ArticlePDF Available

Space Systems Security: A Definition and Knowledge Domain for the Contemporary Context

Authors:

Abstract and Figures

A second space race has taken off and it is driving the rapid deployment of modernised satellites and other space systems that each introduce new security risks to an aged and already vulnerable ecosystem. The engineering, science, and technology aspects of space security are currently understudied and disjointed, leading to fragmented research and inconsistent terminology. This paper details the results of a global survey of space security experts to define Space Systems Security and the scope of its interdisciplinary knowledge domain. It also provides a review of current space security literature and examines the contemporary space systems context from a security perspective.
Content may be subject to copyright.
Journal of
Information
Warfare
Volume 21, Issue 3
Summer 2022
Contents
A Note from Editor
L Armistead
Book Review
B Hutchinson
Authors
Strategic Cyber Environment Management with Zero Trust and Cyber
Counterintelligence
T Bodström
Relating Credibility to Writing Style, Emotion, and Scope of Spread of Disinformation
P Shen, Y Chen, P Tseng
Validating a Framework for Oensive Cyberspace Operations
G Huskaj, F Blix
Ambiguous Self-Induced Disinformation (ASID) Attacks: Weaponizing a Cognitive
Deciency
M Canham, S Sütterlin, T Ask, B Knox, L Glenister, R Lugo
Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry
G Grispos, W Mahoney
Strategic Cognition War
W Hutchinson
Information Warfare: Leveraging the DMMI Matrix Cube for Risk Assessment
H Newman
Space Systems Security: A Denition and Knowledge Domain for the Contemporary
Context
J Plotnek, J Slay
i
ii
iii
1
13
26
43
59
74
84
103
Journal of Information Warfare
© Copyright 2022
Published by
ArmisteadTEC, LLC
Virginia Beach, Virginia, USA
Print Version
ISSN 1445-3312
Online Version
ISSN 1445-3347
Journal of Information Warfare (2022) 21.3: 103-19 103
ISSN 1445-3312 Print/ISSN 1445-3347 Online
Space Systems Security: A Denition and Knowledge Domain for the
Contemporary Context
JJ Plotnek, J Slay
University of South Australia
Adelaide, Australia
E-mail: jordan.plotnek@mymail.unisa.edu.au; jill.slay@unisa.edu.au
Abstract: A second space race has taken o and it is driving the rapid deployment of modernised
satellites and other space systems that each introduce new security risks to an aged and already
vulnerable ecosystem. The engineering, science, and technology aspects of space security are cur-
rently understudied and disjointed, leading to fragmented research and inconsistent terminology.
This paper details the results of a global survey of space security experts to dene Space Systems
Security and the scope of its interdisciplinary knowledge domain. It also provides a review of
current space security literature and examines the contemporary space systems context from a
security perspective.
Keywords: Critical Infrastructure, Cybersecurity, Resilience, Satellite, Space Security, Space
Systems, Space Weapon, Threat
Introduction
In 1957 the Soviet Union launched Sputnik-1, the rst manmade object to enter earth’s orbit, trig-
gering a two-decade long space race and forever changing the course of human history. Today the
beginnings of a second space race are in progress, this time with almost 3000 articial satellites
already in operation (UCS 2020), and space debris in perpetual orbit. As the global battle for space
superiority ramps up for a second time, one is forced to acknowledge the vastly dierent techno-
logical landscape, compared to that of 1957.
Industrial systems are particularly vulnerable and are specically targeted by adversarial groups
and state actors (Kaspersky Lab 2022), and space systems are not immune to these threats. In
fact, as detailed in the following sections, space systems face a greater range of threats and have
further reaching consequences than those faced by terrestrial critical infrastructures (Bradbury et
al. 2020), and considering the level of military dependence on space infrastructure and the volatile
state of global aairs today, it is essential that the security of space systems is considered.
Research Approach
This paper aims to lay the academic foundations in response to the existing void in literature on
security in a space systems context. The research outlined in this paper has three key objectives:
1. To examine the contemporary space context from a systems security perspective;
104 Journal of Information Warfare
2. To dene ‘Space Systems Security’ for the contemporary context; and
3. To scope the interdisciplinary knowledge domain of space systems security.
To achieve the rst objective, the research commenced with a literature review of existing pub-
lished space security literature, especially focusing on the literature pertaining to engineered sys-
tems. The literature review ndings were then summarised and interpreted to examine the space
systems context from a contemporary security perspective (Plotnek & Slay 2022).
Having gained an understanding of the space systems security context, and building on founda-
tional space security literature, a survey was designed to obtain expert input on the denition of
space systems security and its knowledge domain. The survey received responses from two dozen
academics and professionals with at least seven years of experience in space security and its relat-
ed disciplines across Australia, Canada, the United States, India, the United Kingdom, and Spain.
The questions in the survey were presented as per items A and B below. The anonymised responses
to each question were then collated to identify common themes and concerns among the respon-
dents. Individually unique feedback was also taken into consideration, albeit with less conclusive
weight on the research outputs.
The remainder of this paper details the outcomes of the research outlined above.
A. Space Systems Security—Denition
Background
Traditionally space security has been viewed primarily as a military domain (Sheehan 2015). More
recently, however, this view has expanded to include the following three dimensions of space se-
curity (Mayence 2010):
1) security in space (in other words, space systems security).
2) space for security (for example, military space operations); and
3) security from space (such as protecting Earth from space-based threats).
Drawing from traditional space security literature, Moltz (2011) proposes a denition that can be
applied directly to the more specic domain of space systems security: “[Space systems security
is] the ability to place and operate assets outside the Earth’s atmosphere without external interfer-
ence, damage, or destruction”.
Question
Taking into account your own experiences and understanding of the domain, does Moltz’s deni-
tion adequately dene ‘Space Systems Security’? If not, please explain what you believe is miss-
ing or inaccurate.
B. Space Systems Security—Domain
Background
Space systems security is, by nature, an interdisciplinary knowledge domain. Various technical
disciplines form an integral component in protecting the space technology ecosystem from exter-
nal threats.
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Table 1, below, attempts to map the Space Systems Security domain. Each row of the table rep-
resents a dierent threat to space systems in general (Harrison et al. 2022), whereas the columns
approximate the attack surface (for example, vectors/.entry-points into the system).
VECTOR
THREAT
Ground Segment Space Plaorms
Ground
Staon Launchpad Simulators /
Emulators
Supply
Chain Personnel Payload Radio Link
& Telemetry Compung Internal
Comms
Onboard
Sensors
Non-Mali-
cious
(e.g. solar
are)
Teleport
Engineering
/ IT Security
Launchpad
Engineering
Soware
Engineering
Business
Connuity
Planning
Occupaonal
Health &
Safety
Space Engi-
neering
Telecomm.
Engineering
Computer
Engineering
Telecomm.
/ Materials
Engineering
Electronics
Engineering
Cyber
(e.g. mal-
ware)
Cyber Oper-
aons OT Security
Cyber Se-
curity / OT
Security
Cyber 3PP
/ Supply
Chain
Security
Cyber IAM OT Security Cyber Oper-
aons
Cyber Engi-
neering
Cyber Engi-
neering
OT / IoT
Security
Kinec
Physical
(e.g.
ASAT)
Building /
Perimeter
Security
Perimeter
Security
Building
Security
Business
Connuity
Planning
Protecve
Security
Military
SpaceOps
Military
SpaceOps
Military
SpaceOps
Military
SpaceOps
Military
SpaceOps
Non-Ki-
nec
Physical
(e.g.
EMP)
ECM ECM Emanaons
Security
Business
Connuity
Security
Training &
Awareness
Space Engi-
neering
Telecomm.
Engineering
Materials
Engineering
RF/Materials
Engineering
RF/Electronics
Engineering
Electronic
(e.g. RF
jamming)
Facility
Emanaons
Security
Perimeter
Emanaons
Security
Building
Emanaons
Security
Business
Connuity
Building
Emanaons
Security
Telecomm
/ Materials
Engineering
Telecomm
/ Materials
Engineering
Telecomm
/ Materials
Engineering
Telecomm
/ Materials
Engineering
Telecomm
/ Materials
Engineering
Table 1: Mapping the Space Systems Security knowledge domain
Denitions:
• Cyber 3PP: Cyber security assurance of Third Party Purchasing (3PP) and outsourced
services;
• Cyber IAM : Cyber Identity & Access Management;
• Cyber Threat: A software-based threat that occurs via computing and telecommunications
infrastructure;
• ECM: Electronic Countermeasure (ECM) Analysis to protect against Electronic Warfare
(EW) tactics;
• Electronic Threat: An electronic threat that causes non-physical impact, such as a Radio
Frequency (RF) Denial of Service (DoS);
• Emanations Security: Electronic protection against Radio Frequency (RF) attacks, such as
TEMPEST;
• Kinetic Physical: A physical threat that causes a physical impact, such as an Anti-Satellite
weapon (ASAT);
• Non-Kinetic Physical: An electronic threat that causes a physical impact, such as an
Electromagnetic Pulse Weapon (EMP) or social engineering;
• Non-Malicious Threat: An unintentional threat, such as environmental or accidental;
• OT Security: Operational Technology (OT) and cyber-physical systems (CPS) security;
• Teleport Engineering: Telecommunications port (teleport) & RF antennae reliability
engineering.
Question
Based on your experiences working with space technologies, do you believe anything is missing
or inaccurate in the table above? If so, please explain what is missing or what should be modied.
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Journal of Information Warfare 105
Literature Review
Of the various disciplines contributing to space security knowledge, the social sciences are the
most mature, with several decades of published history. Traditionally, space security has been
viewed primarily as a military domain due to Cold War motivations behind the rst space race
(Sheehan 2015). More recently, however, this view has expanded to include three dimensions of
space security (Mayence 2010):
1. security in space (such as protecting space systems);
2. space for security (for example, military space operations); and
3. security from space (like protecting earth from space-based threats).
This paper focuses exclusively on the rst dimension of space security, herein referred to as ‘Space
Systems Security’. Drawing from older literature, the authors can nd several space security de-
nitions that help to understand space systems security more specically. Moltz’s denition serves
as an initial baseline, dening it as “the ability to place and operate assets outside the Earth’s at-
mosphere without external interference, damage, or destruction” (Moltz 2011).
A whitepaper by the United States Oce of the Assistant Secretary of Defense for Homeland
Defense & Global Security entitled ‘Space domain mission assurance: A resilience taxonomy’
(USDoD 2015) gets particular attention amongst space resilience advocates; however, it does little
to set the scene before proposing a resilience taxonomy that is detached from tangential resilience
and security literature.
A second key text in this domain is the book entitled Critical Space Infrastructures: Risk, Resil-
ience and Complexity (Georgescu et al. 2019), which successfully introduces space system fun-
damentals and examines space systems as critical infrastructure but is decidedly lacking in its dis-
cussion of cyber security issues. However, the introduced taxonomy is helpful as it splits Critical
Space Infrastructure (CSI) into ve distinct categories, as well as discusses interdependencies with
other systems like those for water and energy.
Harrison et al. (2022) conducted an annual ‘Space Threat Assessment’ that focuses on the threat of
counter-space weapons, breaking them down into four broad but useful categories: kinetic phys-
ical, non-kinetic physical, electronic, and cyber. The remainder of the report is less conceptually
repurposable and goes on to analyse dierent nation state capabilities and their threat to the United
States at the point in time of the assessment.
A paper entitled ‘Cybersecurity Threats to Satellite Communications’ (Housen-Couriel 2016) es-
tablishes a typology of state actor responses. However, the paper does not adequately address
space security from a technical perspective. In contrast to Harrison et al. (2022) Housen-Couriel
(2016) identies only three kinds of satellite ‘disruptions’: kinetic (direct impact of one satellite
with another), virtual (interference with communications), and hybrid (electromagnetic pulse, or
EMP, weapons). It then plots these three disruption categories against ve stages of satellite oper-
ations:
1. pre-launch;
2. at launch;
3. telemetry, tracking, and command (TT&C);
4. transmissions; and end-of-life (Housen-Couriel 2016).
106 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Livingstone and Lewis (2016) take a high-level approach to space cybersecurity, discussing topics
such as cyber threats and risks to satellite infrastructure, as well as challenges and trends in the
industry. However, the paper is directed toward a general audience so is not guided by existing tax-
onomies and does not serve the purpose of a foundational academic text. It also is limited to cyber
threats alone, which forms only one threat type that a space security practitioner must be aware of.
Finally, a comprehensive paper by Pavur and Martinovic (2020) details the cybersecurity threats
to satellites and examines over 100 signicant satellite hacking incidents over the past 60 years.
The paper identies four sub-domains that satellite cybersecurity applies to: satellite radio-link
security, space hardware security, ground station security, and operational/mission security. They
comment on the cross-disciplinary nature of space security but, perhaps due to their narrow focus
on cybersecurity, stop short of treating space security as a domain in its own right.
A few other papers touch on the subject (Hannan 2018; Ikitemur et al. 2020; Kallberg 2012; Kang
et al. 2018; Santamarta 2014) but are specic to niche technologies or formal methods and hence
do not adequately lay the foundations for future research on space systems security as a separate
domain. It is important to note that this literature review was only conducted across open-source
English resources, not only skewing the threat context to a Western Anglophone bias, but also ex-
cluding any additional or conicting research that may exist within classied archives.
Contemporary Space Systems Context
Space is the next frontier for human civilisation. Humans have long relied on space infrastructure
for the advancement of technologies on earth, with such dependencies becoming more and more
critical. Developments such as orbital manufacturing, extra-terrestrial colonisation, space mining,
and other feats that were unimaginable only a few generations ago are well in sight.
Space Infrastructure
Critical Space Infrastructure (CSI) can be broken down into ve key categories (Georgescu et al.
2019):
• Remote sensing;
• Communications;
• Meteorological;
• Global Navigation Satellite Systems (GNSS); and
• Administrative and legislative frameworks.
The technologies covered by the above are predominantly articial satellites, but may also include
space stations, rovers and vehicles, rockets, space probes, ground stations, and terrestrial commu-
nications links. Naturally, each of these systems has various unique processes, technologies, and
vulnerabilities.
Remote sensing involves the passive or active collection of data about a subject of study without
making physical contact. Space infrastructures that fall under this category include systems that
conduct surveillance, scientic monitoring, or information gathering for things like terrain map-
ping and military reconnaissance. These kinds of systems are particularly vulnerable to laser at-
tacks, as they allow for electromagnetic penetration to achieve their primary function (Georgescu
et al. 2019).
Journal of Information Warfare 107
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Communications Satellites (ComSat) provide global telecommunications coverage and are useful
for aviation and long-distance connections where earth’s curvature inhibits the line of sight—com-
munications which, if interrupted, could result in signicant loss of life here on earth. A study
done by Steinberger at the U.S. Joint Electronic Warfare Center found that the most vulnerable
component of satellite communications infrastructure is the antenna, which exposes the satellite to
attacks, such as jamming or spoong (Steinberger 2008). The earth segment was also found to be
particularly vulnerable to jamming, as well as cyber threats stemming from Internet connectivity.
Meteorological space infrastructures are generally used to monitor Earth’s climate and weather
and are critical for tasks like extreme weather prediction. These satellites are generally minimal in
build, as their primary purpose is to transmit photos and meteorological data to earth. There is yet
to be any published research specic to meteorological satellite vulnerabilities; however, due to
their simple anatomy it can be inferred that they likely share general vulnerability commonalities
with other satellite systems.
GNSS includes navigation, positioning, and timing applications, and is perhaps most recognisable
in satellite technologies such as the Global Positioning System (GPS). GNSS are heavily relied on
by terrestrial applications, such as the electric grid and guided weapons systems, whereby a satel-
lite failure could cause far-reaching and catastrophic consequences, including loss of life. Due to
the relatively long history of such systems, satellites delivering GNSS capabilities have been privy
to greater levels of security research compared to other space-based systems. Across the literature,
jamming and spoong emerge as the primary vulnerabilities of GNSS (Ioannides, Pany & Gibbons
2016; de Abreu Faria et al. 2016; Amin et al.2016).
Administrative and legislative frameworks are a quintessential component of CSI and are also
notably immature at this point in time (Planck 2009). A growing number of countries around the
world are recognising space systems as Critical National Infrastructure (CNI) and hence the ad-
ministrative and legal frameworks to support them are gaining global attention and prioritisation.
One notable example is The Woomera Manual project, which is an international research collab-
oration to articulate existing international laws applicable to military space operations (Stephens
2021). Space as a legal domain is notoriously complex due to its international signicance and lack
of any divisible territory (del Monte 2013). For space security purposes, this category functions
as a supporting component because, although frameworks are not targetable by a threat actor, they
can aid in pre-emptive security eorts, data collection and retention standards, post-compromise
forensics, and attribution, prosecution, and retaliation.
Threat Landscape
Space systems operate in one of the most naturally hostile environments known to man, constantly
facing threats such as electromagnetic radiation and space debris. In addition, systems deployed
in space also face a variety of unique challenges that do not commonly apply to terrestrial infra-
structure, such as lack of redundancy or maintenance options (Georgescu et al. 2019). Although
non-malicious threats must be considered when risk assessing space technologies, this paper will
focus primarily on malicious threats.
When discussing malicious threats, it is helpful to break them down into three components (see
Figure 1, below): the actor, the vector, and the attack. The threat actor is the person or organisation
behind the attack and can be assessed by considering the threat actor’s capability to conduct an
108 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
attack versus their intent behind the attack. The threat vector refers to the vulnerable point of entry
used by the threat actor to successfully carry out the attack; for example, if a ground system is air
gapped (for example, not connected to any network) then the threat vector may be a ash drive.
Finally, the attack itself is the exploit used by the threat actor to achieve his or her objectives and
to cause the desired impact, for example malware or spoong.
Figure 1: Anatomy of a targeted threat
Although a formal threat actor taxonomy is yet to emerge in the literature, a threat actor is gen-
erally categorised as one of the following: nation-state, terrorist, criminal group, or individual
(such as, insider threats, hacktivists, or bored teenagers) (Livingstone & Lewis 2016). Sometimes
hacktivism occurs on a larger scale (for example, Anonymous) and can be treated as a separate
category, conforming to neither terrorist nor criminal motivations. Bradbury et al. (2020) broke
these high-level categories down further and provided space-specic examples, whereby each
space-cyber actor has his or her own intent (such as, goals and motivations) and capability (for ex-
ample, environment and resources) that drives his or her decision-making process when carrying
out a targeted attack. Pavur and Martinovic (2020) produced a similar yet simpler version of this
threat actor table, expanding beyond just cybersecurity considerations.
Threat vectors need to be assessed on a case-by-case basis; however, there are four common attack
surfaces for deployed space systems (Wheeler et al. 2018):
• inputs (such as sensors and RF antennae);
• outputs (like telemetry transmitters);
• internal communications (for example, Spacewire buses); and
• computing (like the internal system that integrates each component).
Each of these components can be accessed via a myriad of dierent threat vectors, such as through
ground segments, supply chains, unsecured communications links, and countless other avenues.
Bradbury et al. (2020) propose a handy reference architecture for assessing space system threat
vectors and attack surfaces in their 2020 IEEE Aerospace Conference paper.
Targeted attacks to space infrastructure can be broken down into kinetic physical, non-kinetic
physical, electronic, and cyber—as per the threat assessment published by Harrison et al. (2022).
In this context, both kinetic and non-kinetic physical threats aim to impact the physical com-
ponents of a space system. The dierence between the two is inherent in the title, with kinetic
referring to tangible threats, such as anti-satellite (ASAT) missiles, and non-kinetic referring to
intangible threats, such as lasers and EMP weapons. It is worth noting here that kinetic weapons
are particularly risky as any ensuing space debris can cause cascading failures, where one colli-
Journal of Information Warfare 109
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
sion leads to the next and suddenly a large number of satellites are transmorphed into space junk,
including unintended targets (Wright, Laura & Lisbeth 2005).
Electronic threats do not aim to have a permanent physical impact, and so are not to be confused
with non-kinetic physical threats that do. An electronic threat generally involves interfering with
RF signalling—for example, signal jamming or spoong—to interfere with the availability or in-
tegrity of communications, with the consequences to the space infrastructure itself usually being
temporary.
Finally, cyber threats seek to interfere with the condentiality, integrity, or availability of space
infrastructures through the manipulation of data and code. Cyber threats are the most exible of
the categories, with a wide range of malicious options and outcomes available to the adversary
(Plotnek & Slay 2021a). Cyberattacks are rapidly growing in occurrence and severity due to their
accessibility, aordability, and the increased level of control an actor has over the impact com-
pared to alternative forms of attack. As such, cyberattacks deserve special attention when research-
ing threats to space systems. The Cyber Kill Chain is a conceptual model invented by Lockheed
Martin to understand the various stages of a cyberattack (such as reconnaissance, weaponization,
delivery, exploitation, installation, command and control, and actions on objectives), and which
helps to analyse attacks and attack vectors for prevention and incident response. In their 2021
conference paper Van der Watt and Slay adapted the Cyber Kill Chain model to Low Earth Orbit
(LEO) satellites.
Past Events
In addition to a lack of academic research in the eld, public access to information about incidents
to critical infrastructure is often condential or classied, making it dicult to fully understand
existing security risks to space systems. Pavur and Martinovic (2020) conducted an in-depth study
into historical satellite security incidents and identied 116 signicant events since Sputnik, with
the rst occurring in 1986.
The rst few years of space attacks saw a heavy focus on piracy and spoong, with satellite im-
agery data being eavesdropped to avoid subscription fees and television streams being hijacked
to broadcast unsolicited messages. A noteworthy example is the 1987 hack conducted by an em-
ployee of the American Christian Broadcasting Network who transmitted unauthorised biblical
messages over the Playboy Channel’s planned broadcast.
The 1990s saw a move towards signal jamming, with commercially available satellite jammers
being produced and state actors such as the U.S., Iran, Indonesia, and Russia carrying out various
jamming operations.
The turn of the century brought about an increase in commercial and state-sponsored jamming, sig-
nal hijacking, laser attacks, malware, eavesdropping, and other increasingly sophisticated attacks
(Pavur & Martinovic 2020). In 2007, China compromised two NASA satellites via the ground
station, taking complete control over their ight signalling (Bardin 2013). That same year China
also demonstrated a kinetic ASAT weapon against one of its own satellites, producing hundreds of
pieces of dangerous space debris along with it, and playing a role in the onset of the second space
race that is ccurring today (Zissis 2010).
110 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
There are many more examples of malicious threats to space infrastructure that solidify the need
for space systems security. Appendix A of Pavur and Martinovic’s paper contains a comprehensive
list of past cyberattacks on satellite infrastructure (2020).
Future Considerations
Whereas the rst space race cemented space systems as critical infrastructure, the second space
race is shifting the focus from government to commercial interests. According to Livingstone
and Lewis (2016), the next decade or so will see system-on-a-chip avionics, self-optimizing au-
tonomous systems, complex on-board satellite processing, autonomous satellite-to-satellite (S2S)
communications, plus several complex software additions. Each technological advancement intro-
duces new vulnerabilities that could be exploited, producing unseen eects. For example, consider
a futuristic piece of worm-like malware that corrupts a satellite connected via an autonomous S2S
system—the entire eet could be compromised and potentially rendered unserviceable after a sin-
gle infection.
Alongside this resurgence in the rapid development of space systems, several new threats are
emerging. Public awareness of cyber warfare, cyber terrorism, and cybercrime is increasing, espe-
cially after the 2022 Russian invasion of Ukraine, and so are the capabilities of motivated threat
actors (Plotnek & Slay 2021b). Both cyber and electronic weapons are becoming more eective
and accessible by the day, with at least 120 dierent countries already invested in cyber warfare
capabilities (McAfee 2005).
Mass-scale environmental and political events may also impact humankind’s reliance on CSI,
which could cause unforeseeable impacts. For example, hazardous asteroids heading for earth
(O’Neill & Handal 2021) or the growing threat of climate change, both of which are tracked and
assessed using space infrastructure, may evolve and become more critical as time goes on. Another
example might be a third eruption of world warfare. Military equipment has become increasingly
reliant on satellite technology and such a situation may over-burden aging infrastructure and cause
denials of service in critical moments. On a similar note, the United States has ocially approved
the establishment of a Space Force to directly counter these threats (Farley 2020) and many other
countries are likely to follow suit, events that will undoubtedly impact the space security domain
in the coming decades.
Contextual Summary
As shown in Figure 2, below, current space systems security literature demonstrates an under-
standing of attack surfaces, threats, and actors, as well as past events and future predictions that
are not shown in the diagram.
Journal of Information Warfare 111
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Figure 2: Threats to CSI broken down into taxonomical sub-categories, as per available literature
Expanding on Harrison et al. (2022) malicious (non-environmental) space threats can be classied
under four categories: kinetic physical, non-kinetic physical, electronic, and cyber. These four cat-
egories are more descriptive for general security use, compared to the three law-driven categories
(kinetic, virtual, and hybrid) proposed by Housen-Couriel in an earlier paper (Housen-Couriel
2016); however, more research may be required to determine a universally robust space threat
taxonomy. In that same paper, Housen-Couriel identies ve stages of satellite operations, which
should be conrmed by satellite engineering academia and analysed from a mission security per-
spective.
Space Systems Security Denition
As demonstrated, to date there is no existing denition of ‘Space Systems Security’. Therefore,
the rst question in the survey sent to the two dozen space security experts attempted to build a
contemporary denition for the rst dimension of space security, using Moltz’s 2011 denition as
a starting point per the aforementioned Research Approach.
In response to Moltz’s denition, as applied to space systems security, approximately half the
respondents stated that the denition was adequate, some qualifying their support with possible
improvements. The other half stated that Moltz’s denition is not adequate for dening space sys-
tems security, each raising one or more reasons to support his or her opinion.
Of the respondents that provided comments suggesting that Moltz’s denition should be modied,
most raised an issue with the word ‘external’. The general agreement was that modern threats
often originate internal to the system, such as an Insider Threat or coding aw. A signicant pro-
portion of respondents also raised concern with the phrase ‘outside Earth’s atmosphere’, arguing
that critical segments such as ground, control, and supply chains exist terrestrially. Additionally, a
number of expert respondents took issue to the limitations of the terms ‘interference, damage, or
112 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
destruction’, stating that it is not possible to avoid such outcomes in the space environment, given
the non-malicious threat context (for example, radiation and space junk). Some respondents also
mentioned the need for the denition to include a timeframe or sense of lifecycle, given the short
pre-dened lifespan of most space systems.
Given the feedback above, and taking into account other less signicant or unied comments, the
resulting denition came to be:
“Space Systems Security is the ability to assure the condentiality, integrity, and availability of a
space system throughout its lifecycle, including all ground, communications, and space segments
as well as the data, processes, and supply chains that support it”.
Space Systems Security Domain
With an understanding of the criticality of space infrastructure, its deepening vulnerability issues,
and the unpredictable threat environment within which it is situated, it is easy to see the importance
of space security. Unfortunately, up until now there has been little recognition or structure aorded
to the complex domain of space systems security.
The second space race has sparked a period of rapid development and deployment, which presents
signicant complications without a unied understanding of the domain’s research problems for
ecient prioritisation and collaboration. The current lack of direction and common purpose has
led to a double-up in the limited research available, with each contributing discipline evidently
taking a siloed approach to space security terminology and taxonomy. Additionally, unlike a lot
of other critical infrastructures, space has direct military applications—meaning that ecient re-
search and development is crucial for national security objectives, such as eective threat deter-
rence and space superiority.
The kind of eciency needed to compete in the volatile arena of this new space race is only made
possible through a better understanding of space systems security as a specialist interdisciplinary
domain, where each contributing eld has a valid voice for enhanced collaboration. The second
question in the expert survey attempts to dene the scope of the space systems security domain.
An initial model of the knowledge domain was constructed in Table 1, above, based on an amal-
gamation of the context examined above. This was then provided to the expert respondents as
per Question B in the Research Approach, to which the respondents stated whether they believed
anything was missing or inaccurate. Approximately two thirds of the respondents proposed at least
one addition or modication to the initial model. These proposed changes were then incorporated
into the modied knowledge domain table, as presented in Table 2 and further detailed in Table
3 and Table 4.
Journal of Information Warfare 113
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
THREAT
TYPE /
TARGET
Governance Seg-
ment Ground Segment Space Segment C3 Segment
Non-
Malicious
Protecting gover-
nance components
from non-malicious
threats through
Security Training &
Awareness, BCP/DRP,
Legal Compliance,
V&V, RF Spectrum
Management and
OH&S
Protecting ground
components from
non-malicious
threats through
Debris / Celestial
Monitoring and
Reliability
Engineering
(Telecomm, Soft-
ware, Aerospace,
ICT)
Protecting space compo-
nents from non-
malicious threats
through Human Factors,
Safety, Materials and
Reliability Engineering
(Elec., Aero., Mech.,
Software, Electronics,
Robotics)
Protecting C3
components from
non-malicious threats
through Data
Management,
Redundancy /
Reliability
Engineering
(Telecomm., Software,
ICT)
Cyber
Protecting
governance
components from
cyber threats through
Cyber GRC, Cyber
Assurance Testing,
Supply Chain Security,
Cyber Training &
Awareness, Access
Management, Threat
Intel. & Cyber Law/
Reg.
Protecting ground
components from
cyber threats
through IT / OT/ IoT
Security Engineering,
Security Monitor-
ing (e.g., SOC),
and Cyber Incident
Response
Protecting space com-
ponents from cyber
threats through OT/ IoT
Security Engineering,
Security Monitoring (e.g.,
IDS/IPS), Resilience
Engineering (e.g., D4P2),
Oensive Defence
Protecting C3 com-
ponents from cyber
threats through IT / OT
/ IoT Security, Secure
Coding, Cryptography,
Security Monitoring
(e.g., IDS/IPS), Anti
Malware, Redundancy
Engineering, Integrity
Checks
Electronic
Protecting gover-
nance components
from electronic
threats through
Electronic Assurance
Testing, Threat Intel.,
and EW Law/Reg.
Protecting ground
components from
electronic threats
through EMSEC /
TEMPEST, ECM /
EW, Physical
Security (e.g.,
perimeter,
surveillance)
Protecting space
components from
electronic threats
through EMSEC /
TEMPEST, ECM, EW
Counterspace Operations,
Resilience Engineering
(e.g., D4P2)
Protecting C3 compo-
nents from electronic
threats through
Redundancy
Engineering, Integrity
Checks
Kinetic
Protecting gover-
nance components
from kinetic threats
through Surveillance
/ Threat Intelligence,
International Space
Law / LOAC
Protecting ground
components from
kinetic threats
through Physical
Security (e.g., safes /
locks, building,
perimeter,
surveillance)
Protecting space com-
ponents from kinetic
threats through Counter-
space Operations /
Weapons, Space
Monitoring, Resilience /
Redundancy Engineering
Protecting C3 com-
ponents from kinetic
threats through
Counterspace
Operations / Weapons,
Space Monitoring,
Resilience /
Redundancy
Engineering
Table 2: Space Systems Security knowledge domain
In Table 2 key threat types (rows) are correlated against key system segments (columns) that may
be targeted. The resulting cells represent the 16 core functions of space systems security—ulti-
mately, that is to full the above denition of space systems security.
114 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Governance
Segment
R&D, Procurement & Supply Chain,
Personnel, Legal, Ethical, & Compliance
Ground
Segment
Teleport & Terminals, Space Trac
Management, Launch Facility / Vehicle,
Simulators / Emulators, Manufacturing
Facilities
Space
Segment
Power System & Wiring, Propulsion
System, Weapon System, Life Support
Systems, Space Vehicles, & Rovers
Comms,
Control &
Computing
C3 Segment
Sensors, Data (scientic, technical,
positional), Control Signalling, Radio
Link & Telemetry, Computing, Soft-
ware, Onboard Processing
Table 3: Space systems segments
The segments detailed in Table 3 form the four key components of any space system:
• Governance segment;
• Ground segment;
• Space segment; and
• Communications, control, and computing (C3) segment.
In this model, the governance segment includes any people, policies, and processes in place to
design, build, launch, operate, maintain, and decommission a space system. The ground segment
includes any terrestrial technologies or subsystems that form part of the overall space system,
while the space segment represents the same but for technologies and subsystems deployed outside
Earth’s atmosphere. Finally, the C3 segment includes anything that exists in or exclusively inter-
acts with cyberspace, such as computing infrastructure, control signals, radio links, and data itself.
Non-Malicious
Threats
Accidental, Environmental (space debris,
radiation, interference, solar ares, scin-
tillation)
Cyber Threats Code / Data Manipulation, Malware,
Denial of Service, Hijacking, Spoong,
Eavesdropping, Cyber Warfare
Electronic
Threats
Jamming, Lasers, Spoong, Eavesdrop-
ping, EMP Weapons, Electronic Warfare
Kinetic
Threats
Physical Attacks (tampering, theft, for
example), Missiles / ASATs, Deliberate
Space Junk / Debris Fields
Table 4: Threats to space systems
The threats to space systems detailed in Table 4 are an adaptation of the counter-space threats
Journal of Information Warfare 115
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
proposed by Harrison et al. (2022). The categories of Electronic and Non-Kinetic threats were
combined, as per common feedback from the respondents. This change was also noted to align
with the commonly used military terms ‘cyber warfare’ and ‘electronic warfare’.
Future Research
There is ongoing research to further validate and expand on the ndings detailed in this paper.
Notably, given the operational nature of most space systems and with a now dened understanding
of space systems security as a domain, the concept of space systems resilience is being explored
with the expert group. Further research into space systems security as a specialist interdisciplinary
domain would also be benecial in breaking down disciplinary silos, enhancing collaboration, and
unifying denitions, taxonomies, and research objectives.
Conclusions
Far from being a hypothetical consideration, vulnerable space infrastructures have already experi-
enced a plethora of signicant security events and they will only increase in frequency and impact
looking towards the high-tech and interconnected future of space ight. Earth-based societies are
already dependent on space infrastructure and face dire consequences without the proper consid-
eration of space systems security.
This paper has established a contextualised contemporary foundation for space systems security
drawn from existing cross-disciplinary literature on the subject. The researchers consulted two
dozen space security experts across half a dozen countries to shed light on the denition and
knowledge domain of space systems security. A contemporary space systems security denition
was proposed, and the knowledge domain was mapped against key threats and core space system
segments. Finally, wider recognition of space systems security as a specialist interdisciplinary
domain was recommended to break down disciplinary silos, enhance collaboration, and unify de-
nitions, taxonomies, and research objectives.
Acknowledgements
This work has been supported by the SmartSat Cooperative Research Centre (CRC), whose activ-
ities are funded by the Australian Government’s CRC Program.
References
Amin, MG, Closas, P, Broumandan, A & Volakis, JL 2016, ‘Vulnerabilities, threats, and authen-
tication in satellite-based navigation systems [scanning the issue]’, Proceedings of the IEEE, vol.
104, pp. 1169-73, <https://doi.org/10.1109/JPROC.2016.2550638>.
Bardin, J 2013, ‘Chapter 89 – Satellite cyberattack search and destroy’, ed. JR Vacca Computer
and Information Security Handbook, Elsevier Science & Technology, Morgan Kaufmann, third
ed., pp. 1093-1102, Treadstone, United States of America.
Bradbury, M, Maple, C, Hu, Y., Ugur, IA & Cannizzaro, S 2020, ‘Identifying attack surfaces
in the evolving space industry using reference architectures’, 2020 IEEE Aerospace Conference,
Presented at the 2020 IEEE Aerospace Conference, IEEE, US, pp. 1-20, <https://doi.org/10.1109/
AERO47225.2020.9172785>.
116 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
de Abreu Faria, L, de Melo Silvestre, CA & Correia, MAF 2016, ‘GPS-dependent systems: Vul-
nerabilities to electromagnetic attacks’, Journal of Aerospace Technology and Management, vol.
8, pp. 423-30, <https://doi.org/10.5028/jatm.v8i4.632>.
del Monte, L 2013, ‘Towards a cybersecurity policy for a sustainable, secure and safe space en-
vironment’, Proceedings of the 64th International Astronautical Congress (IAC), Beijing, China.
Farley, R 2020, ‘Space force: Ahead of its time, or dreadfully premature?’, CATO Institute Policy
Analysis, no. 904.
Georgescu, A 2020, ‘Critical space infrastructures’, eds. KU Schrogl, PL Hays, J Robinson, D
Moura & C Giannopapa, Handbook of Space Security, Springer, New York, NY, US, pp. 227-44.
—, Gheorghe, AV, Piso, M. & Katina, PF 2019, Critical Space Infrastructures: Risk, Resilience
and Complexity, Topics in Safety, Risk, Reliability and Quality. Springer Nature, Switzerland AG,
Cham, Switzerland.
Hannan, N 2018, ‘An assessment of supply-chain cyber resilience for the international space sta-
tion, The RUSI Journal, vol. 163, pp. 28-32, <https://doi.org/10.1080/03071847.2018.1469249>.
Harrison, T, Johnson, K, Young, M, Wood, N & Goessler, A 2022, ‘Space threat assessment 202’,
Center for Strategic & International Studies, Washington, D.C., US.
Housen-Couriel, D 2016, ‘Cybersecurity threats to satellite communications: Towards a typology
of state actor response’’, Acta Astronautica, vol. 128, pp. 409-15, <https://doi.org/10.1016/j.ac-
taastro.2016.07.041>.
Ikitemur, G, Karabacak, B & Igonor, A 2020, ‘A mixed public-private partnership approach for cy-
ber resilience of space technologies’, Space Infrastructures: From Risk to Resilience Governance,
NATO Science for Peace and Security, Series D, Information and Communication Security, IOS
Press, pp. 120-30, Amsterdam, Netherlands.
Ioannides, RT, Pany, T & Gibbons, G 2016, ‘Known vulnerabilities of global navigation satellite
systems, status, and potential mitigation techniques’, Proceedings of the IEEE, vol. 104, pp. 1174-
94, <https://doi.org/10.1109/JPROC.2016.2535898>.
Kallberg, J 2012, ‘Designer satellite collisions from covert cyber war’, Strategic Studies Quarter-
ly, vol. 6, pp. 124-36.
Kang, M, Hopkinson, K, Betances, A & Reith, M 2018, ‘Mitigation of cyber warfare in space
through Reed Solomon codes’, 1st International Conference on Cyber Warfare and Security, ACPI,
Washington D.C., US.
Kaspersky Lab 2022, Threat Landscape for Industrial Automation Systems. Kaspersky Lab,
Kaspersky ICS CERT, Moscow, Russian Federation.
Journal of Information Warfare 117
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
Livingstone, D & Lewis, P 2016, Space, the Final Frontier for Cybersecurity?, International Secu-
rity Programme, Chatham House, Royal Institute of National Aairs, London, UK.
Mayence, JF 2010, ‘Space security: Transatlantic approach to space governance’, eds. J Robinson,
M Schaefer, M, KU Schrogl & F von der Dunk, Prospects for Transparency and Condence-Build-
ing Measures in Space. ESPI, Vienna, Austria, p. 35.
McAfee 2005, McAfee Virtual Criminology Report: North American Study into Organized Crime
and the Internet, McAfee.
Moltz, JC 2011, The Politics of Space Security: Strategic Restraint and the Pursuit of National
Interests, 2nd edn., Stanford University Press, Stanford, CA, US.
O’Neill, IJ & Handal, J 2021, NASA Analysis: Earth Is Safe From Asteroid Apophis for 100-Plus
Years, NASA Jet Propulsion Laboratory, California Institute of Technology, US, viewed 06 July
2022. <https://www.jpl.nasa.gov/news/nasa-analysis-earth-is-safe-from-asteroid-apophis-for-
100-plus-years>.
Pavur, J & Martinovic, I 2020, SOK: Building a Launchpad for Impactful Satellite Cyber-Security
Research, eprint, arXiv:2010.10872.
Planck, M 2009, ‘Air and space law’, Max Planck Institute for Comparative Public Law and Inter-
national Law, World Court Digest (formerly Fontes Iuris Gentium), Springer, Berlin, DE.
Plotnek, JJ & Slay, J 2021a, ‘Cyber terrorism: A homogenized taxonomy and denition’, Comput-
ers & Security, vol. 102, <https://doi.org/10.1016/j.cose.2020.102145>.
—2021b, Satellite Cyber Resilience Whitepaper, SmartSat CRC, Adelaide, Australia.
—2022, ‘A new dawn for space security’, Proceedings of the 17th International Conference on
Cyber Warfare and Security, vol. 17, no. 1, University of New York, Albany, NY, US.
Santamarta, R 2014, SATCOM Terminals: Hacking by Air, Sea, and Land, IOActive, Seattle,
Washington, US.
Schrogl, KU, Hays, PL Robinson, J, Moura, D, Giannopapa, C (eds.) 2020, Handbook of Space
Security, Springer, New York, NY, US.
Sheehan, M 2015, ‘Dening space security’, eds. KU Schrogl, PI Hays, J Robinson, D Moura & C
Giannopapa, Handbook of Space Security, Springer, New York, NY, US, pp. 7-21.
Steinberger, JA 2008, A Survey of Satellite Communications System Vulnerabilities, Joint Elec-
tronic Warfare Center, US.
Stephens, D 2021, The Woomera Manual, viewed 29 March 2022, <https://law.adelaide.edu.au/
woomera/>.
118 Journal of Information Warfare
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
UCS 2020, Union of Concerned Scientists Satellite Database, viewed 16 December 2020, <https://
ucsusa.org/resources/satellite-database>.
USDoD 2015, Space Domain Mission Assurance: A Resilience Taxonomy, Oce of the Assistant
Secretary of Defense for Homeland Defense & Global Security, Washington, D.C., US.
van der Watt, R & Slay, J 2021, ‘Modication of the Lockheed Martin Cyber Kill Chain (LMCKC)
for cyber security breaches concerning Low Earth Orbit (LEO) satellites’, 16th International Con-
ference on Cyber Warfare and Security, Oak Ridge National Library, Oak Ridge Tennessee, US.
Wheeler, WA, Cohen, N, Betser, J. & Ewart, RM 2018, ‘Cyber resilient ight software for space-
craft’, AIAA SPACE and Astronautics Forum and Exposition, American Institute of Aeronautics,
Reston, Virginia, US.
Wright, D, Laura, G & Lisbeth, G 2005, The Physics of Space Security: A Reference Manual.
American Academy of Arts and Sciences, Cambridge, MA, US.
Zissis, C 2010, China’s Anti-Satellite Test, Council on Foreign Relations, New York, NY, US.
Journal of Information Warfare 119
Space Systems Security: A Denition and Knowledge Domain for the Contemporary Context
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
Outer space has after the Cold War enjoyed two decades of fairly peaceful development but is once again becoming more competitive and contested with increased militarization. Therefore, it is important the U.S. maintain its space superiority to ensure it has the capabilities modern warfare requires for successful operations. The difference with earlier periods in space is there is not a blatantly publicized arms race in space but instead a covert challenge to U.S. interest in maintaining superiority, resilience, and capability. There are a finite number of nations that consider themselves geopolitical actors, but as long as the U.S. maintains space superiority those states must play according to a set of rules written without their consent and forced upon them. For authoritarian regimes, U.S. space assets monitor their actions and pursuit of regional influence and this is quite disturbing. For them, any degradation or limitation of U.S. spaceborne capabilities would be seen as a successful outcome. Cyber warfare offers these adversarial actors the opportunity to directly or indirectly destroy U.S. space assets with minimal risk due to limited attribution and traceability.
Chapter
This chapter provides the basics of space as a critical infrastructure including elements of key resources and assets. Critical space infrastructure (CSI) is presented as a set of interdependent system-of-systems encompassing workforce, environment, facilities and multidirectional interactions essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, whose destruction or disruption would have a significant impact in a given state. Topics of orbits are also discussed in the context of critical infrastructures.
Article
The U.S. military's increasing reliance on commercial and military communications satellites to enable widely-dispersed, mobile forces to communicate makes these space assets increasingly vulnerable to attack by adversaries. Attacks on these satellites could cause military communications to become unavailable at critical moments during a conflict. This research dissected a typical satellite communications system in order to provide an understanding of the possible attacker entry points into the system, to determine the vulnerabilities associated with each of these access points, and to analyze the possible impacts of these vulnerabilities to U.S. military operations. By understanding these vulnerabilities of U.S. communications satellite systems, methods can be developed to mitigate these threats and protect future systems. This research concluded that the satellite antenna is the most vulnerable component of the satellite communications system's space segment. The antenna makes the satellite vulnerable to intentional attacks such as: RF jamming, spoofing, meaconing, and deliberate physical attack. The most vulnerable Earth segment component was found to be the Earth station network, which incorporates both Earth station and NOC vulnerabilities. Earth segment vulnerabilities include RF jamming, deliberate physical attack, and Internet connection vulnerabilities. The most vulnerable user segment components were found to be the SSPs and PoPs. SSPs are subject to the vulnerabilities of the services offered, the vulnerabilities of Internet connectivity, and the vulnerabilities associated with operating the VSAT central hub. PoPs are susceptible to the vulnerabilities of the PoP routers, the vulnerabilities of Internet and Intranet connectivity, and the vulnerabilities associated with cellular network access.
Vulnerabilities, threats, and authentication in satellite-based navigation systems
  • M G Amin
  • P Closas
  • Broumandan
  • Volakis
Amin, MG, Closas, P, Broumandan, A & Volakis, JL 2016, 'Vulnerabilities, threats, and authentication in satellite-based navigation systems [scanning the issue]', Proceedings of the IEEE, vol. 104, pp. 1169-73, <https://doi.org/10.1109/JPROC.2016.2550638>.
Chapter 89 -Satellite cyberattack search and destroy', ed. JR Vacca Computer and Information Security Handbook
  • J Bardin
Bardin, J 2013, 'Chapter 89 -Satellite cyberattack search and destroy', ed. JR Vacca Computer and Information Security Handbook, Elsevier Science & Technology, Morgan Kaufmann, third ed., pp. 1093-1102, Treadstone, United States of America.
Towards a cybersecurity policy for a sustainable, secure and safe space environment
  • Del Monte
del Monte, L 2013, 'Towards a cybersecurity policy for a sustainable, secure and safe space environment', Proceedings of the 6 4t h International Astronautical Congress (IAC), Beijing, China.
Space force: Ahead of its time, or dreadfully premature?
  • Farley
Farley, R 2020, 'Space force: Ahead of its time, or dreadfully premature?', CATO Institute Policy Analysis, no. 904.
Critical Space Infrastructures: Risk, Resilience and Complexity, Topics in Safety, Risk, Reliability and Quality
  • Gheorghe
  • A V Piso
  • M Katina
-, Gheorghe, AV, Piso, M. & Katina, PF 2019, Critical Space Infrastructures: Risk, Resilience and Complexity, Topics in Safety, Risk, Reliability and Quality. Springer Nature, Switzerland AG, Cham, Switzerland.