Professional Documents
Culture Documents
Cybersecurity Space Operation Center Countering Cyber Threats in The Space Domain PDF
Cybersecurity Space Operation Center Countering Cyber Threats in The Space Domain PDF
Cybersecurity Space Operation Center Countering Cyber Threats in The Space Domain PDF
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Description of the Cyber Threat Landscape Affecting Space-Based Information Systems . . . . 5
Electronic Warfare and Cyber Defense Convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Managed Cybersecurity of Space Systems Is Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Challenges and Recommended Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Functional Capabilities for Implementing a Space Operation Center . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Baseline Functions of a Cybersecurity Space Operations Center (CySOC) . . . . . . . . . . . . . . . . . 10
Concept of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Additional Capabilities of a Cybersecurity Space Operation Center (CySOC) . . . . . . . . . . . . . 14
Importance of Collaborative Information Sharing and Incident Management . . . . . . . . . . . . . . 15
The Role of Education and Training for Developing a Skilled Space Workforce . . . . . . . . . . . . . . 16
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Training Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Designing Training Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Evaluating Training Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
The contents reported in the paper reflect the opinions of the authors and do not necessarily reflect
the opinions of the respective agency/institutions.
Abstract
The focus of this article is to describe the rapid changing nature of space systems
where the electromagnetic spectrum and cybersecurity aspects coexist, leading to
a “change of course” to ensure secure space communications. Space systems must
be designed to achieve cyber resilience. Existing vulnerabilities must be mitigated
as resulted from a risk management methodology. To avoid compromises of
security, a security monitoring mechanism and incident response for space
systems have to be implemented. The authors provide an analysis of the func-
tional capabilities and services of a “cybersecurity space operations center.”
System monitoring is essential in view of obtaining a cyber situational awareness
and decision-making for space missions. Security operation center-related ser-
vices could be built up in a permanent or in an ad hoc mobile infrastructure. An
integrated cyber range capability to test, train, and exercise over modeled and
simulated space systems will improve space operators’ skills when confronted
with time-critical interventions.
Introduction
National security is not restricted to securing the land, air, and maritime boundaries
and pursuing strategic interests but encompasses all aspects that have a bearing on
the nation’s well-being. Outer space and cyberspace have emerged as the new
enablers for nations, enhancing the speed and efficiency of national security and
socioeconomic efforts and also providing novel applications in these areas. In an
information-dominated world, they are instrumental in providing the competitive
edge among the global community, strategic and tactical superiority in conflict
situations, and projection of national power and influence. In addition to capability
enhancement towards national aspirations, investments are also necessary for secur-
ing these capabilities against deliberate or unintentional intrusions or attacks and in
ensuring safe and sustainable operations.
Assured access to cyberspace is a key enabler of national security. Two of the
defining characteristics of a strong, modern, industrial nation are economic prosper-
ity and a credible defense. The ability to use cyberspace has become indispensable to
achieving both of these objectives. Business and finance executives, as well as senior
defense leaders, rely on cyberspace for exactly the same thing – to get information,
move information, and use information to make better decisions faster than the
competition. The data- and information-rich environment of the modern battlespace
presents a key area of both strategic opportunities and, equally, vulnerability. Both
cyber and space technologies, in particular, are the new battleground for competing
great powers who seek to limit opponents’ access to information, analytics, and
complex surveillance and reconnaissance information with which to inform deci-
sion-making.
With growing participation, commercialization has become an integral part of
space operations and is receiving active governmental support. The peaceful use of
Cybersecurity Space Operation Center: Countering Cyber Threats in the Space. . . 3
space and the military significance of outer space continues to increase with some 60
countries currently utilizing it for peaceful purposes, for communications, banking,
monitoring environmental and climate change, disaster management, e-health, e-
learning and communications, and surveillance and guidance systems for military
purposes. Regarding vulnerabilities, while space operations have always been vul-
nerable to natural forms of interference, progressive developments in the domain
have also resulted in the emergence of unique novel challenges to space security and
the sustainability of the environment. Greater participation in the domain and
commercial prospects has more players vying for prime orbital slots, the radio
frequency spectrum, and a larger share of the market. Overcrowding and increasing
space debris are adversely affecting the survivability of satellites. The environment is
therefore becoming more contested, congested, and competitive with the consequent
increase in potential for disruption of operations. Space is being used extensively by
advanced spacefaring nations for supporting military operations, and most new
entrants would also leverage their access for these purposes. A corollary to this is
that all assets in space providing a strategic or military advantage can be designated
as valid targets in case of hostilities. Consequently, advanced nations are making
efforts to dominate and control the environment to protect their interests and assured
access to the realm, and the less capable ones would do the same to gain an
asymmetric advantage through degradation and destruction of systems. Both these
strategies demand development of counter-space threats and counter-cyber threats
capabilities that would include risk mitigation actions. Such capabilities in the hands
of rogue nations or non-state actors, who have limited interests in the space domain,
could be extremely dangerous, even up to the catastrophic level of cascading satellite
collisions. In recent years, national security challenges have necessitated a tacit
acceptance of the use of the space domain for meeting national security objectives.
The discussion about the creation of space forces in some countries – as a new
service branch within the armed forces – to have control over military space
operations is one example of the growing importance of the use of outer space.
Cyberspace is a man-made domain consisting of the interconnected networks of
computing and communication devices and the information contained on these
networks. Satellites and other space assets, just like other parts of the digitized
critical infrastructure, are vulnerable to cyberattacks. When considering our daily
lives, there is not an operation or activity conducted anywhere at any level that is not
somehow dependent on space and cyberspace. This interdependency could be used
to attack space assets from cyberspace. From a cyberspace perspective, it’s irrelevant
how high above the ground a computer is positioned. Cyber vulnerabilities associ-
ated with space-related assets therefore pose serious risks for ground-based critical
infrastructure, and insecurities in the space environment will hinder economic
development and increase the risks to society. Advancements in the cyber domain
have not required a protracted thrust by governments towards its development as the
transformational nature of the technology, its commercial potential and cheaper
access, has caused a self-sustaining expansion of capabilities and capacities. Soci-
eties’ increasing dependence on networks, however, has resulted in a surge in the
number and sophistication of cyberattacks that exploit the hardware or software
4 S. Llopis Sanchez et al.
Space activities have obtained an increased focus in recent years. Within the space
domain, space-based information systems (for the purpose of this publication, space-
based information systems – referred as space systems in the further text – can be
understood as the collection of devices and networks which permit the reception,
processing, exploitation, and transmission of the information having their origin or
destination in any type of space mission, e.g., navigation, telecommunication, earth
observation, weather monitoring, etc.) use a digital infrastructure which connects
primarily ground control stations with satellites. The architecture of satellite com-
munications is composed of a ground segment or control segment, a space segment,
and a user segment. Each segment has its own information exchange requirements
and protection measures. Satellites can retransmit information to other satellites
using relays without the intervention of ground assets. Ground control stations are
connected with other ground tracking stations to exchange information. Ground
stations can deliver commands through the uplink channel to the spacecraft and can
receive data via the spacecraft downlink channel.
In cyberspace – beyond the computer networks, their connections through phys-
ical cables or fiber optics – there are other communication means which are often
forgotten when a threat assessment is performed: the signals. Electromagnetic
6 S. Llopis Sanchez et al.
spectrum forms the invisible propagation medium through which the signals and
their information flow. Electromagnetic spectrum has a remarkable influence in the
space domain given the long distance between space assets and end users. The
convergence between cyber defense and electromagnetic activities for space systems
is even more significant. Reasons for that convergence reside in the need to keep
control over space assets at any time as well as to ensure confidentiality, integrity,
and availability of space operations. In the past, satellites were launched with an
estimated life span of decades. Recognizing that satellites cannot be fixed easily
when they are in orbit, the design of such satellites – expected to be fully operational
for many years – foresaw minor and major software configuration updates to
accommodate future enhancements. This contingency design might extend their
estimated life cycle. In case of performing technical corrections to a satellite,
stringent procedures must be put in place to prevent any disruption. The architectural
design and engineering discipline of space systems are of the utmost importance.
System engineering precepts for verification and validation testing (Byrne et al.
2014) expose security flaws which may not be previously identified by information
security standard practices. The adopted cyber defense posture of space assets is a
trade-off between a technological simplicity to permit defendable systems – which
means fewer entry points known as attack vectors – and robust system architectures.
Simplicity and robustness must go hand in hand, but it is not always feasible.
In this section, some cybersecurity topics relevant for space systems will be
described with an expression of cyber threats and associated risks. The results will
shed some light on challenges and recommended actions.
Although, there are differences in the cyber threats affecting each category of
space missions, a general classification can establish two main groups: (a) those
focused on the information, e.g., infiltration in command and control networks, and
(b) those targeting the space infrastructure, e.g., onboard components, payload, etc.
The availability of cheap jamming devices has demonstrated the threat to global
positioning system (GPS) applications (Cuntz et al. 2012). These threats may fall
under the information category. GPS provides geolocation and timing information to
a plethora of ground satellite receivers. GPS devices assist naval ships and drones to
transit through international waters or to operate planned routes in the air, respec-
tively. GPS spoofing (Falco 2018) has been revealed as a serious threat that could
manipulate the GPS signal by injecting false data in the GPS receiver causing a
miscalculation of the position – once again a clear example of the interrelated
dependencies between electromagnetic signals and cyber defense. To reduce the
impact of such attacks and minimize the risks, e.g., collisions at sea and deception, a
backup to “classical” navigation systems could be an option besides demanding
regulators to establish urgent measures, e.g., anti-jamming or anti-spoofing compo-
nents or add-ons.
The commercial space sector is experiencing an explosion. The rapid emergence
of low-cost microsatellites is characterized by a wide spreading of commercial-off-
the-shelf (COTS) products (Falco 2018). New “CubeSat constellations” could
increase the satellite’s attack surface to potential hackers. Attention must be paid
Cybersecurity Space Operation Center: Countering Cyber Threats in the Space. . . 9
To meet and outpace cyber threats in the space domain, it is recommended to create a
cybersecurity space operations center (CySOC) as the focal point to handle cyber-
security incidents for space missions forming part of a wide area network with other
security operation centers (SOC), computer emergency response teams (CERT), and
security monitoring centers (SMC). CySOC is a threat-driven response with respon-
sibilities to detect and support the mitigation of cybersecurity incidents, train space
operators, and provide expertise about the convergence of cyber defense and elec-
tromagnetic activities to counter-cyber threats. An integral part of the CySOC would
be a full-fledged cyber range for space systems. A cyber range would provide
training, education, exercise, and testing functionalities including the promotion of
a system engineering discipline aiming to build cyber resilient architectural designs
of space systems avoiding architectural points of failure. Security certification and
accreditation of space systems shall be governed by and construed in accordance
with an overall cybersecurity certification framework.
A cyber range could simulate space scenarios including the environmental
conditions present in space. Combining intelligence with cyber operations as part
of the operational activity at CySOC could prevent the materialization of future
attacks. An information sharing network (ISN) would allow the exchange of infor-
mation of cyber threats to other space security centers. The CySOC must provide a
cyber situational awareness capability for space systems contributing to a SSA. A
digital forensic capability as part of an incident handling would permit to conduct
forensic investigations appropriate to support attribution. An interesting concept
would be the development of a mobile deployable CySOC which could complement
the work of a permanent center in situations where it is necessary to conduct on-site
activities, e.g., spaceports and military operations overseas.
10 S. Llopis Sanchez et al.
The need for a cyber defense situation awareness capability (CDSA) is well
documented in cybersecurity-related literature and results from extensive studies in
the domain. CDSA itself is rooted in the application of foundational situation
awareness (SA) concepts as applied to the cyber domain. Although there may be
variants, the work of Mica Endsley (Endsley 1995a) and her decision-making model
is still widely accepted as the foundation, including three levels of situation aware-
ness (SA): perception, comprehension, and projection. Fundamental to development
of any level of cyber operator SA is implementation of an appropriate means to
monitor the cyber environment through collection of cybersecurity-relevant data and
transforming this into information useful for the operator understanding. A CySOC
provides a focal point for this essential capability of data collection and information
transformation.
The CySOC focuses on the early detection of an event that may reveal an
incident. It provides the necessary tools to help the analyst not only to timely classify
the event but also to identify effective mitigation measures. In an effort to enhance its
proactive capabilities, it will utilize any available input including a direct user input,
through a call center. In addition, various threat intelligence feeds are a valuable asset
to identify threats and develop mitigation measures.
Since the security analysts are not normally in control of the operational systems,
the CySOC team works closely with the monitored system’s administrators who
implement the resulting mitigation measures. This close collaboration is also essen-
tial for continuous security protection optimization and sensor tuning to enhance the
cybersecurity resilience.
As a baseline, the functional role of the CySOC is a derivation of cyber situation
awareness, providing:
(a) Knowledge and understanding of the current state of the monitored systems
(b) Timely and accurate assessment of potential threats
(a) Circumstances (how and why) that allowed this incident to occur
(b) Identification of affected assets
(c) Evaluation of the extend of the compromise
(d) Identification of indicators of compromise (IOC)
Cybersecurity Space Operation Center: Countering Cyber Threats in the Space. . . 11
Finally, the CySOC can produce meaningful reports containing situational aware-
ness data, system statistics, and regulatory compliance status as deemed necessary
per network/mission.
As already introduced above, the application of resulting mitigation measures is
out of the scope of the cybersecurity operations. The role of the CySOC is strictly
advisory to the monitored system’s administrators who are responsible for the final
decision and application of a mitigation strategy.
Commonly, cybersecurity operations center services are divided into the follow-
ing three service packages to cover different needs of the monitored entities based on
their internal cybersecurity capabilities and risk assessment:
• Call center: In the form of a call center, utilizing telephone, email, and ticketing
system, the CySOC is receiving input from the users of the monitored system as
an extension to the deployed sensor. The user reports aim to enhance the capa-
bility of early incident detection covering advanced threats able to evade the
monitoring infrastructure.
• Proactive real-time monitoring and prioritization: Aggregating and analyzing all
security events from IT and operation technology (OT) systems, as well as any
necessary preprocessing and visualization to provide an overview of the current
situation. This encompasses immediate analysis of real-time events and data feeds
such as alerts from various intrusion detection systems or other system logs. The
objective is to spot probable immediate threats or incidents that require the
attention of the monitored entity.
• Reporting: Production of meaningful reports containing system statistics and
regulatory compliances status as deemed necessary per network/mission.
Managed detection and response support will normally include the following
functions:
• Incident and threat analysis: Involving the in-depth analysis of events that are
categorized as an alert indicating a probable incident. This capability usually
involves detailed analysis of various data artifacts from different sensors and
systems.
• Situational awareness: Providing knowledge and understanding of the current
state of the IT/OT systems, which can provide timely and accurate assessment of
the effectiveness of the mitigation strategy.
• Incident response support and collaboration: A key capability providing the tools
(both technical and administrative) to support an effective response by the
monitored entity to a successful cyberattack. The CySOC will collaborate with
the monitored entity in order to identify in a timely manner the most effective
mitigation measures to contain and minimize the impact of a cyberattack. This
involves working with affected system owners to gather further information about
an incident, understand its significance, and assess the potential mission impact.
• Reporting: Expands on the MTD service reports to include development of
targeted threat intelligence data for the space sector.
Specialized Services
The specialized services utilize the advanced capabilities of the CySOC to support
specific needs of the monitored entity. Those services can be provided on demand
and may be totally independent from the other services or build upon those:
Concept of Operations
The cybersecurity operations team is organized into three teams, called Tiers, Tier-1,
Tier-2, and Tier-3, organized under a technical leader and managed by a service
manager.
Tier-1 and Tier-2 analysts compose the proactive detection and analysis team.
The team is responsible for identifying threats having the Tier-1 analyst to perform
continuous monitoring of the alert queue (system generated or by the call center) and
triaging security alerts escalating them to Tier-2 analyst for further investigation and
deep-dive incident analysis. The team is also responsible for identifying mitigation
measures under the supervision of the technical leader supported, when required, by
the advisory team. They coordinate with the asset owners under threat for a timely
and effective response providing recommendations only (no actions upon the mon-
itored system) and situational awareness reports. In the case of MTD service, the
team is limited to triage of alerts leaving the further investigation and response to the
asset owners.
Real-time monitoring is dependent on the necessary presence of cybersecurity-
related sensors, log collection and aggregation, event correlation, and operation of
security information and event management (SIEM) tools.
Tier-3 analysts form the security advisory team. The team is composed by
specialists that possess in-depth knowledge in one or more of the following fields,
network security, endpoint security, threat intelligence, forensics, and malware
reverse engineering, as well as the functioning of specific applications or underlying
IT/OT infrastructure, acting as an incident “hunter,” not waiting for escalated
incidents and closely involved in developing, tuning, and implementing threat
detection analytics. Their functions include:
• Proactive detection and analysis team support: As subject matter experts, they
support in incident response operations.
The above functions of Tier-3 analysts are aided by cyber simulation technolo-
gies. A fully functioning cyber range provides the means to analyze current and
potential threats evaluating security feeds and hunting potential threats. The cyber
range having the capacity to represent the monitored systems at high fidelity offers
the optimal means to conduct the Tier-3 functions.
The service manager has a complete view and responsibility for the state of the
service leading the daily operations. The technical leader is the senior security
analyst of the proactive detection and analysis team. He has the full view of the
service and the service operations status and is responsible for the coordination of
CySOC operations.
system operations or physical security operations, with each having their respective
roles as final decision authority for implementation of the recommended mitigation
response.
Introduction
Space agencies are facing the challenge to educate and train a workforce that will be
required to operate in an increasingly contested and complex space environment that
may be affected by deliberate adversary cyber operations (Martin and Inspector
General 2012). Space operations are moreover increasingly reliant on information
system technology, and even though increasingly efforts are being dedicated to
better securing networks and systems, no system of systems will ever be entirely
cybersecure. Therefore, a paradigm shift is needed from information assurance to
mission assurance, which has to be considered in the context of complex systems
that comprise not only physical and information assets but also cognitive and social
domains. Subsequently solutions need to be designed for cyber resilience with the
human operator as an integral part of the solution to ensure mission control in a
degraded information environment.
At this time few opportunities exist for space operators to develop a clear
understanding of how cyberattacks impact the systems they manage or a space
mission as a whole. When cyber events are considered in a training exercise, they
are typically developed in an isolated storyline out of fear that the potential cascad-
ing effects might interfere with the other training objectives. Given the principle that
you “fight like you train,” it is however essential to incorporate realistic cyber
scenarios into a significant part of the education and training exercises, in order to
produce a workforce that is capable of mitigating the effect of cyber incidents in an
operational space system environment.
The design of cyber injects for training non-cyber operators can be performed in
two possible ways (McArdle 2019). The “systems engineering approach” consists in
first identifying an attack vector (weaponized file, social engineering, hardware of
software supply chain, etc.) and subsequently the target of the attack (organization,
mission, network, system, etc.). Next the specific effects of the identified attack
opportunity are estimated, such as induced system failures, denial of service, and
data exfiltration, and this effect is then simulated to the trainees.
The second approach is an “information assurance approach,” which is based on
the confidentiality, integrity, and assurance (CIA) triad. By applying the loss of one
or more of the CIA attributes to a specific system, the result on the broader
encompassing systems of systems, on the mission or on the organization, is esti-
mated and presented to the trainee during the training. Certain observable effects of
cyberattacks may be difficult to be distinguished from more innocent technical
failures; however, both situations require a different response. Therefore, it is
important that trainees learn to recognize a cyberattack in order to trigger the
appropriate response and recovery. This is therefore also a training objective.
Cybersecurity Space Operation Center: Countering Cyber Threats in the Space. . . 17
Training Environments
When training a space workforce, the option of training cyber incidents with live
systems is not an option. This can be circumvented through the use of a high-fidelity
synthetic training environment, where the operators interact with a virtual environ-
ment that runs as much as possible the real software systems combined with models
and simulations of the physical phenomena the systems normally interact with.
Synthetic systems exist for specific simulations or trainings. However, they are
often tailored to a specific task and siloed, which makes it hard to integrate them
into a complete synthetic training environment. It is therefore necessary to encourage
simulation system developers to open up their systems and to develop federation
technologies to interconnect them. It is essential to be able to run multi-domain
simulations, covering all ground segment systems and radio links, as well as all
aspects of the space segment ranging from the power management subsystem,
attitude determination and control, communications, computing and data handling,
to all possible payloads (Cayirci et al. 2017). This will make it possible to design
realistic scenarios that confront the trainees with their day-to-day user interfaces and
with a realistic baseline system behavior.
The goal of the non-cyber workforce is not just to train them for identifying cyber
incidents but also for training the interaction with the cyber workforce, so they know
the procedures, the contact points, the information to provide, how not to destroy
valuable forensic information, etc. Finally, the ultimate goal is to create a digital twin
of the systems that the trainees are being trained for. A digital twin is a virtual
representation of a system that has been loaded with the real-world inputs and
environmental parameters that were acquired on the real-world system so that it
can be used to accurately simulate the real-world system’s behavior.
satellite itself in order to mislead the operators. Finally, they can also resort to
blended strategies, where they combine kinetic attacks, like jamming or sabotage,
with non-kinetic cyberattacks that reinforce and prolong the effect of the physical
attack.
The education and training processes will have to be periodically evaluated and
improved in order to ensure that they achieve the objective of a cyber-skilled
workforce. Alongside the typical evaluation approaches for more scholarly educa-
tion as well as for operational training activities, it will be necessary to ensure that
the cyber-related objectives for the training have been achieved. More in particular
the question that needs to be answered is whether the staff members, both in cyber
and in non-cyber positions, are able to take the appropriate decisions with respect to
cyber incidents and events.
A valuable approach for measuring in an objective way whether the trainees have
observed and appropriately processed the necessary information to support their
decisions is the situation awareness global assessment technique (SAGAT) (Endsley
1995b) that was developed by Mica Endsley and is based on her decision-making
model with three levels of situation awareness (SA): perception, comprehension, and
projection. SAGAT is an on-line approach for real-time, human-in-the-loop trainings
that freeze the simulation at specific moments during the training and query the
subjects on specific information elements situated at the three levels of SA. Unfor-
tunately, the fact of freezing a complex training scenario does have an effect on
trainee performance (Matthews et al. 2000); therefore, it may be more appropriate to
use real-time probing by sending SA questions to the trainees as a part of the normal
exercise communication (Jones and Endsley 2000). Since the probing should not
disturb the normal operation of the trainee too much and therefore the sampling rate
and size shall be limited, it may be useful to complement it with nonintrusive expert
behavior observations, for instance, based on the situation awareness behaviorally
anchored rating scale (SABARS) approach (Strater et al. 2001).
It must finally also be noted that cyber range-based trainings could be used for
selecting operators or for verifying the required skills for candidate operators before
they start a long and expensive training, in a similar way as Liu et al. did to select
astronauts to be trained into qualified robotic operators (Liu et al. 2013).
Conclusions
capabilities possessed a few years ago only by government security agencies are now
in the commercial domain.
Space and cyber, both technologically intensive domains, need to be harnessed
optimally for national security. Formulation and articulation of an all-encompassing
national security policy would help define domain-specific strategies and roadmaps.
There is a global trend towards increased instability in these domains as nations
develop counter-space threats and counter-cyber threat capabilities. Consequently,
space has been labeled as the fourth, and cyber the fifth, dimension of warfare.
The threat manifests itself in a variety of forms on a daily basis. Lacking a
coherent way forward, the collective accumulation of the variety of impacts from
the myriad of cyberattacks across the breadth of critical systems could serve to drain
western innovation, economy, and commerce without reaching the threshold of
triggering meaningful government and military and commercial engagement and
response. There has never been a more important time or imperative for us to act
upon this issue given the increasing potential existential threats posed to our
societies and make this a more central element of our public agenda. The potential
exists for a revolution to drive space-based security.
Disclaimer This article is a product of the authors. It does not represent the opinions or policies of
the European Defence Agency or the European Union and is designed to provide an independent
position.
References
Byrne DJ, Morgan D, Tan K, Johnson B, Dorros C (2014) Cyber defense of space-based assets:
verifying and validating defensive designs and implementations. Proc Comput Sci 28. http://
www.sciencedirect.com/science/article/pii/S1877050914001276
Cayirci E, Karapinar H, Ozcakir L (2017) Joint military space operations simulation as a service. In:
Proceedings of the 2017 winter simulation conference. IEEE Press
Cuntz M, Konovaltsev A, Dreher A, Meurer M (2012) Jamming and spoofing in GPS/GNSS based
applications and services – threats and countermeasures. In: Aschenbruck N, Martini P, Meier
M, Tölle J (eds) Future security 2012, Communications in computer and information science,
vol 318. Springer, Berlin/Heidelberg
Endsley MR (1995a) Toward a theory of situation awareness in dynamic systems. Hum Factors:
J Hum Factors Ergon Soc 37(1):32–64
Endsley MR (1995b) Measurement of situation awareness in dynamic systems. Hum Factors 37
(1):65–84
Falco G Job one for space force: space asset cyber security; cyber security project, Belfer Center for
Science and International Affairs. Harvard Kennedy School, July 2018. https://www.
belfercenter.org/publication/job-one-space-force-space-asset-cybersecurity
Jones DG, Endsley MR Can real-time probes provide a valid measure of situation awareness. In:
Proceedings of the human performance, situation awareness and automation: user-centered
design for the new millennium, Savannah, GA (2000)
Liu AM et al (2013) Predicting space telerobotic operator training performance from human spatial
ability assessment. Acta Astronaut 92(1):38–47
Martin PK, Inspector General Nasa cybersecurity: an examination of the agency’s information
security. US House of Representatives, Feb (2012)
20 S. Llopis Sanchez et al.
Matthews MD et al (2000) Measures of infantry situation awareness for a virtual MOUT environ-
ment. In: Proceedings of the human performance, situation awareness and automation: user
centred design for the new millennium conference
McArdle J (2019) Rethinking cyber training for the non-cyber warrior, conference summary and
conclusions, Pell center for international relations and public policy. https://pellcenter.org/wp-
content/uploads/2019/01/McArdle-Rethinking-Cyber-Training-Final.pdf
Strater LD et al (2001) Measures of platoon leader situation awareness in virtual decision-making
exercises. No. SATECH-00-17. TRW INC Fairfax VA Systems and Information Technology
Group
United States Defence Intelligence Agency, Challenges to Security in Space, January 2019
United States Department of the Army, FM 3-12 Cyberspace and electronic warfare operations,
April 2017
United States, Joint Publication 3–13.1 electronic warfare, 8 February 2012
Zatti S, The protection of space missions: threats and cyber threats; information and systems
security. In: 3th international conference, ICISS 2017, Mumbai, India, 16–20 Dec 2017,
Proceedings