Policy Tools To Address Cybersecurity In The African Space Industry Part 1

“Space is a critical asset for the modern state and the challenges it faces. This dependency relies on the critical interaction of cybersecurity and space security.” 

Photo Credit: SKA South Africa
Photo Credit: South African Radio Astronomy Observatory (SARAO)

The 5G cellular network has emerged as a significant technology with satellites poised to adopt a more critical role in communications infrastructure, which requires more robust policy, systems, and infrastructure design to protect against the threat of cybersecurity attacks, especially in light of the surge of satellite jamming operations (the degradation and disruption of connectivity by interfering with the signals that are used for communication).

As we consider space as the new frontier for cybersecurity, the question that follows is necessarily how we can prevent disruptions to the space ecosystem through acts such as cyber threats and hacking?

Cybersecurity is the collective actions of people, processes and technologies to protect individuals, entities and their networks from digital attacks.  Satellites are particularly vulnerable to cybersecurity hacks because some telemetry links are not encrypted.

Telemetry vulnerabilities are occasions when the automatic measurement and transmission of data are disrupted. Take, for instance, in 2014, when the network of the National Oceanic and Atmospheric Administration (NOAA) was hacked. This example and many more serve to show that any computing control systems are susceptible to infiltration from corrupted data, and in the context of space, owing to the vast supply chain that is often behind the build, design and even launch of complex satellite systems, provides fertile ground for weak links to be exploited. Cyberattacks on satellites range from spoofing, jamming and hacking attacks on communication networks; the targeted interference of control systems or mission packages; as well as attacks on the ground-based infrastructure.

Cybersecurity is expressly defined by the International Telecommunications Union (ITU) as “the collection of tools, policies, security concepts, risk management approaches and technologies that can be used to protect the cyber environment and organisation.” Space security is similar in that it is instead geared towards the protection of outer space and its assets. Cybersecurity and space security are inherently tied together because space systems provide critical data and infrastructure which are susceptible to the breach and leaking of sensitive spatial data and information. 

There are several data flows between the Earth and space-based systems, so-called earth-space and space-earth interactions. When it concerns Earth-space businesses, the tech infrastructure, such as satellites, are vulnerable and require protection against hacking. As concerns, the space-earth interactions, the flow of critical data and information to the receiving ground segment must also be protected against the risk of interception. 

There are three primary types of cyber-attacks, namely:

  • Physical – which involves manipulating physical infrastructure and equipment;
  • Non-Physical – which is a non-physical attack that interferes with data transmission or mission commands, and;
  • Electronic – which is the use of the electromagnetic spectrum to jam computer-based systems, i.e. through radio, infrared or radar waves. 

All of these types of attacks will usually rely on the weakness of a systems point.  This is a worrying state of affairs, given the fact that most satellites and satellite systems operate without cyber-security standards. Add to this the fact that many satellites are deliberately designed with “pass-through” transmission methods, which is a simple network connection which features assist associations to reach the end-user without difficulty. This ultimately means their radio-relayed security is usually limited. A hacker would usually capitalise on such a scenario by transmitting a malicious signal which jams the satellite system. 

In an attempt to regulate this, the African Union (AU) drafted the Malabo convention, which is the AU Convention on Cyber Security and Personal Data Protection. Article 8 of this document highlights its core ambit which is that each party (African member state) will: “commit itself to establish a legal framework aimed at strengthening fundamental rights and public freedoms, particularly the protection of physical data, and punish any violation of privacy without prejudice to the principle of the free flow of personal data.” All member states of the AU are expected to adhere to this framework. Not being left behind in the digital economy, Africa needs to focus on protecting its knowledge economy. Emerging tech economies needs a policy to support the use of data. Now more than ever, as Africa embarks on a regional integration project in the form of the African Space Agency, the security of shared networks will become a priority to avoid loss, damage and liability. 

As the world economy progresses towards the Fourth Industrial Revolution (4IR), and the digital and information society that will develop. As a result, it suggests that very little will be safe from malicious attacks in our increasingly interconnected world. How we manage policy concerns around the Internet of Things (IoT) will be the determining factor of our fight against cyberterrorism in the space sector. Government’s challenge then is to provide internet-based service platforms for financial and business development, while ensuring the protection against the growing number of highly coordinated cyber attacks.

The unfortunate reality is that anything with an IP link is susceptible to hacking or ransomware attack, and all wireless communication is vulnerable to electromagnetic interference, which compromises the confidentiality of data.  Coupled with the fact that there is no centralised regulatory body for cybersecurity in space, leaves the policy resolution of national infrastructure security in the hands of federal policymakers. A possible solution may lie in the provision of policies that mandate keeping track of the so-called “ground truth”, which is consistent monitoring of data to identify anomalies in patterns and usage (such as location, weather data, and even the time of day). This process would assist in detecting any grid load shifts and much sooner identify malicious attacks or data breaches. Blockchain is a useful way to avoid hacking as well. 

Whatever mechanism, however, must necessarily be codified in policy as a strategic first step towards ensuring government accountability and uniform standards in the African space industry, hence the AU is encouraged to follow up the Malabo Convention with space and cybersecurity protocol tailored to Africa’s unique policy needs. Alternatively, and likely the most effective, would be a lightly regulated approach which develops industry-led standards, would be ideal, especially in the areas of knowledge exchange and innovation, collaboration and risk assessment. Indeed the development of a flexible, multilateral space and cybersecurity regime will ensure that space security threats do not hinder the space environment. These and other policy issues will be addressed in part 2 of this thought piece.

 

© Space in Africa 2020

All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited. You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other forms of electronic retrieval system.


New Report: The 2020 Edition of African Space Industry Annual Report is now available. It presents data and analyses on projects, deals, partnership and investments across the continent. It also provides analyses on the growing demand for space technologies and data on the continent, the business opportunities it offers and the necessary regulatory environment in the various countries.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.