Cybersecurity
INTRODUCTION
By Stephan Hobe
Cybersecurity covers the practice of governments or enterprises to protect computers from cyberattacks such as hacking, phishing, spoofing, spamming and the inclusion of “malware”. Thus, cybersecurity can be extended to all digital information, meaning that satellite systems have also become vulnerable to cybersecurity threats. Cyber-attacks can be differentiated from the electronic attacks because they target the “data” stored onboard satellites, and not necessarily the services delivered by satellites (uplink and downlink). Since satellite data supports critical infrastructure, the space cybersecurity represents a global concern. The challenge from a legal perspective is to define what a cyberattack is and come up with an international legal framework that could guarantee space cybersecurity and cyber resilience. But even so, can the cybersecurity laws and policies represent a real deterrent against perpetrators?
Contributions
by Stephan Hobe
The practise to protect critical systems and infrastructure from digital attacks is called cyber security. In other words one understands under cyber security the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. In the computerized world of today, working in cyber space is critical. In order to preserve computers and other critical infrastructure from respective attacks various types of cyber security may include the prevention of data, codes and business critical software, as well as the protection of physical digital data from authorized access and manipulation. Through this it can be ensured that the structures and facilities are access controlled and guarded against physical harm. It shall equally be guaranteed the securing of internal networks against unauthorized access. Types of cyber threats can include hacking, phishing, spoofing, spamming and the inclusion of malware i,e. malicious software which is intended to cause damage to systems. Examples of this malware are viruses or worms as well as trojans. Ransomware as another form of malware can today make attackers to exfiltrate copies of the victims’ data and threatening to release them publicly if their demands are not met. Phishing is a common attack technique in which attackers use descriptive communications like for example E-mails or SMS to impersonate a trustworthy person or organization. In view of these, multiform cyber threats, the importance of cyber security for governments as well as for private and public enterprises is tantamount. It is concerned with defending network systems and applications against these threats. Different from data protection cyber security tries to protect the systems that make it possible to generate data management and to transfer data. Cyber protecting clouds may enable service providers to deliver respective protection by for example integrating backup with the next generation artificial intelligence, to provide anti-malware and protection management as well as to protect through various sorts of backups. Since modern conflicts are such as to gain access to data, presumed attackers may constantly come up with innovations of means for cyberattacks. Therefore, also in the area of cyber security the constant updating of the used technology and techniques is absolutely necessary.
by Clémence Poirier
In the past decades, several trends have occurred in both the space and digital sectors, which have resulted in increased vulnerability of space systems to cyberattacks. Space systems have become increasingly digitized, and the space sector at large has progressively become more digitalized. It means that not only satellites have gone from analogue electronics to digital systems, but that most processes in the design, manufacturing, testing, control, and operations of satellites are based on digital technologies. This trend is growing with the emergence of new technologies such as cloud ground stations, which enable operators to send commands to their satellites through their virtual private cloud; or fully software-defined satellites, which can be entirely reprogrammed remotely. It increases the attack surface and threat vectors, making space cybersecurity more difficult and complex. Moreover, outer space has been increasingly militarized and weaponized. The militarization of outer space is the use of space for military purposes, which is an old phenomenon. The weaponization of outer space is a fairly recent one, which can be defined as the placement and deployment of weapons in outer space. At the same time, cyberspace has also been progressively militarized by a growing number of State and non-State actors. In addition, space and cyberspace have become more accessible sectors to both State and non-State actors. Any malicious actor with a computer and technical knowledge can attempt to launch an attack on a space system. As a result, space operators have to protect themselves against a rising number and type of threat actors. Space systems can be regarded as very expensive computers flying in orbit in the naturally hostile and dangerous environment that is outer space. These spacecraft are now connected to another unfriendly environment: cyberspace. These two domains are also progressively recognized as warfighting domains similar to land, sea, and air, making satellites prime targets of cyberattacks and raising new questions regarding the application of international humanitarian law. Despite the adoption of cybersecurity standards and best practices, space and cyberspace remain rather unregulated domains. More importantly, the space and cybersecurity communities do not often interact in international fora (UN OEWG, UN GGE, UNCOPUOS, etc.) to adopt guidelines, norms, and other binding or non-binding rules.
by Roy Balleste
The idea of traveling to the Moon and Mars, and from there to many other places, is more than a desire to explore. It is a matter of readiness and survival. The cyberthreat landscape stands as one of the obstacles to be surmounted. This landscape does not afford any chances to those engaged in space activities, especially now with the realization that transnational cyberattacks are possible. Now, these cyber threats and attacks have extended off-world. As time passes, it is unavoidable to notice that our critical infrastructure, along with the supervisory control and data acquisition (SCADA) systems, are an intricate part of space activities. Just as with terrestrial communications, space activities also suffer from hackers that utilize malicious code or other techniques to interfere with the peaceful use of outer space. The nature of cyber activities with apparent ties to foreign governments remains unresolved and needs the immediate intervention of the space industry. The halcyon view that efforts to draft new norms offer a solution disregards their voluntary and weak nature. The present legal structure needs reform because it is ill-suited to protect space activities. Hackers serve a particular master, or at a minimum, they are significantly encouraged to harass other nations. The challenge at hand is the added enigma associated with nations that knowingly tolerate the use of their territory as bases of illegal cyber operations that strike governments and businesses alike. Yet, humanity is entering a new age of commerce and exploration. The landscape of cyberthreats in outer space is further complicated because of the disruption caused by non-state actors. These actors now seemingly possess an extra level of sophistication in their attacks, possibly acquired via government contacts. Cybersecurity in outer space requires recognizing that satellites, ground stations, and the data exchanged between them must be protected by multi-layer network perimeter defenses, cryptographic systems, and physical security. Consider that the ground station alone requires controls in place to prevent unauthorized individuals from accessing the data and the devices that facilitate the communications. In other words, stakeholders should assume a zero-trust approach by first assessing all systems and all processes. Law alone cannot resolve the immediate threat. The main concern should be to gain an understanding of the available standards applicable to the space industry. The interconnection of cyberspace and outer space is unavoidable. For this reason, above any other consideration, the stakeholders of New Space should take the initiative to engage uncertainty and inspire the evolution of cybersecurity in outer space.
by Jonathan Lim
The significance of cybersecurity in the outer space domain ties into international interest in maintaining international peace and security through secure, trusted, and resilient technology. Where the advent of Space 2.0 has brought forward significant transformational changes in accessing and utilising space, this has been founded upon the effects of the Fourth Industrial Revolution. The synergy and interplay between these two movements has driven the proliferation of small, affordable, and interconnected technologies across the final frontier, while blurring the line between the physical and digital worlds. Space systems and technologies remain reliant on information systems and networks, spanning from design conceptualization to manufacture and procurement, launch and flight operations. However, the ability of space actors to leverage upon the benefits offered by space applications is contingent upon maintaining confidentiality, integrity, and availability – ensuring uninterrupted, trusted, and complete control over technology and systems. Space systems face a diverse range of cyber threats including denial-of-service attacks, signal jamming, spoofing GPS data, or unauthorized guidance and control; the consequence of which may include loss of mission data, decreased capability or disabling of space system, loss of positive control of space vehicles, and prospect of kinetic damage. This underscores a variety of underlying cybersecurity issues including information security, security-by-design, and supply-chain security concerns. In recognizing the evolving threat of Grey Zone operations in cyberspace, and increasing reliance upon space-based and adjacent ICTs, actors operating in both domains must cooperate to advance responsible state behaviour as founded upon the application of existing international law and agreed norms of behaviour. At the multilateral level, guidance on responsible state behaviour is elicited through Article 2(4) of the UN Charter prohibiting the use of force, and authoritative principles of International Humanitarian Law. This has been reinforced by growing international consensus under the UN cybersecurity Open-Ended Working Group, releasing a non-binding report on recommendations for advancing peace and security in cyberspace. Under international space law, extending cyber norms and principles extraterritorially to space activities is founded upon Article III of the Outer Space Treaty, and contingent upon the willingness of states parties to interpret and uphold relevant principles of international cyber law in space. Article IV’s prohibitions on weapons of mass destruction, and emphasis upon the use of space “exclusively for peaceful purposes”, opens the possibility for interpretations on prohibitions against offensive cyber operations and potential classification of cyber-weapons as Weapons of Mass Destruction. Noting the absence of definitive principles, Cyber-Space jurisprudence represents a nascent and developing area of international law – one tied to ongoing efforts on the Prevention of Arms Race in Outer Space, and in discussion under UN and the International Telecommunications Union. Areas for future consideration concern the interplay between Cyber, ICT, and human rights – addressing the evolving impact of cyberspace activities upon the use of space applications in realising human rights values and principles.
by Roberto Cassar
Outer space is a key enabler of life on planet Earth, particularly in its digital form. As digital life evolves, cyberspace – the virtual dimension in which this type of life unfolds – becomes more populous. An increase of human presence and activity in cyberspace means, among other things, that social phenomena inevitably occur there too. One such type of social phenomenon is crime. In cyberspace, much like in the physical world, crime can be committed in different ways. Also like in the physical world, the victims of cybercrime can be two: either persons, whether natural or legal, or States. A major difference between a person and a State as a victim is that, in the case of a State, if the cybercrime amounts to the use of force or to an armed attack in breach of the Charter of the United Nations, its consequence could be war. Cybersecurity, therefore, is a growing concern. Since outer space is an enabler of the digital aspect of human life, outer space is necessarily an enabler of cyberspace. This means that, even if only indirectly, outer space is linked to cybersecurity. Once outer space is linked to cybersecurity, space law is inevitably linked to it as well. Space law – the law that stipulates what can and cannot be done in and through outer space – should thus seek to address those aspects of cybercrime that occur through outer space or through the infrastructure that is enabled by outer space. Considering that space law relates to both space and telecommunications activities, space law should be consequently able to address various aspects of cybercrime, ranging from relevant space activities to specific radio frequencies and signals. Although space and telecommunications activities are subject to international law, in view of the novelty of cybercrime it could be sensible to amend the existing law, or to promulgate new legal instruments altogether. What should be sought in this context is harmony between the law and the technology; the law should seek to catch up and keep up with the technology in question.