Didier Schmitt :
As recent events in Paris have shown, asymmetrical attacks are a cost-effective way for terrorists to cause immense impact. This was also the case for the cost ratio between the 9/11 attacks and the subsequent invasion of Iraq. But there are other threats coming, beyond these cowardly actions, in the future. Space is an obvious next target, as an increasing number of vital services depend on it.
Taking control of satellites, making them collide, damaging their critical sub-systems or ground stations, or spoofing and jamming their signals is no longer just science fiction. In addition, space assets are particularly vulnerable because of their long life cycles. It is not unusual forten years to pass between the design and launch of a satellite. When it’s in space for the next decade, you cannot simply go and fix it, or put an armed guard in front of it.
The magnitude of the emerging threat may be beyond what had been anticipated, and hardening space equipment is expensive. Owners of military satellites have little to fear from amateur, unprofessional hackers, but civilian systems, like most European programmes, are far from being properly protected. Some online stores actually have better cybersecurity than some satellites.
Space is not just a bunch of satellites far, far away. Positioning, timing and communication satellites are vital for our economy, the safety of citizens and our modern way of life. Space assets provide a master-infrastructure which supports many other activities. As an example, dysfunctional satellites or signals can lead to power-grid black outs, severely impact stock exchanges, or disable mobile phone networks.
The civil space community is slowly waking up to this new menace posed by cybercrime and cyberterrorism. A decade or so from now, the weaknesses will have worsened significantly, considering the certain proliferation of autonomous vehicles and the billions of devices, mostly in homes, that will be linked up by swarms of mini-satellites through the internet. Provoking a “space cataclysm” could become a reality for the fanatics as they seek to return us to their vision of the Middle Ages.
However, reaction times are much longer, and the possible damage is potentially much higher, for satellite systems, than ground infrastructures. Cyberattacks on networks hit the news every other day, but these are only in their infancy compared to what is in front of us as their progression will not be linear but exponential. We should all be concerned about this, and join forces in identifying the risks and defining common solutions.
One of the main challenges is to know what cybercrime or cyberterrorism will look like in 10-15 years, as the next generation of space assets need in-design hardening and current assets need better resilience based on software updates. But in the meantime, one needs to raise the awareness of the service providers, the users and the public opinion on this broad issue that should concern each and every one of us.
Cyber communities and space communities largely ignore each other, mostly because of very different cultures. Even at a military level, the US has now identified their GPS satellites as an “Achilles heel” to their aim for space supremacy. For obvious reasons it is difficult to get much information on vulnerability and countermeasures out of the defence sector. But for civilian programmes, we need to trust one another and share information more to allow vulnerability disclosure exchange from which we will all benefit.
Like all cyberattacks, attribution is difficult, but in this case it does not actually matter so much. What does matter is to identify and merge cyber-events about the actions of a common enemy. The main source of information is the space industry itself, and public and private operators as they are the main targets of disruption. We need to ensure that we are all working together, holistically.
(Didier Schmitt is a Space security analyst at the European External Action Service (EEAS).