As we consider space as the new frontier for cybersecurity, the question that follows is necessarily how we can prevent disruptions to the space ecosystem through acts such as cyber threats and hacking?
Cybersecurity is the collective actions of people, processes and technologies to protect individuals, entities and their networks from digital attacks. Satellites are particularly vulnerable to cybersecurity hacks because some telemetry links are not encrypted.
Telemetry vulnerabilities are occasions when the automatic measurement and transmission of data are disrupted. Take, for instance, in 2014, when the network of the National Oceanic and Atmospheric Administration (NOAA) was hacked. This example and many more serve to show that any computing control systems are susceptible to infiltration from corrupted data, and in the context of space, owing to the vast supply chain that is often behind the build, design and even launch of complex satellite systems, provides fertile ground for weak links to be exploited. Cyberattacks on satellites range from spoofing, jamming and hacking attacks on communication networks; the targeted interference of control systems or mission packages; as well as attacks on the ground-based infrastructure.
Cybersecurity is expressly defined by the International Telecommunications Union (ITU) as “the collection of tools, policies, security concepts, risk management approaches and technologies that can be used to protect the cyber environment and organisation.” Space security is similar in that it is instead geared towards the protection of outer space and its assets. Cybersecurity and space security are inherently tied together because space systems provide critical data and infrastructure which are susceptible to the breach and leaking of sensitive spatial data and information.
There are several data flows between the Earth and space-based systems, so-called earth-space and space-earth interactions. When it concerns Earth-space businesses, the tech infrastructure, such as satellites, are vulnerable and require protection against hacking. As concerns, the space-earth interactions, the flow of critical data and information to the receiving ground segment must also be protected against the risk of interception.
There are three primary types of cyber-attacks, namely:
- Physical – which involves manipulating physical infrastructure and equipment;
- Non-Physical – which is a non-physical attack that interferes with data transmission or mission commands, and;
- Electronic – which is the use of the electromagnetic spectrum to jam computer-based systems, i.e. through radio, infrared or radar waves.
All of these types of attacks will usually rely on the weakness of a systems point. This is a worrying state of affairs, given the fact that most satellites and satellite systems operate without cyber-security standards. Add to this the fact that many satellites are deliberately designed with “pass-through” transmission methods, which is a simple network connection which features assist associations to reach the end-user without difficulty. This ultimately means their radio-relayed security is usually limited. A hacker would usually capitalise on such a scenario by transmitting a malicious signal which jams the satellite system.
In an attempt to regulate this, the African Union (AU) drafted the Malabo convention, which is the AU Convention on Cyber Security and Personal Data Protection. Article 8 of this document highlights its core ambit which is that each party (African member state) will: “commit itself to establish a legal framework aimed at strengthening fundamental rights and public freedoms, particularly the protection of physical data, and punish any violation of privacy without prejudice to the principle of the free flow of personal data.” All member states of the AU are expected to adhere to this framework. Not being left behind in the digital economy, Africa needs to focus on protecting its knowledge economy. Emerging tech economies needs a policy to support the use of data. Now more than ever, as Africa embarks on a regional integration project in the form of the African Space Agency, the security of shared networks will become a priority to avoid loss, damage and liability.
As the world economy progresses towards the Fourth Industrial Revolution (4IR), and the digital and information society that will develop. As a result, it suggests that very little will be safe from malicious attacks in our increasingly interconnected world. How we manage policy concerns around the Internet of Things (IoT) will be the determining factor of our fight against cyberterrorism in the space sector. Government’s challenge then is to provide internet-based service platforms for financial and business development, while ensuring the protection against the growing number of highly coordinated cyber attacks.
The unfortunate reality is that anything with an IP link is susceptible to hacking or ransomware attack, and all wireless communication is vulnerable to electromagnetic interference, which compromises the confidentiality of data. Coupled with the fact that there is no centralised regulatory body for cybersecurity in space, leaves the policy resolution of national infrastructure security in the hands of federal policymakers. A possible solution may lie in the provision of policies that mandate keeping track of the so-called “ground truth”, which is consistent monitoring of data to identify anomalies in patterns and usage (such as location, weather data, and even the time of day). This process would assist in detecting any grid load shifts and much sooner identify malicious attacks or data breaches. Blockchain is a useful way to avoid hacking as well.
Whatever mechanism, however, must necessarily be codified in policy as a strategic first step towards ensuring government accountability and uniform standards in the African space industry, hence the AU is encouraged to follow up the Malabo Convention with space and cybersecurity protocol tailored to Africa’s unique policy needs. Alternatively, and likely the most effective, would be a lightly regulated approach which develops industry-led standards, would be ideal, especially in the areas of knowledge exchange and innovation, collaboration and risk assessment. Indeed the development of a flexible, multilateral space and cybersecurity regime will ensure that space security threats do not hinder the space environment. These and other policy issues will be addressed in part 2 of this thought piece.
Ruvimbo is a graduate of Law from the University of Pretoria and serves as the National Point of Contact for Zimbabwe at the Space Generation Advisory Council (SGAC). She coached the Winning Team of the Manfred Lachs Moot Court World Finals Competition 2018 in Bremen, Germany, held during the 68th International Astronautical Congress.