Threat Management

The military is mulling how to share cybersecurity threat data for space

The head of U.S. Space Command said his organization is evaluating how to better enable information sharing with the private sector around space-based cyber threats.

Gen. James Dickinson, commander of U.S. Space Command, said that his organization continues to build out their space-based communications and infrastructure while stepping up coordination with a growing number of other entities, like the U.S. Space Force and companies who are increasingly testing the limits of commercial space flight.

As more countries and businesses enter the domain in the coming years, it will increase the potential dangers not only from debris but also from targeted cyber against satellites, ships and other assets. Dickinson said that Space Command and the Department of Defense are currently discussing how to set up threat information sharing channels for the private sector, a common practice that happens in most other terrestrial critical infrastructure sectors.

“You can imagine we have to be very careful with that in terms of what we would provide to [companies]. Right now, with our commercial integration cell we don’t provide threat information but we do provide information they would need to know in terms of the safe operation of their satellite,” Dickinson said during a July 27 event hosted by the McCrary Institute at Auburn University. “[Threat sharing] is one of the areas where we’re currently working with the department in terms of what that would look like in the future.”

A Space Information Sharing and Analysis Center was formed in 2019 and this year 24 different space-related companies, as well as tech heavyweights like Microsoft, have announced they will join the organization to pool their collective knowledge about cybersecurity vulnerabilities to satellites and corporate networks.

Cybersecurity is hard enough to implement on Earth, but there are a number of added complications to securing systems in orbit. Many of the assets sent out into space over the past few decades (and the systems that support them) were primarily designed to withstand the vacuum of space, not cyber attacks from a dedicated adversary.

Last year the Trump administration put out a memo on the cybersecurity principles that should undergird future commercial and government space operations. While many cyber threats play out more or less the same as they do on Earth, the government identifies a handful that are particularly dangerous when directed at space-based or reliant systems, such as spoofing sensor data or corrupting sensor systems, hacking or jamming command and control infrastructure and unauthorized personnel leveraging insufficient physical security measures to gain access to critical hardware and software.

Maintaining digital superiority is one of five long term objectives for Space Command, and that often translates to working with other branches and agencies to better build cybersecurity into future space operations. To this end, Dickinson said Space Command has embedded personnel from U.S. Cyber Command and maintains a close relationship with the National Reconnaissance Office on joint operations, planning exercises and consultations on orbit and technology issues.

One of the biggest challenges they face is around awareness, or the lack of it. Dickinson said most people still do not have a solid understanding of just how much we rely on systems or hardware in orbit to power our terrestrial services.

One prime example of this is the global position, navigation and timing system, which underpins GPS apps like Google Maps that are used by businesses and individuals across the world. An executive order released last year required the Cybersecurity and Infrastructure Security Agency at DHS to identify “significant risks” to critical infrastructure due to PNT vulnerabilities. Last month, a document released by the agency underscores that the level of difficultly required to disrupt global navigation is low encompass non-state actors.

“Disrupting or corrupting PNT signals used to be the purview of nation-states. This is no longer true,” CISA wrote in June 2021 fact sheet. “With a few hundred dollars of commercially available hardware and free software, hackers can block or replace GPS signals. In addition, GPS signals may be disrupted due to system errors, user equipment failure, or environmental effects such as solar flares.”

If you’ve ever used an ATM machine, swiped a credit card or watched a major live broadcast, you are doing so in part due to support from space-based systems. Getting the public and industry to internalize collective reliance on space-based systems is one of the first steps to marshaling the support and resources needed to secure those systems.

“Unfortunately, many Americans don’t quite grasp how important our assets in space really are. Many don’t understand how their daily lives are tied to assets in space. Our space-based capabilities enable virtually every element of our national power, diplomacy, economics, finance, information,” said Dickinson. “Those advantages create dependencies and those dependencies expose vulnerabilities and they expose openings that our competitors try to exploit.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.