Expert Speak Raisina Debates
Published on Mar 02, 2023
Outer Space as a Growing Security and Defence Domain: Strategic Lessons on Cyber Disruption   This article is a chapter in the journal — Raisina Files 2023.
An increasing number of states across the globe have been pushing outer space to the mainstream of their key security and defence policy agendas in recent years. In February 2022, the cyber attack publicly attributed to Russia on the day of its invasion of Ukraine, causing a communication outage, sparked even greater attention on the strategic security and defence aspects of space. The activity was quickly referred to as “an eye opener”.<1> The attack itself disabled the ability to communicate with Viasat’s KA-SAT satellite network which supplies Internet access to citizens not only in Ukraine but in other parts of Europe, too.<2> Despite the apparent objective of disrupting Ukrainian command and control, these attacks against commercial satellite communications networks caused spillover effects in other European countries. The incident is especially notable because even though it could have impacted government and military objects, it also impacted civilian objects, the Ukrainian population and other parts of Europe outside the zone of conflict.<3> It affected telecommunication systems, caused loss of Internet access and disrupted energy infrastructure, primarily wind farms in Germany. The Ukrainian civilian population were prevented from accessing reliable information during the conflict and EU civilians were impacted due to spillover effects outside the conflict zone.<4> In May 2022, Elon Musk tweeted that while SpaceX’s Starlink satellites had so far resisted Russian hacking attempts, their efforts were increasing.<5>

Continuing, albeit heightened, pursuit of space-based secure connectivity during peacetime and conflict 

Despite such incidents and provocations, it is well-recognised that the domains of space and cyber are increasingly important. Indeed, numerous efforts were already underway before the invasion of Ukraine, around the designation of space infrastructure as critical infrastructure, enhancing its resilience and ensuring connectivity. One such example pre-dating the Ukraine war is the European Commission’s 2020 proposal for a Directive on the resilience of critical entities to reduce the vulnerabilities and strengthen the resilience of critical entities or infrastructure within 10 identified sectors that include digital infrastructure and space. Today, a clear case study now exists on how the ability to deny the use of space to an adversary has become part of modern warfare. The EU is currently raising two pertinent questions in this regard: (1) How many pieces of critical infrastructure in the EU depend on space services?; and (2) How well are these assets and services protected?<6> Not only are these crucial questions unanswered in the EU, but they are relevant to all nations attempting to draw lessons from events of the past year to inform their future strategies. Other cyber-related activities of concern include deorbiting satellites, compromise of ground infrastructures, and disruption of satellite control systems. German Foreign Minister, Annalena Baerbock, recently explained that since Russia’s invasion of Ukraine, officials are also learning how Ukraine’s cybersecurity authority experts are deploying commercial Starlink terminals to help Ukrainians stay online and how they have dealt with attacks on their energy systems.<7> In other words, more resilient infrastructures will go some way to ensure that connectivity is maintained even when a cyber attack takes place. Some examples of practical steps taken subsequent to the Viasat attack include the issuance by the United States’ Cybersecurity and Infrastructure Security Agency of an advisory for satellite operators to be vigilant, requesting all organisations to lower their threshold for reporting, and sharing indications of malicious cyber activity.<8> The Satellite Industry Association also issued a statement of “commitment to cybersecurity best practices”, expressing concern about “evolving attacks by criminals, terrorists, and nation states”, while the resilience of satellite networks is said to be turning into a major concern for the US Department of Defense.<9> The US Space Force has started a programme to ensure that commercial satcom networks that support the military are cyber secure, too.<10> Other notable developments provoked by the war in Ukraine include growing levels of advocacy for space industry cybersecurity standards due to heightened awareness about the vulnerability of satellites. For example, some experts are advocating that the German Federal Office for Information Security guidance for satellites could serve as a model for broader European or international cybersecurity standards for the space industry as it grows and introduces commercial software.<11> Other cybersecurity discussions are ongoing among space agencies from countries such as the United States, Japan, China, Canada, Germany and Italy through the Consultative Committee for Space Data Systems.<12> The Space Information Sharing and Analysis Center also facilitates information exchange about cyber threats, which is especially important as cyber threats evolve along with the growing commercialisation of the satellite industry.<13> Nearly one year after the invasion, Josep Borell, High Representative of the EU for Foreign Affairs and Security Policy, is seeking to emphasise this growing focus on the security and defence aspects of space. He argues that, among other steps, there is a need to (1) improve common understanding of space threats, reinforce capacity to analyse space-based risks, threats and vulnerabilities, and better understand counter-space capabilities and intentions of competitors; and (2) focus on protecting space infrastructure and making it more resilient, including through protecting supply chains.<14>

Global re-appraisal of strategic security and defence aspects of space: Pivotal before and after the Ukraine invasion

There is heightened awareness about the need to enhance space-based secure connectivity and resilience of space infrastructure. Increasingly too, states are re-examining the strategic security and defence aspects of space. A plethora of national strategies reflecting such rethinking have been released recently or are in the making. The US government, for example, in December 2021 released the ‘White House United States Space Priorities Framework’ where it noted the present historic moment of rapidly accelerating space activities, resulting in new challenges to global space governance as well as safe and secure space operations.<15> The country intends to bolster its space sectors, including national security, recognising that the domain underpins national security and the ability to respond to crises and space capabilities enable the military. The US therefore intends to protect space-related critical infrastructure and strengthen the security of its space industrial base, emphasising especially an aim to work with the commercial space industry and other non-governmental space developers and operators. It is hoped that this will help improve the cybersecurity of space systems, ensure efficient spectrum access, and strengthen supply chains’ resiliency across the space industrial base. The US also aims to defend its national security interests from the growing scope and scale of space and counterspace threats. It is noted that “he military doctrines of competitor nations identify space as critical to modern warfare and view the use of counterspace capabilities as a means both to reduce U.S. military effectiveness and to win future wars.”<16> Enhancing resilience—through cyber and other means—of the national security space posture is thus described as contributing to strategic stability. The European Union (EU), for its part, through the High Representative published an article on the European External Action Service website four days before the Ukraine invasion underlining how the classical understanding of “defence” is evolving to encompass other domains such as cyber and outer space.<17> The High Representative explains that work packages on defence and space policies were adopted by the European Commission at the time, given the maturing of space into a strategic domain and recognising that it is an “essential enabler for most of our daily activities, whether the Internet, telecommunications, or the movement of people, ships, aircraft or vehicles.”<18> EU endeavours will include the enhancement of European strategic autonomy in this field, new strategic EU space infrastructure to provide European space-based secure connectivity through a governmental, highly secured communication service and high-speed broadband access service to provide universal access to the Internet and reduce the digital divide.<19> Part of the EU’s agenda is to examine the security and defence aspects of space in line with its Strategic Compass which is associated with a new roadmap on critical technologies for security and defence to boost them through research, development and innovation and reduce strategic dependencies.<20> Meanwhile, the United Kingdom’s (UK) first National Space Strategy and Defence Space Strategy emphasise the importance of space for the nation and defence. In February 2022, the UK’s Secretary of State for Defence explained how “aily life is reliant on space and, for the Armed Forces, space underpins vital, battle-winning technologies. From space we can deliver global command & control, communications, intelligence, surveillance and reconnaissance, precision navigation, and more. Adversaries understand this reliance and are increasingly able to exploit vulnerabilities, threatening our strategic stability and security.”<21> Like the United States, the UK government highlights that this is a “pivotal moment” for defence where it aims to rapidly operationalise the space domain.<22> One year since the invasion, the EU’s High Representative, Josep Borell, is also upping the ante, explaining that “ur lives depend increasingly on what happens there, not ‘just’ for the transport sector, IT, telecom or research, but also for core security and defence issues. Moreover, the geo-political competition we see on Earth is projected into space, resulting in a growing level of threat affecting our security.”<23> He notes that cyber-relevant aspects must continue to be addressed as geopolitical competition does not appear to be waning.<24> The Ukraine war has highlighted the crucial role of space assets and services in security terms, as satellite imagery and communications remain a ‘game-changer’ for the Ukrainian Armed Forces and the citizens alike by providing access to information and situational awareness.<25> In other words, according to Borell, the war against Ukraine has given the EU “extra motivation to enhance security and defence including space” and it is currently working on a new strategy on space security and defence that is expected to be released in March 2023.<26> The EU is certainly not alone in its re-appraisal of the security and defence aspects of space. Following the ‘U.S.-India initiative on Critical and Emerging Technology’ agreed in May 2022, the inaugural meeting which was led by the National Security Advisors of India and the US in January 2023, agreed to deepen their technology partnership and launch new initiatives between both governments, industry and academia in domains such as space.<27> Similarly, analysts note how regional rivalries in the Asia Pacific have escalated within the space domain, with developments in security space capabilities and strengthening of minilateral security cooperation frameworks that in this case are said to be primarily driven by China’s achievements in space and counterspace aspects.<28>

Mitigating future spillover effects: International consensus, implementation of frameworks of responsible state behaviour, and confidence-building 

Subsequent to Russia’s targeting of critical infrastructure in Ukraine and the spillover effects on civilians, diplomatic efforts have been made to call attention to violations of international law and the undermining of the rules-based order and agreed normative framework for responsible state behaviour in cyberspace. This framework is laid out through the UN Group of Governmental Experts’ consensus reports and reaffirmed by the preceding UN Open Ended Working (UNOEWG) prior to the current iteration. For one, statements made on behalf of Germany to the UN OEWG Intersessional in December 2022 specified that Germany and its partners have adopted a joint practice of attributing cyber incidents. Recent attributions include the spillover effects from Russia’s cyber-attacks against Ukraine on critical infrastructure in Germany, which can be clearly traced to Russia’s cyber attacks against Ukrainian targets.<29> Many other statements indicating such public attribution to Russia from the EU, EU Member States, and countries such as the United States, Australia, Canada, the UK and New Zealand assert that this activity amounted to Russia’s violation of the normative framework for responsible state behaviour in cyberspace. However, accountability and norms implementation continue to remain unresolved and subject to ongoing negotiation. Other ground-breaking questions on international law that have come to light include Ukrainian officials’ requests that the International Criminal Court investigate whether certain Russian cyber attacks supporting its kinetic military operations that targeted Ukraine’s critical infrastructure and civilians could constitute war crimes.<30> In addition to such challenges to normative frameworks and international law, European officials further note that as a result of the Viasat attack, they learned that (1) this is a quickly evolving threat landscape; (2) such spillover effects are concerning because there is risk that a nation not directly involved in a conflict could be dragged into it; and (3) this type of spillover scenario can make it difficult to determine international law questions surrounding what is considered to be armed attack and where this threshold is crossed.<31> Another concerning new trend brought to light in this conflict, which could have inherently destabilising effects, is the increasing involvement of so-called ‘hacktivists’ from both sides of the conflict. This trend is raising questions surrounding how international and national law can deal with this development, where hacktivists were primarily part of civil society movements in the past.<32> To conclude, these serious challenges provide examples of questions that require further examination globally to promote stability in the near future. In the meantime, practical cyber cooperation measures between states could be initiated to begin exploring these real-life scenarios that have arisen relating to the protection of space-related critical infrastructures. Engagement could take place through the many existing bilateral, regional/sub-regional and global cyber cooperation mechanisms. Examples include the ongoing work of the Organization for Security and Co-Operation in Europe (OSCE) and ASEAN Regional Forum on cyber confidence building measures. Moreover, an “open, informal and cross-regional group of states” to advance confidence-building measures within the UN OEWG has also been convened within the second iteration of the UN OEWG.<33> There could be potential for this group to examine these questions in its future endeavours at the global level. Other practical state cooperation measures that could be considered on this subject include information exchange on relevant incidents and changing risks that present themselves in this domain; sharing good practices and information on revised legislative and regulatory solutions; and cooperating on capacity building, including through engagements that can involve relevant non-government stakeholders.

Endnotes

<1> Sandra Erwin, “Cyber Warfare Gets Real for Satellite Operators,Space News, March 20, 2022. <2> Cyber Peace Institute, ‘Case Study Viasat’, June 2022, https://cyberconflicts.cyberpeaceinstitute.org/law-and-policy/cases/viasat. <3> Cyber Peace Institute, ‘Case Study Viasat’ <4> Cyber Peace Institute, ‘Case Study Viasat’ <5> Cagtherine Stupp, “Germany Offers Model for Space-Industry Cybersecurity Standards,Wall Street Journal, August 17, 2022. <6> Josep Borrell, “Securing the Future of Europe in Space,” January 25, 2023. <7> Federal Foreign Office, "Speech by Foreign Minister Annalena Baerbock at the conference ‘Shaping Cyber Security’ in Potsdam,” September 27, 2022. <8> Erwin, “Cyber Warfare Gets Real for Satellite Operators”; CISA," Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers,” May 10, 2022. <9> Erwin, “Cyber Warfare Gets Real for Satellite Operators” <10> Erwin, “Cyber Warfare Gets Real for Satellite Operators” <11> Stupp, “Germany Offers Model for Space-Industry Cybersecurity Standards” <12> Stupp, “Germany Offers Model for Space-Industry Cybersecurity Standards” <13> Stupp, “Germany Offers Model for Space-Industry Cybersecurity Standards” <14> Borrell, “Securing the Future of Europe in Space” <15> The White House, “United States Space Priorities Framework,” December 2021. <16> The White House, “United States Space Priorities Framework” <17> Josep Borrell, “Space and Defence: Protecting Europe and Strengthening Our Capacity to Act,” February 20, 2022. <18> Borrell, “Space and Defence: Protecting Europe and Strengthening Our Capacity to Act” <19> Borrell, “Space and Defence: Protecting Europe and Strengthening Our Capacity to Act” <20> Borrell, “Space and Defence: Protecting Europe and Strengthening Our Capacity to Act” <21> UK Ministry of Defence, “Policy Paper: Defence Space Strategy: Operationalising the Space Domain,” February 1, 2022. <22> UK Ministry of Defence, “Policy Paper: Defence Space Strategy: Operationalising the Space Domain” <23> Borrell, “Securing the Future of Europe in Space” <24> Borrell, “Securing the Future of Europe in Space” <25> Borrell, “Securing the Future of Europe in Space” <26> Borrell, “Securing the Future of Europe in Space” <27> The White House, “Fact Sheet: United States and India Elevate Strategic Partnership with the Initiative on Critical and Emerging Technology (iCET),” January 31, 2023. <28> Quentin Verspieren, “ASEAN Space Programmes: Navigating Regional Rivalries,” January 18, 2023. <29> Federal Foreign Office, "Statements Delivered by Germany During the Inter-Sessional Meeting of the OEWG, Held in New York From 05 to 09 December 2022,” December 5, 2022. <30> The Hill, "Ukraine Enters Uncharted Territory with Request to Investigate Russian Cyberattacks as War Crimes,” January 28, 2023. <31> Joint ESIWA-ORF Roundtable, CyFy, October 2022, held under Chatham House. <32> Joint ESIWA-ORF Roundtable <33> Federal Foreign Office, "Statements Delivered by Germany During the Inter-Sessional Meeting of the OEWG, Held in New York From 05 to 09 December 2022”; Concept-OEWG-intersessional-CBMs, “Advancing Confidence-Building Measures and Strengthening International Cooperation in Cyberspace,” October 2022.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.