The need for cyber security in space

In 1961, Australia opened its ‘glittering giant’ – a state of the art radio telescope situated in the middle of a wheat field. At the time, it was one of the most powerful telescopes in the world, better equipped, so the papers boasted, to track space probes than any other instrument in the world. At the time it was said that “when any nation attempts to send a space vehicle to the moon or one of the planets, it is likely to ask for Australia’s help.”¹

Indeed, when vision was beamed back from the Apollo 11 moon landing, the Parkes telescope was one of the primary receivers that allowed the world to see it.² Upgrades over the years have led to the telescope detecting nearly half of all found pulsars as well as being nearly 10,000 times more sensitive than when first built.

Few things have captured the imagination like the space race of the mid-20th century. Since then, the sector has been quietly getting on with things – but as the industry begins expanding at breakneck speed, it’s time for the rest of us to pay attention once more.

The race for space

There is money to be made in space. In the last five years, the OECD valued the global space sector at US$277 billion thanks largely to satellites.³ Investment from venture capital firms, a rise in start-ups, a reduction in the cost of launching payloads and smaller satellites have all contributed to lower cost of entry.⁴

In Australia, with the establishment of the Australian Space Agency (ASA), there are plans to grow the national sector to AU$12 billion a year by 2030, accompanied by the establishment of more than 20,000 space industry jobs.⁵ The country is well positioned to continue contributing to the global industry, given its geographical location in the southern hemisphere, as well as its ideal conditions for both monitoring the skies and situating ground facilities (such as low light pollution and a lot of empty land).⁶

Indeed, the ASA and NASA have announced a mission to send an Australian-made, semi-autonomous rover to the moon, granted in part due to the nation’s mining experience in remote operations and autonomous systems.⁷* This heritage also speaks to the potential for asteroid and off-world mining, where recent studies suggested a single asteroid could contain over 700 quintillion dollars worth of precious metals.⁸  The space industry, of course, is more than rockets and trips to the Moon (or Mars) and aside from exploration, is already manufacturing equipment and making use of satellites for navigation, precision-farming, broadcasting, communications and weather forecasting.

Adelaide, we have a problem?

Government and private investment, skills and scientific capability, job appetite, physical location, the startup landscape and falling tech cost barriers are all intermixing in a way that could see Australia become a world leader in the sector. This opportunity relies on the ability to create a cyber-safe and resilient space industry. With the focus on prioritising innovation and rapid-prototyping, cyber security risks being put on the back burner.

This is problematic, as the privatisation of space and proliferation of affordable satellites means the opportunity for hackers is growing. Risk of cyber disruption has been elevated across the entire supply chain – from space vehicles, satellites and launch vehicles to ground stations, radio links, and the manufacturers of software and hardware components. While it sounds like a Bond film, humanity has indeed reached the point when navigation can be interrupted, communications jammed, satellites manipulated, sensitive data stolen, space missions hijacked and satellites (even decommissioned ones, of which there are thousands) used nefariously. 

This is not theoretical. In recent geopolitical conflicts satellites have been hacked by nation states to bring down communications networks, track military incursions, jam signals and spoofed to confuse military drones, and indeed, been shot down via missiles.^9,10 Nations are actively researching ways to destroy private satellite networks in the event they were to threaten national security.¹¹ These attacks are not limited to highly-resourced, nation state actors – hackers have shown that satellites can be compromised with a few hundred dollars of easily obtainable equipment and a laptop.¹²

The reality is, as the proliferation of companies helping launch satellites lowers the cost of space-based infrastructure, so too does it lower the barriers for cyber adversaries – both determined and opportunistic – to cause disruption.

A safe cyber space

Cybersecurity should not be thought of as something that halts innovation. In fact, it is an enabler of better innovation and stronger trust. Brakes on a car reduce speed, but they also safely allow its acceleration. For the space sector, viewing cyber risk holistically as part of broader resilience and safe-by-design engineering plans is vital to minimising harm and unleashing ambition. 

In Australia, the risk and opportunity of strengthening resilience in space has been signalled by government recognition of space as critical infrastructure, where cyber is one of four key pillars of ‘all hazards’ risk management. For those that operate across the space value chain, the following four imperatives will help build strong cyber resilient organisations and embed safety in the technologies being designed, built and operated:

1. Have an open mind and be prepared to throw-out what you already know. Many space system resilience and technology practices are based on tried-and-tested methods, refined over many decades. But these methods are dangerously out-of-date with respect to growing cyber threats. Uplifting cyber maturity has been undertaken by many other mission-critical industrial sectors (such as aerospace) and the space sector can benefit from their learnings in the age of IT/OT convergence. 

2. Frameworks need to be fit for purpose. Space system security and resilience is similar to, but quite unique from, traditional control systems. Organisations should look to security practices in operationally tech-heavy industries, such as telecommunications and advanced manufacturing. However, fundamental differences mean they should not be adopted wholesale – the most obvious example being that space-based infrastructure is remote by default, limiting the ability for local intervention and failsafes. Physical segregation of control systems to compensate for poor security controls is no longer a viable option.

3. Embed a cybersafe culture by leveraging core safety and systems availability values and principles. Security buy-in can be challenging when perceived cyber threats are low, which has historically been the case in space where ‘security through obscurity’ has been relied upon for far too long. It is a small and subtle shift, but most engineers will understand and appreciate issues of system uptime, availability and safety, which can then prompt a more meaningful cyber security conversation. The right language will start to shift the dial in enabling  a strong, cyber-aware culture.

4. Consider the ecosystem effects. Space and cyber systems are critical enablers to broader infrastructure and services, upon which people rely on.  A focus on any single system or risk needs to be balanced with a broader understanding of the risks inherited across the ecosystem. Without this ‘bigger picture,’ trust is diminished, reducing the benefits and increasing the costs associated with integrating space and cyber into our everyday lives and critical infrastructure.

Lift off

Space is vitally important to the future economic prosperity and security of Australia. As we look to the stars with hope, it is critical that we protect ourselves from the threat of nefarious actors intent on causing harm to our way of life, our security, and our space-bound aspirations. 

Uplifting cyber resilience across the space sector starts with a small step, but it’s one that will enable a giant leap.