If space systems such as GPS , much of the world would instantly be returned to the communications and navigation technologies of the 1950s. Yet space cybersecurity is largely invisible to the public at a time of heightened geopolitical tensions.
Cyberattacks on satellites have , but the global wake-up alarm went off only a couple of years ago. An hour before Russia’s invasion of Ukraine on Feb. 24, 2022, its government operatives to cut off communications and create confusion in Ukraine.
I and serve as an to the U.S. ³Ô¹ÏÍøÕ¾ Space Council. My colleagues and I at California Polytechnic State University’s released a on June 17, 2024, to explain the problem of cyberattacks in space and .
Space and you
Most people are unaware of the in their daily lives, never mind military conflicts. For instance, . GPS-enabled is essential in financial services where every detail – such as time of payment or withdrawal – needs to be faithfully captured and coordinated. Even making a mobile phone call relies on precise coordination of time in the network.
Besides navigation for airplanes, boats, cars and people, GPS is also important for coordinating that transport goods to stock local stores every day.
are “eyes in the skies” with a unique vantage point to help forecast the weather, monitor environmental changes, track and respond to natural disasters, boost agricultural crop yields, manage land and water use, monitor troop movements and much more. The loss of these and other space services could be fatal to people vulnerable to natural disasters and crop failure. They could also put global economics and security at serious risk.
Factors in play
In our report, we that contribute to the increasing threat of space cyberattacks. For instance, it’s important to recognize that the world is at the start of a .
By all accounts, space is and more contested. Both nation-states and private companies, and now own in orbit, are gearing up to and .
Because space is so remote and hard to access, if someone wanted to attack a space system, they would likely need to do it through a cyberattack. Space systems are particularly attractive targets because their hardware cannot be easily upgraded once launched, and this . As complex systems, they can have , and more links in the chain increase the chance of vulnerabilities. Major space projects are also challenged to keep up with best practices over the needed to build them.
And the stakes are unusually high in space. Orbital trash zips around at speeds of 6 to 9 miles per second and can on impact. It can also end space programs worldwide given the hypothesized in which the Earth is eventually imprisoned in a cocoon of debris. These consequences weigh in favor of space cyberattacks over physical attacks because the debris problem is also likely to affect the attacker.
Moreover, given and services, such as GPS, conflicts in space can spark or add more fuel to a conflict on Earth, even those in cyberspace. For instance, Russia warned in 2022 that hacking one of its satellites would be , which was a dramatic escalation from previous .
Conjuring scenarios
Even security professionals who recognize the severity of this space cybersecurity threat face a major challenge. At least in nonclassified forums, only a couple of under-specified scenarios are typically considered: something vague about satellite hacking and something vague about signals .
But failure to imagine a full range of possibilities can be devastating for security planning, especially against hackers who are a with diverse motivations and targets. These variables are vital to nail down because they reveal clues about which strategies and levers defenders may find most effective in a response. For instance, an attack by a state-sponsored hacker may require a different approach than, say, one by a criminal hacker after money or by a .
To help with this piece of the security puzzle, our report offers a taxonomy – – that captures these variables and can create more than 4 million unique combinations of variables, which we call scenario prompts. ICARUS is an acronym for “imagining cyberattacks to anticipate risks unique to space.”
Here are three of the 42 scenarios we included in the report.
A 3D or additive printer can be an invaluable resource for quickly creating parts on demand on space missions. A hacker could gain access to a printer on a space station and reprogram it to make tiny imperfections inside the parts it prints. Some of these built-to-fail components could be parts of critical systems.
A hacker could corrupt the data from a planetary probe to show inaccurate atmospheric, temperature or water readings. Corrupted data from a Mars rover, for example, could falsely show that an area has significant subsurface water ice. Any subsequent mission launched to explore the site further would be wasted.
In 1938, a about an alien attack instigated a panic when many listeners didn’t realize it was fictional. Similarly, a hacker could access the listening feeds of the Messaging Extraterrestrial Intelligence, or , project and insert something resembling alien language in METI’s transcription. They could then leak it to the media, potentially creating panic worldwide and moving financial markets.
Other scenarios in our report involve such things as insider threats, AI vulnerabilities, false flag attacks, ecoterrorism, ransomware during a launch, as well as more distant scenarios about asteroid mining, off-world colonies and space pirates.
Stories for better security
People are , whether shared around prehistoric campfires or across digital platforms today. Thus, crafting novel and surprising scenarios can help bring to life the invisible threat of space cyberattacks, as well as spotlight nuances across different scenarios that may require to tackle together.