Offensive Cyber in Outer Space

The most cost-effective and simplistic cyber attack in outer space with the intent to bring down a targeted space asset is likely to use space junk that still has fuel and respond to communications – and use them to ram or force targeted space assets out of orbit.  The benefits for the attacker – hard to attribute, low costs, and if the attacker has no use of the space terrain then benefit from anti-access/area denial through space debris created by a collision.

The life span of a satellite is between five and 30 years, and even afterward it can still be orbiting with enough propellant to move through space and with functional communications which could be reactivated. Space contains thousands of satellites, both active and inactive, launched by numerous organizations and countries, hosting 5,000+ space-borne transponders communicating with Earth. Every transmission is a potential inlet for a cyber attack. Older satellites share technological similarities, providing opportunities to cyber-exploit industrial systems for control and processing. Supervisory control and data acquisition (SCADA) systems within our municipalities, facilities, infrastructure, and factories are designed and built on older technology and hardware, sometimes designed decades ago, and the software is seldom updated. These SCADA systems are considered a strategic vulnerability and have drawn growing attention from the US cyberdefense and homeland security communities in recent years as critical infrastructure is now a top priority. The lack of up to date security features within utilities and other critical infrastructure is mirrored in outer space. Satellites may be based on hardware and technology from the 1980/1990s for one straightforward reason—they are unlikely to be upgraded after they have been launched into space.

Terrestrial cyber attacks are a single exploit on thousands, if not millions, of identical systems, and the exploit will be eliminated afterward by updates or upgrades. The difference between satellites and terrestrial cyber exploits is that a satellite is in many cases custom made or in relatively small series, whereas the computing design is proprietary. Cyber attacks in space exploit a single system, or a limited group of systems, within a larger group of satellites. These spaceborne assets have a variety of operating systems, embedded software, and designs from disparate technological legacies. As more nations engage in launching satellites with a variety of technical sophistication, the risk for hijacking and manipulation through covert activity increases. A satellite’s onboard computer (OBC) can allow reconfiguration and software updates, which increase its vulnerability to cyber attacks. A vulnerable satellite that will be orbiting for the next ten years can be preset by a cyber perpetrator for unauthorized usage when needed.

Even with the most-advanced digital forensics tools, tracing a cyber attack is complicated on terrestrial computer systems, which are physically accessible. Space-borne systems do not allow physical access, thus, lack of access to the computer system nullifies several options for forensic evidence gathering. The only trace from the perpetrator is the actual transmissions and wireless attempts to penetrate the system. If these transmissions are not captured, the trace is lost.

If the adversary is skilled, it is more likely the attribution investigation will end with a set of spoofed innocent actors whose digital identities have been exploited in the attack rather than attribution to the real perpetrator. A strong suspicion would impact interstate relations, but full attribution and traceability are needed to create a case for reprisal and retaliation. Attribution can be graduated, and the level varies as to what would be accepted as an “attributed” attack. The national leadership can accept a lower level of tangible attribution, based on earlier intelligence reports and adversarial modus operandi than the international community might demand, but it is restrained in taking action. China has had a growing interest in building cyber warfare capabilities and is one of several nations that would have a sincere interest in degrading US space assets. Currently, nation-states are restrained by the political and economic repercussions of an attributed attack, but covert cyber war targeting US space assets removes the restraint of attribution.

A cyber attack resulting in a space collision would lack attribution and thus would be attractive to our covert adversaries. A collision between a suddenly moving foreign satellite and a mission-critical US satellite is neither a coincidence nor an accident. Even if there is no collision, a satellite on a potential collision course would force the targeted satellite to move and adjust position – and could eventually run out of fuel – and during these adjustments have degraded service levels.

 However, without attribution, it does not matter that this is so obvious. Other forms of direct and indirect attack would be traceable to an attacker, which could result in military, economic, and political repercussions. In criminology, we know that the major consideration of a perpetrator for premeditated acts is the risk of getting caught. The size of any repercussions if caught is secondary. If a cyber attack can destroy or disable US satellites with no attribution or traceability, it is likely to be considered by those who are openly adversaries and certainly by those who are covert. From a cyber warfare perspective, this creates an opportunity for a third party to hack and hijack a satellite with the express purpose of colliding with a mission-critical US satellite.

The attack could be either a direct collision or an indirect attack using the debris cloud from another collision. The hijacked ramming satellite can come from any country or international organization. The easiest way to perpetuate this attack would be to hijack satellites from countries less technically advanced or from less-protected or outdated systems.

Post-mission disposal (PMD), the UN-initiated international effort to remove satellites after their productive life spans, would require satellites to be removed from space within 25 years after their mission ends. Naturally, it could happen earlier than 25 years, but it can also be a drawn-out process, as there are currently no tangible sanctions for noncompliance. If a satellite has a lifespan of 10–20 years, the additional 25-year allowance would increase the total number of years when the satellite can be remotely commanded to 35–45 years. Satellites launched in 1977, 1987, and 1997 are already technically outdated and several technology generations behind. The time between launch and end of the operation for a satellite is the foundation for its cyber vulnerability. It is a sound financial decision to use a satellite to the full extent of its lifespan. However, the question becomes Is it worth the risks? We must keep in mind technical leaps made since early space launches and what vulnerabilities could be embedded when space is populated by 25- to 45-year-old assets that can still navigate. Since technology today develops so quickly, PMD, in reality, increases the risk of cyber attack by hijacked satellites because it prolongs the time a satellite can be remotely commanded by radio signals exploiting obsolete and outdated communication equipment.

In a future near-peer conflict, one of the potential adversary’s goals is early in a conflict separate the Joint Force in spaces, time, and functions (TRADOC Pamphlet 525-3-1). Cyber attacks in outer space are no longer science fiction; it is a valid concern.

Jan Kallberg, PhD

Area Denial in Outer Space

Any future nation-state adversary surely understands the U.S. reliance on satellite communications for global military operations. Therefore, they likely understand there is a crude and unsophisticated way to disturb and degrade satellite communication, an IED of outer space that can be introduced, by polluting orbits with shrapnel and debris that are likely to damage any space-borne assets in their way. Essentially, an adversary can choose between two types of noncyber anti-satellite attacks: direct kinetic and indirect kinetic. While a direct kinetic anti-satellite missile attack on a U.S. satellite is possible, it would provide direct attribution to the attacker, thus leading to repercussions.

The thruster and the heat from a missile would be identified and attributed to the country or vessel that launched the attack. A direct kinetic attack might be inviting, but the political price is high. Even though it would be inviting to attack satellites, an adversary would not be able to attack without leaving a trace of tangible evidence. Using an ASAT missile is a grave act of war and can only reasonably be used if the perpetrator anticipates and accepts a wartime response.

For a potential adversary, it can be far more advantageous to increase the amount of debris that clutters specific orbits, thus epitomizing the indirect attack. Increasing debris can be accomplished through actively adding debris to specific well-targeted orbits, systematic designer accidents or collisions in space.

(I initially published this text in Fifth Domain)

Any future nation-state adversary surely understands the U.S. reliance on satellite communications for global military operations. Therefore, they likely understand there is a crude and unsophisticated way to disturb and degrade satellite communication, an IED of outer space that can be introduced, by polluting orbits with shrapnel and debris that are likely to damage any space-borne assets in their way.

Essentially, an adversary can choose between two types of noncyber anti-satellite attacks: direct kinetic and indirect kinetic. While a direct kinetic anti-satellite missile attack on a U.S. satellite is possible, it would provide direct attribution to the attacker, thus leading to repercussions.

The thruster and the heat from a missile would be identified and attributed to the country or vessel that launched the attack. A direct kinetic attack might be inviting, but the political price is high. Even though it would be inviting to attack satellites, an adversary would not be able to attack without leaving a trace of tangible evidence. Using an ASAT missile is a grave act of war and can only reasonably be used if the perpetrator anticipates and accepts a wartime response.

For a potential adversary, it can be far more advantageous to increase the amount of debris that clutters specific orbits, thus epitomizing the indirect attack. Increasing debris can be accomplished through actively adding debris to specific well-targeted orbits, systematic designer accidents or collisions in space.

During the 18th century and until the Second World War, artillery units had a special round to be used if enemy infantry came uncomfortably close to the battery position: the case shot. The battery aimed toward the closing infantry and fired the case shots, which dispersed thousands of steel balls that created massive losses in the infantry ranks. Whether those steel balls hit an arm, a leg, the torso, or a hand did not matter; the infantry assault against the battery position lost momentum and ended.

By applying the case shot idea to space, we can see an unsophisticated way to radically increase debris by using space boosters to reach lower Earth orbit (LEO) and then using kinetic energy to disperse hundreds of thousands of shrapnel into a segment of space. Any obsolete or crude missile — exemplified by the Iranian Shahab or the North Korean Taepodong — could act as a space booster to take the payload to space. A salvo of 20 such crude space boosters delivering a significant amount of prefragmented shrapnel could radically increase the amount of hypervelocity debris.

The probability for collision in space between a functional satellite and debris is a numbers game. Reduced to a simplified example, if the presence of 5,000 debris pieces at a specific altitude generates a risk of one satellite hit every 10 years — not taking into account additional debris generated from the impact — an additional 100,000 debris pieces would increase that risk drastically.

To illustrate the principle, 20 space boosters can lift 30 metric tons of payload to LEO — roughly 300,000 10g steel balls — that would be spread at hypervelocity into the satellite orbits. The attack is kinetic but indirect, as the target satellites are not individually targeted but are instead approached by a swarm of hypervelocity debris that impacts the target satellites either by penetration or by destroying antennas, solar panels or other equipment. This impact would initially generate more debris, although orbital decay would counterbalance some of it by moving it to a lower altitude; eventually, it would disappear from space. It would serve as anti-access and area denial for defined space orbits, depending on the orbit, for a calculable amount of time.

Either a direct or indirect kinetic attack would be an act of war and provide the necessary attribution to give the United States casus belli approved by at least a part of the international community. First, both the direct and indirect kinetic attack would be attributable to the nation that launched the attack, and observations from space-borne monitoring satellites would be accurate enough to give the United States a solid case.

Second, creating unprecedented amounts of space debris would not only be hazardous to U.S. satellites, but also to those of other major powers. If rogue nation X launches an indirect kinetic attack, it could affect Russia, Europe, China, India, Pakistan and other nations’ satellites. Depending on the dispersing of these debris objects, damage could be limited to small areas of space, but it would still be a space territory not used solely by the United States. A future adversary will have to weigh the benefit against the geopolitical risk of collateral damage to friendly nations.

If the future adversary is ready to take the risk of collateral damage, it is likely within their reach to disrupt and degrade the satellites in targeted orbits or with reachable means, preventing the U.S. utilization of space terrain by using orbit pollution as area denial.

Jan Kallberg is a research scientist at the Army Cyber Institute at West Point and an assistant professor in the department of social sciences at the United States Military Academy. The views expressed are those of the author and do not reflect the official policy or position of the Army Cyber Institute at West Point, the United States Military Academy or the Department of Defense.