 2018, another group of Chinese state-backed hackers reportedly launched a sophisticated hacking campaign aimed at satellite operators and defense contractors. Iranian hacking groups have also attempted similar attacks. Another 2022 cyber attack against Viasat’s KA-SAT network resulted in a partial interrupton of the consumer-oriented broadband service. Similarly, the 2022 intrusion into SpaceX’s Starlink terminals highlighted the sophistication of cyberattacks against satellite systems. Attackers exploited a vulnerability in the satellites’ communication system. A study by ENISA, for example, found that the number of such attacks has increased by 300 percent in the past five years, with a particular focus on disrupting critical satellite-based communication systems.
As discussed in this research publication by Johns Hopkins University – “cyber weapons pose unique strategic threats by undermining the stabilizing dynamics of the status quo.” Cyber attacks have low risk of attribution and, by extension, low risk of retaliation (and its associated deterrent effect). There has been a great deal of debate over the ultimate attributability and deterrability of sophisticated cyber operations. However, few would contend that cyber attacks are as attributable as the launch of an orbital rocket from sovereign territory. A kinetic Anti-Satellite weapon (ASAT) would be noticed and possibly and credibly attributed within minutes, but the average data breach evades detection for 200 days, even for critical systems. A cyber-ASAT could lie dormant on target systems for years before triggering at a critical moment. Moreover, this stealth and deniability provides cover for adversary states which publicly encourage the peaceful use of space while they covertly develop ASAT capabilities.
There are other major challenges that bear down on the problem of space cybersecurity. As they compete to be the dominant satellite operator, SpaceX and rival companies are under increasing pressure to cut costs. There is also pressure to speed up development and production. This makes it tempting for the companies to cut corners in areas like cybersecurity that are secondary to actually getting these satellites in space [Boeing Starliner is one recent example of poor quality management processes]. The highly technical nature of these satellites also means multiple manufacturers are involved in building the various components. Makers of these satellites, particularly small CubeSats, use off-the-shelf technology to keep costs low. The wide availability of these components means hackers can analyze them for vulnerabilities. In addition, many of the components draw on open-source technology. The danger here is that hackers could insert back doors and other vulnerabilities into satellites’ software. The process of getting these satellites into space is also complicated, involving multiple companies. Even once they are in space, the organizations that own the satellites often outsource their day-to-day management to other companies. With each additional vendor, the vulnerabilities increase as hackers have multiple opportunities to infiltrate the system.
There are other intrinsic factors that can also affect the cybersecurity of satellites. The limitations on processing power and bandwidth in space exacerbate the challenge of implementing routine software updates and patches, leaving systems vulnerable to exploitation. The limited computing power on board the spacecraft also means that the use of long cryptographic keys can become a constraint as it may deplete the satellite’s limited power source. There are also emerging issues regarding becoming quantum-safe for legacy systems.
From a kinetic threat perspective, there are risks from collisions with space debris, with other satellites, and with hypersonic missles / ASATs. There are also electronic threats such as RF jamming, spoofing, and eavesdropping. There are laser threats as both China and Russia claim that they can blind optical sensors on military and spy satellites and/or disable optical satellite communication satellites by the use of terrestial laser complexes. ASATs pose a significant concern to the Pentagon, as it would take only 24 ASATs to remove the GPS constellation completely. Besides hypersonic weapsons, ASATs could possibly be delivered by other satellites given the space shadowing that each adversary performs. For example, China has a secret space plane that could be used for nefarious purposes. In late 2023, the Chinese space plane released numerous smaller space objects and a vehicle, and no one, at least publicly, knows where, nor what the smaller vehicle may have done between when it was launched and when it was found. The Russian Cosmos 2570 satellite actually is yet another nesting doll system of multiple spy spacecraft, each smaller than the other. Hiding killer satellites in plain sight by deploying them seemingly as part of a mega-constellation — something else that some experts worry about as China gears up not just one but three mega-constellations in LEO — is another way military space operators could seek to surprise adversaries with counter-space or space-to-earth kinetic weapons.
So what are we doing to address these cyber and kinetic challenges in space?
The U.S. is trying to address the challenges of ASATs starting with developing the capability to track hypersonic missiles in flight using AI. The Space Development Agency (SDA) awarded a developmental contract to EpiSci to develop AI software algorithms to detect these small targets and maintain custody of the targets where other objects are flying such as commercial aircraft. The European Defense Fund is also funding a research project to develop an stealthy inspector satellite in GEO, called NAUCRATES, that uses a vareity of stealth techniques to avoid radar and optical sensors.
The Pentagon has also been trying to find technologies that can provide alternatives to GPS satellites. Advances in quantum technology and other systems that use on-board sensors to locate themselves without a constellation of satellites could be promising, but the U.S. isn’t fielding them fast enough. Another path that some space officials are advocating to pursue is a kind of mosaic GPS architecture that involves space-based systems and other versions of timing systems on Earth. There are already some GPS augmentation systems that aid GPS by providing accuracy, integrity, availability, or any other improvement to positioning, navigation, and timing that is not inherently part of GPS itself, including Global Differential GPS (GDGPS). The GDGPS navigation technology underlie major global infrastructure, including the Wide Area Augmentation System (WAAS), and the GPS Operational Control Segment (OCX).
For decades, the Pentagon has wrestled with replacing large, monolithic satellites with more agile constellations of smaller spacecraft, a concept known as satellite disaggregation. Disaggregation refers to the dispersion of space-based missions, functions or sensors across multiple systems spanning one or more orbital plane, platform, host or domain. There are five approaches to achieving disaggregation: Fractionation, Functional Disaggregation, Hosted Payloads, Multi-Orbit, and Multi-Domain. Proponents have argued that disaggregated systems are more resilient against attack and allow more frequent technology upgrades.
This disaggregation vision is gaining momentum, driven by the work of the Space Development Agency (SDA) – an organization under the U.S. Space Force; and, by the success of employing such an approach by commercial entities such as SpaceX. SDA is developing a missile-tracking network in low Earth orbit using hundreds of relatively small satellites. This LEO space network is known as the National Defense Space Architecture (NDSA). NDSA is designed to communicate missile warnings; position, navigation, and timing data; and other vital information to wherever it’s needed on the ground as quickly and securely as possible. This spatial positioning not only allows information to travel more quickly and securely, but also makes the satellites much more difficult to hit than their higher flying, slower moving counterparts. NDSA uses an optical mesh to provide inter-satellite communications. These links, which transmit data via laser, can transmit data at light speed using a very narrow beam that is much more difficult to intercept than traditional radio transmission. As such, optical links provide anti-cyber capabilities that significantly reduce the vulnerabilities associated with RF communications. Many warfighting elements prefer communication capabilities defined by low probability of intercept (LPI) and low probability of detection (LPD). Laser optical links are by their very nature LPI/LPD and very difficult to jam. Military and spy satellites also employ electronic countermeasures to mitigate jamming or spoofing attempts aimed at disrupting or intercepting their signals. These countermeasures may include adaptive signal processing, frequency hopping, spread spectrum techniques, or advanced anti-jamming algorithms. If an enemy nation were to destroy one satellite in the mesh network, the data could still re-route between the other satellites to get where it needed to go. These measures enhance the satellite’s resilience to interference and protect the integrity of the data being transmitted. NDSA also supports a Position, Navigation and Timing (PNT) application. This provides an alternative to Global Navigation Satellite Systems (GNSS) like the US GPS (Global Positioning System) constellation. PNT data will be transmitted down from the satellites to users on Earth.
NIST is also on board with the concept of disaggregation as denoted in its Hybrid Satellite Network (HSN) Architecture. According to NIST, as the space sector transitions away from vertically integrated entities and towards an aggregation of independently owned and operated segments that create a space system, it needs a new vision of how to be secure, scalable, responsive, resilient, and globally information centric. NIST has developed the HSN Cybersecurity Framework (CSF) Profile to provide guidance for space stakeholders. HSN is intended to be adaptable to an increasing cyber threat and contested space environment.
Space competition in the cislunar space is also driving the need for building a consensus on cybersecurity standards and the safety of space flight. Unlike operations in Earth orbit, which are predictable and follow stable paths due to the Earth’s powerful gravitational force, spaceflight dynamics change dramatically as objects move beyond geosynchronous orbit and begin to come under the gravitational pull of the Moon. These competing forces greatly complicate spacecraft trajectories. In the cislunar regime, there are five special locations where the gravitational pull of the Earth and the Moon balance and an equilibrium is attained. Known as Lagrange points, their gravitational equilibrium enables spacecraft to remain near the points and transit between them while using only minimal fuel. Their positions relative to the Earth and Moon also offer a commanding vantage of the cislunar regime, making them highly valuable to future domain awareness, communication, navigation, and scientific activities. The cislunar space is expected to becoming quite active with robust civil, military, and commercial activity driving a need for updates to the global standards for spaceflight safety and disposal. The Aerospace Corporation (TAC) undertook a cislunar-focused review of three foundational documents on space-debris mitigation, disposal, and safety of flight. This study has found that many aspects of operating in the cislunar regime are incompatible with the current guidelines and requirements. If unified government action is not taken in the next two years, TAC reports, “widely disparate standards of sustainability may be enforced by different organizations based on extemporaneous rulemaking in the absence of a concerted, quantitative effort to determine the best path forward.”
There are currently no global cybersecurity standards for satellites and no governing body to regulate and ensure their cybersecurity. Even if common standards could be developed, there are no mechanisms in place to enforce them. This means responsibility for satellite cybersecurity falls to the individual companies that build and operate them, and this is not necessarily a good thing to leave them to their own devices. However, there is progress being made on different fronts.
In 2020, President Trump issued Space Policy Directive 5, which is a dedicated policy providing overarching cybersecurity principles for space systems. SPD-5 provides guidance on the protection of space assets and supporting infrastructure from evolving cyber threats and mitigates the potential for the creation of harmful space debris resulting from malicious cyber activities. SPD-5 directs U.S. Government agencies to work with commercial companies consistent with the principles in the SPD to further define best practices, establish cybersecurity informed norms, and promote improved cybersecurity behaviors throughout the Nation’s industrial base for space systems.
Since then, DHS, NASA, DOD, USAF, and Space Command are initiating programmatic initiatives to protect space assets essential to all domain activities. The Space Force’s Spacepower Doctrine doctrine highlights cyber operations in space as an essential aspect of military space operations to retain space dominance, which is then delineated in the Space Force’s doctrinal documents for both defensive and offensive actions. Cybersecurity and Infrastructure Security Agency (CISA) of the DHS formed a Space Systems Critical Infrastructure Working Group last year. The group operates under the auspices of the vital Infrastructure Partnership Advisory Council (CIPAC) and brings together parties involved in the vital infrastructure of the space system. Its members include leaders from business and government. NASA’s Space Security Best Practices Guide was released to support mission cybersecurity efforts for both public and private sector space activities, as space missions and technology become more interconnected. The manual was created by the government in order to promote the objectives of Space Policy Directive 5. NASA also provides guidance on space systems supply chain security through the NASA Electronic Parts and Packaging (NEPP) Program. NEPP generates technical knowledge and recommendations about electrical, electronic, electromechanical (EEE) part performance, application, failure modes, test methods, reliability and supply chain quality within the context of NASA space flight missions and hardware. This information is made available to the NASA and high-reliability aerospace community through publications, web pages and links published on this website. NEPP is also developing a supply chain security framework and process to be employed for critical applications. The framework assesses levels of trust and assurance in microelectronic systems. The process is being created with participation from a variety of organizations.
The EU’s Strategic Compass, Policy on Cyber Defence, and Space Strategy for Security and Defence all reference cyber threats on space systems as significant, pernicious, and likely. The latter recommends implementing security-by-design, systematic integration of cybersecurity standards, exchange of best practices among commercial entities, consistent security monitoring of all EU space programs, and the integration of cybersecurity measures in a new space legislation. The European Space Agency (ESA) is also looking to sustainably support a safe and secure European space sector. The ESA sees security in space and on earth as being inextricably linked for resilient and secure connectivity. ESA’s program of Advanced Research in Telecommunications Systems (ARTES) seeks to keep European and Canadian industry at the leading edge of the space global market by nurturing innovation.The goal of ESA’s ARTES 4.0 strategic programme line, “Space Systems for Safety & Security,” is to improve safety, resilience, and security in society through the development of innovative, secure satellite communication systems and their integration into public and commercial terrestrial networks. One outcome so far that was released in 2023 is the ESA Space Attacks and Countermeasures Engineering Shield (SPACE-SHIELD) – a security framework applicable to all space segments. The cyber framework covers attacks and countermeasures similar to MITRE ATT&CK and it has strong links with the work of the Aerospace Corporation with their SPARTA Framework.
A 2022 call to action by an international group of interested cyber scientists and practitioners proposed the development of a space system cybersecurity technical standard intended for commercial-off-the-shelf (COTS) modular space systems, such as CubeSats. They described existing guidance which they claimed fell short of addressing technical cybersecurity challenges for modular commercial space systems. “Most outline systems engineering and risk management guardrails that lack technical specificity with regards to cybersecurity concerns.” Perhaps in response to this call for action, IEEE is also advancing standards for space cybersecurity. In February 2023, the Institute of Electrical and Electronics Engineers’ (IEEE) Space System Cybersecurity Working Group was created with the following project scope: ‘This standard defines cybersecurity controls for space systems including subcommittees for the space/ground/user/link segments and the integration layer.”
Meanwhile, as governments and standards bodies work through their discussion around standards, the beat goes on and the demand for space cybersecurity is rising, creating an emerging market comprising new, dedicated space cybersecurity companies; traditional IT companies attempting to enter the space market; and major space companies working to commercialize space and space cybersecurity services. This industry is expected to generate 33.2 billion USD in the next ten years. The industry will be riding on the development of new AI-driven security protocols and quantum encryption which are poised to revolutionize the protection of space assets. For example, Quantum Space is developing a mesh communications infrastructure called QuantumNet. It plans to meet the increasing data demands in cislunar. Quantum cryptography also is expected to be used more widely for securing inter-satellite links, especialy for ESA assets, as EU embarks on an ambitious effort to use QKD as the cornerstone for quantum cryptography by embarking on The European Quantum Communication Infrastructure Initiative, or EuroQCI. The EuroQCI essentially maps out the building of an EU-wide QKD network. This strategic initiative has already been funded to the tune of €270m this year, with a total of €2 billion set to go to related initiatives.
Many other countries have likewise been pouring resources into a QKD-secured future. South Korea, for example, has a 2,000km-long QKD network and is intensifying its efforts in this area; Japan has an expanding testbed, and Singapore announced it is setting up a national QKD network. China is a world leader in QKD. Apart from the impressive QKD-related academic work, China has already established a working QKD network of around 5,000km, as well as putting a QKD satellite into space – thus positioning itself as the world leader in quantum cryptography by a wide margin.
Resiliency is also a strategic aspect of securing space assets and it seems to be the operative word when it comes to space cybersecurity standards and related projects. For example, the space systems cyber-resiliency (SSCR) initiative at MIT Lincoln Lab and the Space Cyber-Resiliency group at Air Force Research Laboratory-Space Vehicles Directorate has prototyped a suite of secure-by-design software systems, called Cyber-Hardened Satellite Software (CHSS), that are tailored to the unique constraints of the space domain. The project goals are to harden critical satellite components against cyberattack, render them able to autonomously recover from such an attack, and enable on-orbit programmability to ensure that the system can be future-proofed against evolving threats. SSCR draws on, and seeks to develop, revolutionary technologies from many fields of computer science and aerospace, including formally verified code, real-time operating systems, cryptography, hardware design, avionics, and testbed development. Following a successful evaluation of CHSS against an existing U.S. Space Force mission, the CHSS platform is currently being extended to support hybrid space vehicle architectures that incorporate both CHSS-aware and legacy subsystems. CHSS has the potential to revolutionize the cyber-resiliency of space systems and substantially ease the burden of defensive cyber operations.
NIST is also at the forefront on resiliency, recently updating its publication on Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. It defines an approach to cyber engineering that is intended to sustain the trustworthiness of systems “with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources.”
Space cyber-resiliency is also at the heart of work conducted by RHEA and others in the use of cyber digital twins. According to Arne Matthyssen, RHEA Group Chief Technology and Innovation Officer – “The use of Cyber Digital Twins (e.g. CITEF of RHEA Group) allows to assess the cyber resilience of existing and ‘under design’ infrastructures in virtualized emulation environments will enhance the overall readiness for rapid changes in threat vectors and society. The same Cyber Digital Twins provide us with a platform for harnessing generative AI for crafting unforeseen attack scenarios and pioneering mitigation solutions. The future of Cybersecurity in Space relies on the understanding by all of us that Space assets and services are heavily intertwined with and rely on terrestrial infrastructures and vice versa, every day 24/7, for services that we as end users see as being obvious and available by default.”
There is also threat modeling for space assets. A report by CalPoly offers a scenario-prompt generator—a taxonomy of sorts, called the ICARUS matrix—that can create more than 4 million unique scenario-prompts. A starting set of 42 scenarios is initially provided, with brief descriptions for each one, to begin priming the imagination-pump so that many more researchers can bring their diverse expertise and perspectives to bear on the problem.
So what do you think about the implications of space cybersecurity and where we are today in our space security posture? Let me know your views on this topic. And thanks to my subscribers and visitors to my site for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, authenticity, quantum cryptography, risk assessment and modeling, autonomous security, digital forensics, securing OT / IIoT and IoT systems, Augmented Reality, or other emerging technology topics. Also, email chrisdaly@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.