U.S. and Allies Move to Secure Space Assets Against Hacking, Cyber Attacks
Brussels workshop told of moves to harden vital satellite capabilities against cyber threats.
On both sides of the Atlantic, NATO and European leaders are struggling to address the threat posed to vital space systems by foreign hackers, cyber warfare and online espionage. Huge swathes of the global economy are utterly dependent on orbital capabilities like GPS that look increasingly fragile as space becomes more crowded and contested.
In Washington, D.C., last week, President Trump signed an executive order, his fifth Space Policy Directive, titled “Cybersecurity Principles for Space Systems.” And in Brussels, a raft of senior officials from NATO and various European Union (EU) institutions told an AFCEA Europe workshop about measures being taken on the other side of the Atlantic to counter growing concern about the threat of cyber attacks, which could disable critical space capabilities like Europe’s Galileo satellite navigation system—the equivalent of the U.S. GPS.
Carine Claeys, the special envoy for space in the European External Action Service—the 27-nation bloc’s diplomatic service—explained how the EU has created a multinational governance framework to manage a sudden emergency or failure in the Galileo system.
The European Council—which brings together the governments of the member states—has the final say, but the EU High Representative, its senior-most diplomat (who is also vice president of the EU Commission, the bloc’s multinational permanent civil service) has “operational responsibility for crisis management related to the Galileo system,” Claeys said. The response would be staffed and managed by the bilocational Galileo Security Monitoring Center, which has facilities in France and Spain, she explained.
But positioning, navigation and timing capabilities like Galileo are only the beginning. The EU also operates earth observation satellites (through the Copernicus program and EU-SST) and is aiming at an EU government satellite communications capability (EU-GOVSATCOM).
Moreover, the next generation of “new space” satellites—like the massive constellations of low-orbit minisats that are planned by SpaceX and others—in conjunction with 5G technologies, will offer available-anywhere, always-on, ultra-high-speed Internet connections, which will soon become as essential to the economy as GPS is now.
Over the next few years, the EU will move to “harmonize the security governance ... of all its critical space capabilities,” Claeys said, employing the Galileo setup as a template.
NATO adopted an overarching space policy last June and declared space as its fifth operational domain after land, sea, air and cyber in December. “The alliance was often a little bit slow to recognize the latest challenge,” noted former NATO official Jamie Shea in a keynote address. “I remember internal discussions about [adopting a space policy] back in the 90s,” he recalled, joking, “Better late than never!”
As with cyber issues, he noted, the key to space vulnerabilities was interconnectedness. When the alliance began to try to catalogue its cyber dependencies, Shea said, they got a nasty surprise. “When we mapped out all the networks, we were dependent on, it was amazing the multiplicity of assets,” he said.
“The Achilles heel was everywhere,” Shea concluded.
To get its arms around these issues, NATO, which doesn’t itself own any space assets, must build an “understanding of space and cyberspace interdependencies and how best to leverage advances in cyber and information and related technology to most effectively secure defense space capabilities,” according to Gordon “Skip” Davis Jr., NATO’s deputy assistant secretary general for the Defense Investment Division.
To achieve that, the alliance is moving “fairly quickly” to establish a space center of excellence, Davis said—along the lines of the Cyber Center of Excellence in Tallinn, Estonia.
“There are two proposals under consideration both with significant support of spacefaring nations. A NATO Space COE [Center of Excellence] could provide much needed expertise and support to concept and policy development as well as specialized support for training, education and exercising,” he said.
Space-based capabilities like GPS have been vital to the U.S. military for decades, but in the last 10 years, paired with the explosive growth of smartphones and other connected devices, they have become critical to the civilian economy as well.
Space Policy Directive Five on Cybersecurity Principles for Space Systems, which President Trump signed last Friday, recognizes that growing criticality—and the growing threat of hacking or other cyber attacks—but is short on actual policy prescriptions.
“It doesn’t call for regulation by any agency,” notes Makena Young, a research associate with the Aerospace Security Project at the Center for Strategic and International Studies. The FCC [Federal Communications Commission], FAA [Federal Aviation Administration] and Commerce Department all have some regulatory role, but it’s still unclear how they will work together to ensure safety and security for the new generation of much more numerous smallsats, she said.
The directive is “a baseline document … almost a primer on the issue, asking commercial and U.S. government operators to take another look at cybersecurity risks,” Young told SIGNAL Magazine.
“It talks about the need to design more robust cybersecurity into future systems but doesn’t really address systems currently in orbit,” she noted.
Shaun Waterman is an award-winning reporter and editor who has worked for the BBC, UPI and POLITICO. He is currently freelancing, covering federal information technology, cybersecurity and homeland security. He can be reached at WatermanReports@gmail.com.