Chatham House publishes a framework to strengthen cybersecurity in outer space

Companies, governments and regional alliances around the world increasingly rely on satellites and space-based assets to deliver a host of essential services ranging from secure communications, positioning and navigation to early warning systems, intelligence and surveillance capabilities.

The rapid commercialisation of space through companies like Rocket Lab, Space X, Blue Origin and Firefly has resulted in private sector actors progressively becoming linked with military operations, further complicating an increasingly contested environment.

The North Atlantic Treaty Organization (NATO), a post-World War Two military alliance of 30 countries from Europe and North America was designed to foster cooperation on defence and security issues and safeguard members as relations between the east and west turned frosty.

The United States and Russia first mooted adversarial anti-satellite (ASAT) capabilities in the Cold War 1960s and formalised five domains of warfare (land, sea, air, space and cyberspace) in 2010. NATO officially declared space as a 'fifth domain' of operations in November 2019.

With more and more space ports under construction and hundreds of objects headed into low, medium and geostationary orbits, these space systems and launch operations are becoming a potential target for cyberattacks that could disrupt critical functions and compromise global security.

A three-tier space security framework

In light of these challenges, Julia Cournoyer at Chatham House's International Security Programme has published a new report into securing space-based assets and proposed a three-tiered framework for strengthening NATO’s space cybersecurity posture. The three tiers are:

1. Mitigation – implementing immediate technical and policy measures to reduce vulnerabilities, such as encryption, intrusion detection and secure procurement standards.
2. Adaptation - developing long-term strategies to adjust to evolving cyberthreats, including training programmes, strategic foresight and interoperability between NATO members.
3. Resilience - focused on ensuring that space-based systems can withstand and recover from cyberattacks by prioritising redundancy, robust infrastructure and alternative navigation systems.

For experienced security practitioners, the focus on defence-in-depth and layered risk mitigations for space operations aligns with other critical infrastructure environments.

Protection against viruses and malware, patching, intrusion detection, encryption and authentication are standard system level and enterprise-wide controls. Security by design also features with an emphasis on redundant systems and asset hardening in both cyber and physical domains.

'Space warfighting' is not limited to the realm of sci-fi and attacking orbiting objects - and the resulting increase in space debris - is already of concern following incidents like Mission Shakti.

Hacking and jamming attacks feature prominently in the report, alongside the protection of ground-based infrastructure and the emerging threats of quantum computing and the increasingly ubiquitous AI. Space operators should review Chatham House's three-tiered approach to protecting critical assets for further learnings.