Cyber Threat Landscape

It is predicted that over the next 20 years, access to space will become increasingly contested,
degraded and operationally limited. Space systems will face an increasingly wide range of man-
made threats, not only in space against the actual space systems, but also in cyberspace against
the computer networks supporting space mission systems.
Space systems in particular, relied on physical separation and logical segmentation as the
primary method for cybersecurity. This “stand alone” reliance served to negate the need for
additional cybersecurity and defensive cyber capabilities for space. However, there have been
multiple instances of isolated networks being breeched through various techniques including the
introduction of malware through air gap transfer procedures, unknown/undocumented
connections to other networks, radio acoustic signaling, and even thermal manipulations of
equipment enabling data to be transferred without any dedicated hardware
As demonstrated by the Stuxnet worm, cyber actors have developed the capability to physically
damage equipment through the use of malicious logic on systems separated from the public
internet. The so-called "air gap" can be bridged through multiple means, and the space
community at large can no longer assume the network is secure based on the air gap alone.
Another issue complicating the defense of the space systems, is the nature of the Cyber domain
itself. The cyber domain exists in multiple layers; the first layer exists in the physical world as a
series of devices and signals, the second layer exists as a logical layer of data and metadata
(essentially interpretations of the physical signals given form), and when this layer is coupled
together with human behaviors and actions it creates the third layer which is the "cyber persona"
layer (effectively a cyber "identity" unique to each individual). Additionally, each of these layers
may correspond to different geo-political boundaries and thus different laws, standards, and
customs. Attributing actions to any specific country, organization, individual, or even a specific
device is difficult, and requires close coordination with other Government and transnational
agencies
Attacks can be used in combination at each layer to achieve various effects in cyberspace. The
loss of a power plant due to kinetic attacks (such as a bomb or missile) or non-kinetic attacks
(such as a cyber-attack) may achieve primary and/or secondary effects on operational mission
systems by causing a site to lose power. The loss or destruction of logical data may impact the
ability of an organization to function, and even more insidiously, the unauthorized modification
of data may alter systems and personal behaviors in a way which is advantageous to the
adversary
Additionally, Nation States, who are the most likely to target GPS systems are and will continue
to utilize Cyber capabilities to augment their Diplomatic, Information, Military and Economic
(DIME) objectives in the domain of space. Economically, GPS space system are considered one
of the most advanced satellite ground control systems in the world; the engineering,
configuration, and contracting data represents a prime target for nations attempting to build their
own satellite control infrastructure. The data which flows across GPS systems supports many
essential missions for both civilian and other national assets, this data makes GPS systems a
primary target of exploitation for the achievement of military and political objectives. An
example of this would be the use of GPS system to find and report the movement of friendly
forces to adversaries in near-real time.
Nation States motivated to attack the GPS space systems will not limit their capabilities based on
economic incentives and will execute targeted campaigns against all aspects of the GPS Space
Enterprise, including the individuals supporting it, as needed to achieve their goals.

Threat Actors
Listed below are example of potential threat actors
Insider Threat. Threats are not limited exclusively to outsiders but can originate from within
organizations as well. The insider threat is an actor who has access to networked resources
within an organization. The insider threat is manifested when humans depart from compliance
with established policies and procedures, regardless of whether it results from malice or
negligence.
Unintentional Insider Threat. An unintentional insider threat is a current or former authorized
network user who has (or had) access to an organization’s network, system, or data and who,
through action or inaction without malicious intent, causes harm or substantially increases the
probability of future serious harm to the confidentiality, integrity, or availability of the
organization’s information or information systems.
Nation States
1. China: In 2007, the Chinese demonstrated their ability to destroy a satellite in orbit, and
since then have been improving their non-kinetic capabilities like signal jamming and
cyber-attacks against ground control systems
2. Russia: October 2017, the Russian Ministry of Defense deployed a space object they
claimed was a space apparatus inspector whose behavior “was inconsistent with anything
seen before from on-orbit inspection or space situational awareness capabilities,
including other Russian inspection satellite activities.” Per an open source report by
curnationalinterest.org
Both Russia and China continue to launch 'experimental' satellites that conduct sophisticated on-
orbit activities, at least some of which are intended to advance counterspace capabilities. Per the
U.S. office of the Director of National Intelligence “Russia and China continue to publicly and
diplomatically promote international agreements on the non-weaponization of space and "no first
placement" of weapons in space. However, many classes of weapons would not be addressed by
such proposals, allowing them to continue their pursuit of space warfare capabilities while
publicly maintaining that space must be a peaceful domain,"
Threat Vectors
The current cyber threat vector can be determined by analyzing potential objectives that an
adversary would wish to achieve on a space system vs the type of vulnerabilities that a GPS
system may have.
Types of Adversarial objectives
1. Destroy: To damage a system or entity so badly that it cannot perform any function or be
restored to a usable condition without being entirely rebuilt
2. Disrupt: To break or interrupt the flow of information.
3. Degrade: To reduce the effectiveness or efficiency of C2 [command and control] or
communications systems, and information collection efforts or means of GPS system.
4. Deny: To prevent friendly forces from accessing and using critical information, systems,
and services.
5. Deceive: To cause a person to believe what is not true. This goal seeks to mislead
firendly decision makers by manipulating their perception of reality by mostly feeding of
false or misleading data.
6. Influence: To cause friendly forces to behave in a manner favorable to adversarial forces
Types of vulnerabilities
1. Missing/weak data encryption
2. End of life Operating systems
3. Hardware vulnerabilities
4. Software vulnerabilities
5. Database Communication Protocol Vulnerabilities
6. Missing/weak authentication
7. Missing/weak authorization
8. Unrestricted upload of file types
9. Data link Saturation and exhaustion
10. No integrity checks on Critical files
11. Use of broken/weak algorithms
12. Path traversal of file shares
13. Known Bugs
14. Weak passwords
15. Supply chain
16. Bandwidth exhaustion
17. Employees
18. Removable media
19. Misconfigurations
20. Weak Auditing capabilities
By combing the two type you can determine the most likely threat vector of a system
 Destroy Disrupt Degrade Deny Deceive Influence
1. Missing/weak
data encryption
2. End of life
Operating
systems
3. Hardware
vulnerabilities
4. Software
vulnerabilities
5. Database
Communication
Protocol
Vulnerabilities
6. Missing/weak
authentication
7. Missing/weak
authorization
8. Unrestricted
upload of file
types
9. Data link
Saturation and
exhaustion
10. No integrity
checks on Critical
files
11. Use of
broken/weak
algorithms
12. Path traversal of
file shares
13. Known Bugs
14. Weak passwords
15. Supply chain
16. Bandwidth
exhaustion
17. Employees
18. Removable media
19. Misconfiguration
s
20. Weak Auditing
capabilities