Nadia Khan – Elemendar 1/03/2020

Today’s era of Newspace is increasingly being defined by commercial space companies such as SpaceX, One Web and Amazon. Vigorous competition between each company has intensified over recent months with each proposing to launch an unprecedented fleet of satellite constellations with the aim of providing high-speed 5G broadband. The arrival of 5G will no doubt increase our dependence on space enabled technology to form part of our critical infrastructure. However, whilst satellites have the potential to revolutionise our lifestyles by enhancing our connectivity, they also leave us more vulnerable than ever before to cyber attacks. This raises important questions about the lack of cybersecurity standards and regulations for small satellites in an era of low-cost access to space.

Technical and legal glitches 

A core theme behind the rapid rise in the number of small satellites into Lower Earth Orbit has been the speed at which commercial companies have been able to achieve their goals throughout small satellite project development, from the manufacturing of small satellites to their launch into space. Such a process has however led to companies cutting costs at every level of the supply chain to ensure that their satellite constellations reach Lower Earth Orbit in an optimum time frame to meet commercial demands. Such an approach has increased the risk of their satellites being hacked by both state and non state actors, potentially allowing them to be weaponised.

Recent, notable examples of such activities include the 2008 satellite hacks allegedly conducted by China on two NASA satellites and a further recent attack involving a Chinese state backed satellite hack which directly impacted defence operators and contractors. Such incidents pose serious threats to the national security of all states. Analysis of the tactics utilised by hackers raises the potential to develop an AI based CTI approach to mitigate the risks created by non state actors in the space domain.

The heightened risk of vulnerability faced by small satellites also raises questions about the Outer Space Treaty 1967, which is designed to govern activities in space. Under the treaty, states are prohibited from entering weapons of mass destruction and nuclear weapons into orbit. However, the term ‘weapons of mass destruction’ has been traditionally used to refer to biological, chemical and nuclear weaponry; cyber weapons are most notably missing from the WMD term. There should be a great cause for concern that the nature of cyberwarfare such as spoofing, jamming and hacking of satellites is not included in one of the most significant pieces of legislation governing activities in space. 

In an era of rising geopolitical tensions and increasingly offensive behaviour by states and non state actors within the space domain the need to update the OST has never been greater, especially in an era of rising cyber attacks within this sphere which have redefined the further militarisation of Lower Earth Orbit.

Solutions?

Flexible multilateralism or a legal hack?

One possible solution to mitigate risks posed by cyber attacks on small satellites might be achieved through a multilateral agreement via the United Nations Office for Outer Space Affairs, Legal Sub Committee on the Peaceful Uses of Outer Space. So far, multilateral legal solutions through this domain have failed to achieve results on a range of issues from space debris mitigation, to regulation against anti satellite tests. This is because the very nature of treaty reform requires consensus by a majority of powerful states e.g China, the U.S and Russia.  Also the decline of multilateralism in an era of rising populism and nationalism across the world is currently against it. 

There are ways forward however, for multilateral solutions to provide adequate cyber security standards in space. In an era of America first Trump and China’s rise to power we must instead shift our attention to middle powers to mitigate the risks posed by cyber attacks in space. Such an approach may not seem obvious given that middle power states such as Canada and Australia are not considered to have much influence in the UN, however their close relationship with the UK should allow them to leverage their influence towards policy reformation.

However, their often neutral stance on geopolitical matters within the UN has put them in a useful position as they can potentially bring together traditionally ideologically opposed states to develop solutions to our broken multilateral system. Added to this is that in recent years middle powers have been able to develop strong partnerships with Russia and the U.S, which again strengthens their role as negotiators in developing new legislation. A great example of these strategic partnerships is the proposed Luna Gateway project by the Canadian Space Agency. From a strategic standpoint, these partnerships, albeit non obvious, could point to solutions around mitigating key risks being faced by space faring nations. 

Nonetheless, an approach that is based on inclusion of key industry actors such as SpaceX, Amazon and OneWeb is also key for the development of up to date, industry-led standards, particularly on collaboration, risk assessment, knowledge exchange and innovation to better promote agility and effective threat responses. Therefore a fusion of international legal reform led by middle powers to meet the needs of key commercial actors is the way forward to mitigate these important cyber threat risks. 

For now though, we need to watch this space.