This image from April 24, 2021, shows the SpaceX Crew Dragon Endeavour as it approached the … [+]
America’s space systems —- from ground to orbit —- need to be officially recognized, codified and protected as ‘critical’ U.S. infrastructure. Or so concludes a detailed 38-page report published today by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.
Designating space systems as a critical infrastructure sector would signal to both allies and adversaries that space systems are a priority and will be treated accordingly, Frank Cilluffo, the paper’s lead author and the Auburn, Ala.-based institute’s director, told me via email.
‘Space systems’ include sensors, signals, uplinks/downlinks and the data they transmit, payloads, applications, critical technologies, supply chains (including software, hardware, assembly, manufacturing, and servicing), and all of the people who support these components, says Cilluffo.
The protection parameters should be adjusted to encompass the further growth of space systems beyond geosynchronous orbit, even to the lunar surface, Cilluffo says.
Most of today’s space systems were developed under the premise that space was a sanctuary from conflict, the paper’s authors write. But with China and Russia as potential threats, this is no longer the case, they note.
The authors propose that Congress fund NASA $15 million per year so that it can oversee protection of our space infrastructure. This would support 25 fulltime employees devoted to activities needed to protect national security, civil, and commercial systems, they write.
Would NASA be willing to commit to such a task?
NASA would need to both develop and scale up its capacity to protect national security, civil, and commercial space systems, says Cilluffo. But NASA understands both the economics and the diplomacy of space and can partner effectively with the private sector, he says.
The U.S. Dept. of Defense (DoD), says Cilluffo, should continue to serve as the Sector Risk Management Agency (SRMA) for defense and Intelligence systems, while the FCC should continue to regulate space-based communications systems.
Long exposure image of the Starlink 5-1 launch from Space Launch Complex 40 (SLC-40) at the Cape … [+]
As for specific threats?
“Command intrusion and denial of service are two tools often used by hackers and nefarious actors to disrupt or dismantle operations,” said Cilluffo.
Both could be used to disrupt global banking systems, navigation systems, surreptitiously collect intelligence, and/or destroy a given satellite system’s functionality.
Adversaries can use both methods to disrupt our economy and spy on military operations, says Cilluffo.
But don’t the existing U.S. Space Force and the U.S. Cyber Command protect us from such attacks?
Space Force, U.S. Cyber Command, and the DoD’s capabilities are a critical part of U.S. intelligence, warfighting, and cyber deterrence, and they should and will continue to maintain that critical role, says Cilluffo. But securing space goes beyond defense, he says. It bleeds into our economy, daily life and the entire U.S. space ecosystem, he says.
Trouble is, many satellite systems were and are designed for longevity, not security, Cilluffo and colleagues note in their paper. “Communications between ground stations and satellites — known as uplinks and downlinks — are often transmitted through unencrypted or open networks and are thus susceptible to hostile intervention,” they write.
What needs to be done to make America’s satellite systems more secure?
Hardening protections from design to deployment (paying particular attention to semiconductors and other technologies of interest to our adversaries), says Cilluffo. An enhanced model of public/private partnership, in which risk management is genuinely shared, is needed, he says.
Who worries Cilluffo most as a potential space adversary —- Russia or China?
Both are significant and real threats, says Cilluffo.
In 2021 and 2022, the International Space Station (ISS) had to conduct emergency maneuvers to avoid space debris created by a Russian ‘direct-ascent anti-satellite’ (ASAT) test, the authors note. And early last year, Moscow hacked U.S.-based satellite internet provider ViaSat to disrupt Ukraine’s military communications just an hour before Russia invaded the country, they write.
The attack disrupted internet service across Europe and in subsequent electronic attacks, Russia tried jamming SpaceX’s Starlink satellite constellation.
As for China?
The Chinese military is developing “kinetic-kill missiles, ground-based lasers, and orbiting space robots” as well as “satellite jammers; offensive cyberspace capabilities; and directed-energy weapons,” which can disrupt or destroy satellites, write the authors.
If there is conflict, China will try to blind and deafen the United States, says Cilluffo. Our risk management efforts must bear all of this in mind, he says.
