Military presence in space is an expensive endeavor, usually reserved for wealthy nations. Countries lacking in resources, however, might employ cheaper tools as means for sabotage. That's why cyber-attacks can become a crucial weapon in the arsenal of resource-deprived threat actors.
Cyber-resilience of space assets is no science-fiction. There are multiple ways a hacked piece of space infrastructure, such as a satellite, can cause global chaos or advance the interests of likely hostile nations.
The high stakes of space defense are illustrated by the fact that President Trump's outgoing cabinet added cybersecurity guidance to the US's fifth Space Policy Directive (SPD-5) in September 2020. Space operators, the number of whom are growing with every commercial satellite deployed, are instructed to take better care of cybersecurity hygiene practices.
Examples of the past show that it's not only possible to take over a satellite, but it's also been done before. Recent Space threat assessment 2021 report by the Center for Strategic and International Studies (CSIS) claims that several nations have advanced their cyber capabilities to an extent where it might prove beneficial to use computers instead of guns to unnerve their adversaries.
Increase in cyber activity by Iran suggests that cyberattacks on space systems could be the preferred method to compensate for an imbalance in other capabilities,Joe Moye.
Brian Weeden, director of program planning at the Secure World Foundation (SWF), explained that from a military point of view, a cyber attack could cause the desired effect an adversary is looking for, and that's why countries need to take the threat seriously.
"You can get a lot done with cyber and electronic warfare, and you might not need the big, shiny hardware that goes up into space and directly takes out other satellites. That's an important thing to keep in mind," Weeden explained, discussing the CSIS's report.
A cyber attack against space infrastructure does not necessarily need to target objects in space. The reality of satellites is that the vast majority of them are controlled via ground stations. The easiest way to target a satellite would be to try to intercept systems that use, transmit, and control data flow.
According to the report, even though this type of cyberattacks requires a high degree of understanding of the targeted systems, the barrier to enter the game is relatively low. That means that threat actors can try to attack space infrastructure by employing state or non-state actors with advanced cyber capabilities.
The strategic value of such an attack is immense. Threat actors can harm the opponent in multiple ways by, for example, destroying GPS systems, thus throwing the enemy several decades back in terms of navigation. At the same time, intercepting satellites allows to eliminate services they provide and communications they transmit.
And all those benefits come with a bonus – secrecy. Cyberattacks are hard to pinpoint, especially ones that are carried out by professionals. State actors could allocate sufficient resources to conceal their identities, for example, using jacked servers to launch an attack.
North Korea and Iran
Key adversaries discussed in the report that are prime suspects for compensating what they lack in space capabilities with cyberattacks are Iran and North Korea. Joe Moye, US Marine Corps military fellow at the CSIS, said that Iran already proved a high degree of sophistication when using cyber as an attack tool.
"Increase in cyber activity by Iran suggests that cyberattacks on space systems could be the preferred method to compensate for an imbalance in other capabilities," Moye claimed during a CSIS webinar on the matter.
Even though there is no open-source information about Iran's hacking activities aimed at space infrastructure so far, the country seems to be interested in expanding its capabilities, as its recent information security agreement with Russia indicates.
According to Moye, even though Iran might lack the capabilities to interfere with satellites in space directly, agreements with China and Russia allow Teheran to benefit from technical expertise and training that countries with such capabilities can readily provide.
Meanwhile, North Korea is considered more dangerous of the two as the country proved on numerous occasions that it is willing to employ cyber to advance its military goals and profit financially, which does not allow to exclude leniency to ransomware attacks aimed towards space infrastructure.
"As North Korean hackers acquire more advanced cyber-technology, likely through illicit means, gain experience, and expertise, threats to US-based systems and ground stations will become more credible," Moye explained.
Indications that North Korea and Iran are pursuing advancements in cyber capabilities, coupled with increased sophistication in non-space cyberattacks, might point to a higher countries' willingness to experiment with attacking space systems.
"When you're looking at trying to figure out what you can get the best bang for your buck for the North Koreans, it's in their cyber and electronic domains," Moye said.