Vulnerabilities The research paper highlights some of the most important vulnerabilities: use of commercial companies; ‘back-doors’; dual use of satellites; and supply chain security of space technology.
Chatham House reports have touched on these topics before.
This can result in data or data traffic monitoring, inserting false or corrupted data in the system, or even the permanent loss of a satellite.
As with every other technology, people have the potential to be the weakest link in the cyber defence of space-based assets – social engineering is an important tool for the adversary.
Space-based assets as targets for cyber attacks Strategic military systems depend on space-based assets for the provision of data and for many capabilities, such as positioning, navigation and timing (PNT), intelligence, surveillance and reconnaissance (ISR), missile defence, communications, space situational awareness (SSA) as well as environmental monitoring.
For accurate timing and navigation in PNT systems, NATO uses the global positioning system (GPS) which is also well known and widespread in civil use.The research paper also highlights the aspect of NATO’s dependency on member states for communication capacity as a possible source of vulnerabilities.NATO owns satellite communications (SATCOM) ground stations, but no satellites; it is therefore highly reliant on allies to provide space-sourced data, information and services.In addition, ensuring the security of space capabilities is mostly in the hands of the allies.This puts NATO into a position where its main option to protect capabilities of vital importance is to encourage allies to put effort into securing the space-based assets and foster cooperation in space-based systems cyber security. During the Brussels Summit in 2018, the Alliance recognised space as a ‘highly dynamic and rapidly evolving area, which is essential to a coherent Alliance deterrence and defence posture’ and on 27 June 2019, it approved new space policy.Therefore, NATO does not rely only on military assets, but also uses commercial, civilian and national or multinational assets for operations.Even though commercial methods have proven to be effective, they are accompanied by the inherent risk of lower security requirements.State of Cybersecurity 2019, Part 1, examines workforce issues and security budgets.State of Cybersecurity 2019, Part 2, looks at current attack trends and governance.View Study Results For the fourth year in a row, ISACA has surveyed security leaders worldwide to determine their insights and experiences with key cybersecurity issues, ranging from workforce challenges and opportunities to the emerging threat landscape.Part 2 of the report is now available and provides key insights into the current trends in the threat landscape and defense techniques.