ANALYSIS: Acknowledging Space Systems as ‘Critical Infrastructure’
Wiki commons via Emmanuel Briot
The Department of Homeland Security has a list of 16 critical infrastructure sectors it considers “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The industries and sectors are: chemical, communications, dams, emergency services, financial services, government facilities, transportation, commercial facilities, critical manufacturing, the defense industrial base, energy, food and agriculture, healthcare, nuclear reactors and water systems.
That exhaustive list would just about cover everything, one would think, but there is an increasing chorus wondering why space systems are not included.
That question came up several times during the recent Satellite 2022 conference, which took place in Washington, D.C., in mid-March.
“We are facing incredible threats,” said Pete Hoene, president and CEO of SES Government Solutions, a subsidiary of SES, a telecommunications services provider headquartered in Luxembourg.
There are “a wide variety of other issues that are coming into the fold here as we see what’s happening in Ukraine,” he said at the conference.
The annual trade show is mostly devoted to the commercial space sector: the multinational satellite communications companies, and increasingly businesses that sell remote sensing data and images.
A walk down the aisle of the exhibit hall demonstrated the industry is much more than the companies that provide global telecommunications: it’s the satellite manufacturers, the small businesses that supply subsystems, the launch companies, ground-station servicers, and cybersecurity providers.
Many of these companies didn’t exist two decades ago when DHS was conceiving its critical infrastructure list. The oft-repeated refrain at this conference and the annual Space Symposium in Colorado Springs was that Home Depot attracted more investors every year than the entire space sector.
But that changed in a hurry beginning with the then virtually unknown Elon Musk, who declared that he would take the $1 billion or so he earned selling his share of PayPal and start SpaceX.
Others followed suit. The National Geo-Spatial Intelligence Agency declared that it would buy space imagery from private sector companies.
Remote sensing was once the purview of the military and spy agencies and less secretive NASA and NOAA for Earth observation. The space-data-as-a-service industry took off.
Today, the space industry is burgeoning, but so are the threats.
Executives who spoke at the Satellite 2022 conference had a joint FBI-Cybersecurity and Infrastructure Security Agency “Shields Up” memo fresh in their minds as well as a cyberattack on one of their own. ViaSat suffered an attack at the outset of the Ukraine war, which according to press reports, knocked out users’ modems throughout Europe.
The March 17 memo warned of possible cyberattacks on domestic and international satellite systems “given the current geopolitical situation.”
Satellite systems are prone to a variety of threats. As recently as November, Russia conducted an anti-satellite test by destroying a defunct spacecraft using an anti-ballistic interceptor missile.
They are also vulnerable to signal jamming, laser dazzling — which blinds remote sensing satellites — and cyberattacks, both in space and directed toward ground systems.
There is even the threat of “killer satellites,” maneuverable spacecraft that could potentially cripple spacecraft using robotic arms, or slam into them kamikaze style.
There is also a more terrestrial concern as supply-chain security comes to the fore globally. Several panelists brought up the need to ensure that spacecraft components have not been tampered with before they go onboard.
“While space is not designated technically as critical infrastructure, I think we can all agree that all of the critical infrastructure sectors rely on space,” said Sam Costa, the national counterintelligence officer for space at the Office of the Director of National Intelligence.
“The commercial space industry is just continuing to grow beyond what anybody ever thought would happen,” Costa said. Government agencies involved in space are trying to meet on a weekly basis to report on threats, and they want to bring the commercial providers into the conversations, he added.
Private sector companies are “the first line of defense,” and they should have all the tools they need to protect their assets, he added.
Military and other government satellites come with more protection than the commercial providers wish to pay for, yet the military is a huge consumer of the bandwidth the telecom companies provide. And as such, they could be targets in a potential conflict.
“If you look at these sophisticated threats, if you look at what we’ve seen, even over … Ukraine, if you look at some of our other competitors, we’ve got to be prepared for that type of environment,” said Maj. Gen. Robert Collins, Army program executive officer for command, control, communications-tactical.
While the military is a big customer, it only uses 10 to 15 percent of SES satellites’ capacity. The rest is non-military communications that don’t require as much protection, Hoene pointed out.
He repeated what satcom operators have been saying at the Satellite conference for years: Industry is willing to invest in more protection if the Pentagon would make long-term commitments to leasing capacity.
“We really do need a long-term partner so that as owner operators, we can invest in the capabilities that the U.S. government wants and needs,” he said.
Meanwhile, the government is taking steps to add space to its critical infrastructure list.
In May 2021, CISA formed the space systems critical infrastructure working group, “a mix of government and industry members that will identify and develop strategies to minimize risks to space systems that support the nation’s critical infrastructure,” a statement said.
For the private sector, reporting both attacks and attempted attacks so the threats can be shared remains voluntary.
Costa said — in light of the FBI and Cybersecurity and Infrastructure Security Agency memo warning of immediate threats to space systems — that companies need to “lower their threshold” on reporting incidents.
The multinational telecommunications firms have shareholders they must answer to and don’t always want to share vulnerabilities.
Hoene pointed out that SES and the major satcom companies participate in the “commercial integration cell” at the Combined Space Operations Center at Vandenberg Space Force Base, California.
They have representatives there trying to make sense of disruptions and locate their origins.
“That information is shared to a certain degree,” Hoener said. “There is some sensitivity there, but I think that’s an improvement. And the interagency processes have improved over the last few years as well.”