MILAN – It’s not always clear which government agency is responsible for defending satellites against cyberattacks.
Research focused on France, Germany, the United Kingdom and the United States revealed a lack of clarity in some cases concerning responsibilities for addressing cyber threats to satellites and responding to attacks.
People working in the same institutions sometimes provided “completely different answers” about the roles of space and cyber commands in defending satellites, Clémence Poirier, senior cyberdefense researcher at the Center for Security Studies of the Federal Institute of Technology Zurich, said Oct. 14 at the International Astronautical Congress here.
Since 2019, many countries have created space commands, expanded air commands to encompass space operations, and established cyber commands. The moves reflect increasing military reliance on space systems and growing recognition of cybersecurity vulnerabilities. At the same time, “states started to adopt counter-offensive and offensive doctrines in both space and cyberspace,” Poirier said.
Some of the new organizations are quite small and still taking shape. As a result, it’s sometimes unclear who is in charge of cybersecurity, particularly if the threat involves a commercial satellite that supports military operations. It is clear, though, that a lack of defined roles and responsibilities could pose problems.
“Threat actors can exploit technical vulnerabilities to try to get into a network,” Poirier said. “But if you have companies or governments that are completely disorganized, that can make you waste time in your recovery in case of a cyberattack or it might make the attack worse.”
France
The French Cybersecurity Agency ANSI protects critical infrastructure including space systems. ANSI has delegated the cyber defense of military satellites to the France’s Cyber Defense Command, which is responsible for diagnosing attacks, attribution, system recovery and repair.
“Everything goes to the Cyber Command, but the Space Command is informed,” Poirier said.
For cyberattacks on commercial satellites, the Cyber Command may get involved if there is a link with a military weapon system or if the satellite is used by the armed forces, Poirier said. In that case, Space Command likely would be informed of the cyber-related activity by the company that owns the satellite. “This is something that they do by practice, but this is not compulsory,” she added.
French Space Command, meanwhile, identifies cyber vulnerabilities of satellites, mapping them, patching them and monitoring systems.
Germany and the U.K.
In Germany, the Cyber and Information Domain Service defends military satellites from cyberattack. The same organization performs “many cyber-related activities” including operating satellite payloads. In the event of a cyberattack on military, civil or commercial satellites used by the German military, the Cyber and Information Domain Service handles the national response.
In contrast, the cyber defense of military satellites in the U.K. is handled by the National Cyber Force, a partnership that involves defense and intelligence agencies. If a U.K. commercial satellite is attacked, the private sector “is completely responsible,” Poirier said.
United States
The U.S. Space Force’s Space Delta 6 oversees cybersecurity for military satellites. Within Space Delta 6, eight squadrons defend systems against cyberattack. One squadron, for example, defends missile-warning satellites while another safeguards launch operations.
In addition, the Space Training and Readiness Command operates cyber ranges and conducts cybersecurity exercises for the Space Force. The National Reconnaissance Office also has an organization focused on cybersecurity.
When Russia invaded Ukraine, hackers infiltrated Viasat’s KA-SAT satellite internet network, disabling modems that provide internet links for tens of thousands of customers. At the time, there did not appear to be a “dedicated agency for cyber-incident response and coordination,” Poirier said. “Viasat decided to involve the [National Security Agency] to deal with all the governments. They delegated this aspect of the incident response to them.”
