12 Low-Cost Steps to Strengthen Your Security in Space
July 22nd, 2019The community served by Via Satellite has a history of innovation, with decades of proven performance in delivering capabilities from space. Businesses and individual consumers now leverage space solutions that are so integrated into our way of life that we have grown dependent on them.
New threats are arising to the use of space. China, Russia, and others now have stated military doctrine and advanced capabilities that can disrupt space services.
This is the topic of a new report by the U.S. Defense Intelligence Agency (DIA), titled “Challenges to Security in Space,” which provides some key insights into the counter-space capabilities of nations. DIA released this report with a goal to, “support a deeper public understanding of key space and counterspace issues and inform open dialogue and partner engagement on these challenges.”
“The advantage the U.S. holds in space — and its perceived dependence on it — will drive actors to improve their abilities to access and operate in and through space,” the report states. “These improvements can pose a threat to space-based services across the military commercial and civil space sectors.” In the report, Russia and China are named as leading threats, with half of the report focused on covering the capabilities and threats posed by each country. But, the report also underscores Iran and North Korea’s space-based offensive capabilities.
The report was written in a clear and understandable way, including, succinct articulations of key space technologies and counterspace concepts. This makes it readable for a wide audience and should be helpful in getting more ideas into the mix on how to harden space systems and the businesses that depend on them from potential attack.
What Should the Business Decision-Maker Should Do About This?
The DIA report provides useful insights that are rarely discussed in open venues. This is a positive step in helping inform the business community. However, the report does not provide actionable recommendations for industry. It is not the charter of DIA to provide space threat hardening guidance to the satellite industry or risk mitigation guidance to businesses that depend on space. But clearly, there is a need for action in these domains.
As a veteran of both the space and cybersecurity communities, I recommend that the industry take the following steps to protect themselves from and preparing for potential attacks:
1. Establish a focal point in your organization to track threats and to track best practices for resilience of systems.
2. Join with peer organizations in collaborating on best practices for threat mitigation and for exchanging information on the nature of the threat. A good model for how this works in the cybersecurity community is the Information Sharing and Analysis Center concept, which is an industry-lead approach that also exchanges information with the government.
3. Provide training to your engineering and development workforce so they know the nature of the threat and can assist in thinking through optimal countermeasures to increase resilience of systems.
4. Seek external design reviews for the full system, including ground stations, to ensure appropriate risk mitigation measures can be put in place.
5. Establish and practice incident response plans and train the executive team in incident response to space threats (via tabletop exercises).
6. Assess your firm’s dependence on space. This includes understanding the use of space to communicate, as well as any inputs to the firm’s decision-making process that come from data collected from assets in space.
7. After assessing dependence on space assets, assess space-related risks. We recommend doing so through scenario-based evaluations involving the materialization of risks.
8. Decide who in the executive team is responsible for understanding and mitigating risks due to war in space.
9. Ensure that your leadership team is involved in developing response and recovery plans tailored to dependence on space and the risks to business. Document response and recovery plans as part of an overall disaster recovery process.
10. Develop incident response processes aligned with the business. This may include leveraging an internal Security Operations Center as a hub of information during an incident.
11. Practice incident response including periodic executive-level tabletop exercises that run through scenarios of space-based incidents.
12. Periodically evaluate space incident response plans and dependence on space by using independent evaluation, verification, and validation services.
The steps above are all relatively low cost and can help businesses in the space community and those dependent on our services to mitigate risks. VS