Gauging the Impact of Satellite & Space Systems on Critical Infrastructure[CI]: Risk Management is Neither an Enigma nor a Mystery for CI Systems Security

1 Critical Infrastructure [CI] as We Know It

For well over 20 years we have consistently recognized the existence of critical infrastructures which undergird our nation, its security, its economy and overall operational integrity. The variety and number of Critical Infrastructures [CI] is significant and subject to modification and expansion based on an objective assessment by national governments of those essential systems which sustain the national security, societal stability and economic wellbeing [such as clean water and reliable energy] of the nation safeguarding its cohesion and daily operation. Simply put, most modern and advanced societies in the 21st century would collapse and fail without reliable CI. Total failure of key CI systems spells doom for any nation unable to safeguard or protect these systems from expected threats and risks. This requires a full scope and comprehensive assessment of earth based risks as well as space based threats.

The original list of critical infrastructures outlined in 6 USC 671 in 2002 by language contained in the ‘Critical Infrastructure Protection Act’ includes a vague reference to “… any component or bureau of a covered Federal agency that has been designated by the President or any agency head to receive critical infrastructure information…” [PL 107–296]. Today the broad term symbolizes distinct areas of activity, enterprise and industrial operations which support and guarantee everyday life in the nation. For example, critical infrastructures [CI] encompass energy systems, water and wastewater systems, agriculture and food supply systems and telecommunications to identify just a few. Moreover, it has been clearly established an emphasized that these critical infrastructures are essential to both national and homeland security despite ample evidence that the sheer reliability, performance, operational demands and risks for each system is distinct in many case while uniformly vulnerable in others.

We also know that when major infrastructures such as energy, water, food and telecommunications fail there is no simple pathway to restoration and recovery of these critical systems. The delicate and complex array of steps and measures invoked by government and the private sector is seldom explored, discussed or exercised especially in major regional system breakdowns affecting multiple states.

2 Risk Management—Neither an Enigma nor a Mystery

Conventional risk management includes distinct phases such as identification, analysis, assessment, mitigation and monitoring and that seems well enough when it comes to systems and functions under the custodianship of government where daily oversight and operations dictate how municipal and state equipment and machines normally operate. But what about the vast number and variety of infrastructure systems owned and operated by the private sector? Water, food, energy, communications, transportation, banking, and cyber enabled commercial enterprises are well known infrastructures that dwell outside the normal ambit of government control. They critically depend on competent, skilled, experienced managers and workers to carry the everyday burdens of risk management for their systems even though disaster scenarios where those systems fail or collapse always generate massive public sector emergency management problems which quickly arise on the doorsteps of governments to fix.

We understand that enigmas are generally understood to be obscure and puzzling with hidden meaning such as explaining the Egyptian Sphinx or the unexplainable disappearance of dinosaurs. Mysteries are often shrouded in secret, ambiguously concealed and poorly understood such as the lost city of Atlantis and the dark side of the Moon. In emergency management when dealing with infrastructure the risk management challenge often places government leaders in a precarious relationship with the wardens of major infrastructures—there is a rueful tradeoff involved. The very idea of an insoluble crisis or an emergency which defies remedial management is not in the conventional lexicon. Saying it, or having it summarized in an EOP, is one thing but actually doing it effectively and successfully quite another. In simple terms government must trust the private sector to sustain safe and reliable operation of critical infrastructures while government leaders are expected to retain a standby contingent capability to protect the general public from worst case harm and ill effects when that infrastructure fails or indefinitely suspends its reliable operation. Far from an enigma or a mystery this inherent mutual obligation is presumed paramount in the public mind—rightly or wrongly—to be ironclad, sacrosanct and undisputed.

In effect, the task of risk management, and the implied duty to keep the innocent and often disinterested general citizenry out of harms way in mega-disasters when large infrastructures fail or collapse in catastrophic scenarios, rests with the combined leadership of the private and government sectors. Of course there must also be provision for allowing emergency support in extremis rendered by the national guard and ultimately by federal intervention. In the case of infrastructures sensitive to and dependent on space platforms and satellite systems the formula is very similar. Risk management is whatever gets done each day to prevent, forestall or mitigate system calamity. The public is an unwitting victim when infrastructures fail or collapse and their survival alternatives for sustainment are minimal to nonexistent. What that means is that leaders in government and commercial industry must absorb the additional set of risks arising from infrastructures whose safe and secure operation is tethered to a satellite or space platform. Often these risks are not enumerated, depicted or exercised in emergency plans at all. Worse, the most fundamental infrastructures available which underpin societal stability and cohesive community security – namely energy, food, water, transport, public safety and health services – are largely vulnerable to a variety of externally based threats. Often today's emergency exercises do not stress and challenge government and private sector operators with sufficiently complex and comprehensive exercises which test anomalous disruptions, surprise stoppages, and hostile interference in infrastructure operations. This means that differential aspects of infrastructure emergencies – i.e. restart, interim restoration and full systems recovery – are seldom examined. The net result is that prolonged and damaging infrastructure emergencies which negate infrastructure reliability for many weeks or months remains an unknown.

3 Connecting CI with Space Platforms and Satellites

Given the reality that space warfare itself must be a part of any risk or threat assessment posing unique challenges to emergency managers and homeland security professionals worried about terrorism and WMD threats, the key issue requires making a conceptual and technological connection between CI and relevant space systems. It is fundamental to grasp that this tenuous connection poses risks, threats and hazards apart from natural disasters, terrorism or cyber attack. Adding serious consideration to security and related measures to guarantee both reliable CI operations in an environment of real world conflict and war as well as opportunistic clandestine and covert intrusions on CI integrity is essential.

Better understanding of how space platforms and satellite systems play a major role in the daily operational reliability and crisis impact on critical infrastructures is vital. These extraterrestrial platforms may retain the potential to nullify and adversely affect the normal operations of many CI systems. It is vital to recognize that space based systems and platforms retain their own inherent vulnerabilities apart from the supporting role these orbital systems play in sustaining ground level CI systems. Exploiting space platforms as legitimate targets themselves, when combined with their pivotal role in sustaining certain CI systems, means the layers of security must envelop both aspects. Understanding this emerging security risk and enduring challenge will tax the national and homeland security enterprise in ways both anticipated and unexpected. Grasping the special risks arising from cyber intrusions on space systems and their operational integrity and overall management merits a closer look. With many of our CI systems linked to space platforms and satellites we must reckon with additional vulnerabilities for such systems apart from ASAT [anti satellite weapons], directed energy systems, particle beam weapons and lasers to name a few. The links are often not well understood or ignored.

Space systems are usually divided into several technological and operational segments, which are responsible for different functions and components all vulnerable to cyber intrusion to some degree. Together Ground Stations, Mission Control Centers, Ground Networks, Remote Infrastructure, and Launch Facilities work together to enable management of spacecraft, payload data, and telemetry. Most often exposed to different cyber threats are the ground segment, the space segment, and the link segment. Each segment presents its own unique vestiges of cyber risk and vulnerability.^[1]

The ground segment consists of all the ground elements of space systems and allows command, control and management of the satellite itself and the data arriving from the payload and delivered to the users. Commercial and military aspects of satellites and their importance to national security render them prime targets for hostile takeover, disruption and shutdown aside from natural disasters [solar storms] or cyber criminality. Most cyberattacks on the ground segment exploit web vulnerabilities and allow the attacker to lure ground station personnel to download malwares and Trojans to ground stations’ computers. Infiltrating the ground station’s network can allow the attackers to access the satellite itself. Hostile access could enable the attacker to execute a Denial of Service (DoS) attack and may involve taking over Industrial Control Systems (ICS) in order to control the satellite and damage it.

The space segment consists of the satellites themselves. Major security gaps within satellites’ architecture exist in both old and new satellites. Old satellites with life spans of decades were built with no awareness for cyber security; today, small satellites manufacturers tend to prioritize fast and cheap production, in which the investment in cyber security is perceived as a hurdle. Cyber threats to space segments usually derive from vulnerabilities in ground stations, in network components, and in the receivers which receive the data from the satellite, thus allowing the attacker to infiltrate to the network and remain undetected. Another threat may involve the introduction of a malware into the satellite’s hardware in the supply chain, in order to compromise ground units at a later stage. Consequences of cyberattacks on satellites could also be aggravated due to the rising connection and use of Internet of Things (IoT) devices. An attack on a communication satellite could cause wide disruptions to communication channels across countries, cause panic, and endanger national security.

The link segment consists of the signal transmission between the satellite and the ground station, as well as between satellites. The most common threat is GPS jamming. As GPS systems rely on radio signals sent from the satellite in order to determine the location of the users, GPS jammers send signals over the same frequency as the GPS device, in order to override or distort the GPS satellite signals. GPS jammers are widely accessible and cheap to purchase, rendering them available also to poorer state-actors. In GPS systems there are profound risks of spoofing and sending false coordinates to users. While some experts define jamming and spoofing as physical threats as they involve disrupting or tampering with frequency signaling, an attacker could also intercept unencrypted satellite traffic.^[2]

4 [CI] Viewed as an Achilles Heel for Emergency Management & Homeland Security

The Department of Homeland Security has defined, categorized and described what critical infrastructure [CI] means and includes a list of essential systems as of 2022 in various official documents including the National Infrastructure Protection Plan [NIPP]. What is just as important is the list of current, as well as potentially relevant other critical infrastructures, which provide the secure operational backbone of our nation’s economy, societal wellbeing and security. Since the 9–11 attacks each of the enumerated CI systems have been studied and evaluated to discern their fundamental operational requirements, system strengths, vulnerabilities, maintenance issues and security aspects. Each distinct CI system is reviewed and administered via the Department of Homeland Security [DHS] where serious attention is paid to significant operational and security issues. For example, via the National Critical Infrastructure Prioritization Program, the DHS oversight agency known as the Cybersecurity and Infrastructure Security Agency (CISA) is required to identify a list of CI systems and assets that, if destroyed or disrupted, would cause national or regional catastrophic effects. Disrupted CI in a complex catastrophic scenario where multiple infrastructures are impaired remains a conundrum. We dimly grasp the reality that ‘incident management’ is not the same as emergency management where the intricate steps and mechanics differ enough that the orchestration of key tasks involved is misunderstood. Ironically, even the well known ESF tasks outlined for various federal agencies over the decades in FEMA and DHS doctrine don’t cleanly delineate the distinction.

Back in 2007, for example, GAO found that certain CI control systems faced increasing risks due to cyber threats, system vulnerabilities, and the serious potential impact of attacks as demonstrated by reported incidents. Threats can be intentional or unintentional, targeted or nontargeted, and can come from a variety of sources. Control systems are more vulnerable to cyber attacks than in the past for several reasons, including their increased connectivity to other systems and the Internet. Further, as demonstrated by past attacks and incidents involving control systems, the impact on a critical infrastructure could be substantial. Control systems—computer-based systems [such as SCADA-Supervisory Control and Data Acquisition] that monitor and control sensitive processes—perform vital safety and operational reliability functions can be found in many of our nation’s critical infrastructures such as electric power generation, transmission, and distribution; oil and gas refining; and water treatment and distribution. The disruption of control systems could have a significant impact on public health and safety, which makes securing them a national priority. Subsequent studies and objective evaluations have identified other similar issues.^[3]

CI systems have been known to be sensitive to solar storms, targeted terror attacks, and EMP explosions in addition to their cyber weaknesses. A recent 2022 GAO report notes that CI managers and stakeholders identified cyberattacks as among the most prevalent threats they faced but said that the program’s list was not reflective of this threat. Further, according to CISA data, since fiscal year 2017, no more than 14 states (of 56 states and territories) provided updates to the program in any given fiscal year. Ensuring that its process for determining priorities reflects current threats, such as cyberattacks, and incorporates input from additional states would give CISA greater assurance that it and stakeholders are focused on the highest priorities. Here, with high emphasis on protecting various CI systems against cyberattack, EMP or terrorist intrusion GAO found three major sectors had adopted cyber defense strategies while others were mired in various stages of adoption or implementation. Cyber intrusion remains a significant gateway to adversely influence space and satellite operations. The chart below illustrates one dimension of the cyber risk issue as GAO depicted it.^[4]

5 Status of Cyber Security Framework Adoption by Critical Infrastructure Sector

According to CISA officials, a National Critical Functions framework established in 2020 was intended to better assess how failures in key systems, assets, components, and technologies may cascade across the 16 critical infrastructure sectors. Examples of critical functions are shown below in CISA’s four broad categories of “connect” (nine of the 55 functions), “distribute” (nine), “manage” (24), and “supply” (13). Cascading systems failures and disruptions are especially significant from the standpoint of ensuring continued reliable and secure operations and the inherent risks that system collapse in one area triggers failure to other CI systems. Cascading collapse or failure in one CI system can adversely affect others. Traditionally, this cascading risk has most often been assigned to the energy grid. This chart illustrates the CISA scheme for arraying National Critical Functions.^[5]

CISA is currently carrying out a process to break down each of the 55 national critical functions (such as “supply water”) into systems (such as “public water systems”) and assets (including infrastructure such as “water treatment plants”). In addition, the cascading shutdown dynamic which refers to energy loss triggering other dependent CI systems failing cannot be overlooked. This is a long, complex analytical process but includes consideration of selected factors deemed to place earth based CI systems at greatest risk. Most of these risk and threat factors have long been recognized by DHS and other homeland security leaders. These include, for example, a litany of threats equally disruptive and damaging such as

1. Solar storms and geomagnetic waves [errant asteroids]

2. Electromagnetic Pulse [EMP] weapons

3. Terrorist attacks [physical or cyber]

4. Insider threats/sabotage [criminal activity]

Now another factor must acquire and sustain our attention and we must consider adding another potential threat to normal CI operations beyond that short list. That would include the emergence of sophisticated space-based weapons platforms which, depending on their inherent capabilities, could cripple or destroy selected CI systems. This would include space platform failures to protect friendly CI systems as well as hostile space based attacks on CI. This would include space system failures, disrupted links between satellites and infrastructure and periodic gaps in connectivity between ground based infrastructures and their space based cooperative systems. Before outlining these space based threats a routine inventory of CI systems is needed first.

We know every well that DHS has identified 16 CI systems which, as of 2021, CISA and DHS regard as bedrock value to homeland security. These major systems include [1]-Chemical/Petrochemical and Natural Gas Processing Facilities; [2]-Energy systems and Energy producing organizations; [3]-Nuclear Reactors/Nuclear Waste management; [4]-Commercial/Business organizations and corporate enterprises; [5]-Public Telecommunications/Internet Management/Voice-Phone-Data; and [6]-Agriculture and food supply; and [7]-Public Health and the-Emergency Services Sector. There are many others but the ones mentioned symbolize the ‘show stopper’ impact of system failure, disruption and collapse on victimized societies. Worse, many of these systems are subject to cascading failure and their indirect impact on other vulnerable infrastructures is not well grasped. Most often in complex crisis scenarios there is no standby alternative available and whole segments of society are plunged immediately into 19th century crisis environments when these major systems stop working.

Each distinct infrastructural system has its own functional characteristics, operational norms, requisite technological and resource requirements which raise issues of security, vulnerability and assured stability of continued performance in normal situations. Worse, those systems which are reliant on dependable energy sources and uninterrupted cyber and information/telecommunications technologies are most likely to require more robust and redundant security safeguards than other CI elements because they undergird and support the others. For example, the safety, security and operational control systems which support and manage the daily activities of chemical plants rely heavily on reliable electric power and related energy sources to maintain the integrity of their various programs and safety functions. For example, just one small aspect of this CI system where safe and secure storage of finished and unblended chemicals enables the chemical industry to perform its ordinary work cannot ever be put in extended jeopardy where energy is absent. It is necessary to forestall calamitous explosions and disasters. Likewise, purification of water supplies and generating potable drinking water is distributed among over 2500 organizations operating under various conditions of ambiguous accountability. Cyber and satellite sensors and monitors help maintain levels of water quality and reliability but are too often taken for granted.

6 Energy Reliance and Cyber Backbones Keep CI Operational

So one paramount security issue to ensure the smooth and reliable functioning of CI systems is their ultimate reliance on energy regardless of threat, disruption or extended crisis. External threats to that energy source where sporadic or reduced energy loads, or indefinitely canceled energy supplies, jeopardize continued operations indicates a prime area where special protective measures, security system safeguards and threat nullification measures are needed. In many cases these adaptive security safeguards must be devised, engineered and developed to fit the unique operational requirements of the specific CI system needing an upgrade.

CI systems reliant on consistently reliable cyber connectivity must also be considered. Earlier in 2022 Congress passed the Cyber Incident Reporting for Critical Infrastructures Act [CIRCIA] which marks an important milestone in improving America’s cybersecurity. While law does not eliminate all cyber risks and concerns it recognizes in our modern complex society is the ever present risk of cyber warfare designed to disable and weaken an adversary prior t an all out attack. The primary worry in a surprise cyber attack is that there will be collateral damage to the critical infrastructure of allied and friendly countries not directly involved in the current conflict. Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure. As such, these CI systems are open to a new wave of covert cyberattacks many of which are largely undetectable or preventable. The continuing conundrum of designing effective cyber deterrent measures and technologies against future cyber threats further complicates this risk terrain and makes estimations of evolving jeopardy to our own vulnerable cyber systems where AI and quantum may be involved is very serious.

While many businesses have ramped up their security initiatives and investments to defend and protect their own commercial interests, their efforts involving security upgrades and protective measures have been piecemeal, reactive, limited and lack uniform business context across all enterprises large and small. Further the digitalization of critical infrastructure, coupled with increased dependence on third parties, has made it vulnerable to ongoing cyberattacks across multiple vectors in a global network of shared communications. Supply chain attacks are becoming increasingly commonplace with several critical infrastructure businesses being compromised as collateral damage is inflicted or they become crippled by targeted ransomeware attacks. These companies in various sizes now must monitor and manage: employee workforce risk, third, fourth, criminal dark web intruders and other parties (not just their vendors, but their partners and suppliers’ networks, too), where the native technology stack, compliance and regulatory frameworks, including internal policies and processes may be flawed or porous.

Vulnerabilities to cyber intrusion are several and experts agree those CI systems most at risk include energy, water, food supply, transportation, finance and healthcare systems that are needed every day for national survival. Safeguarding these interconnected systems from criminal, terrorist, enemy nation cyber disruption is one thing but ensuring stable operations after a massive natural disaster or the collapse of aged and obsolete systems quite another. Nevertheless it is crucial to assure national and homeland security can safeguard these fragile systems against a daily onslaught of cyber probes and threats. The ability to disable and deny access to any of these resources is a massive threat to any country’s economy and its continued security and stability. Worse, cyber intrusions open the door to an attacker gaining control over space systems and networks, which could have devastating consequences.

Again, the energy grid in particular has often exhibited a frailty owing to risks of external cyber intrusion and influence. Fundamentally the energy grid, and all the other related CI systems which it supports, is the prime CI concern to achieve the highest reliability assurance possible against disruption, breakdown and system loss. The energy grid is complex and diversified reflecting variety of designated zones for daily service. Extra high voltage (EHV) transformers are critical components of our nation’s backbone transmission grid. Approximately 90 percent of consumed power flows through the transmission grid and through such a transformer. These EHV transformers are very large, challenging to transport, and often have lengthy procurement times of one year or greater. There integral subcomponents include: circuit breakers; isolators; – instrument transformers; surge arresters; neutral-earthing reactors; current-limiting reactors; shunt reactors and capacitor banks all of them vital to secure continuous operations involving many EHV substations which may have several configurations (topologies), depending on continuity requirements, as well as the reliability and the quality of power supply itself.^[6]

In addition to federally sponsored efforts many State and local entities have taken the initiative towards proactively assessing, prioritizing, and managing threats. Resources and options for investing incremental budget increases among all CI sectors is always constrained by shifting priorities. Both public and private sector organizations can share information and cyber defense best practices in critical infrastructure communities of interest, such as CISA’s Information Sharing and Analysis Centers. There are also many popular commercially backed exchanges where information can be shared specific to critical infrastructure threats. Cyber risk quantification, backed by sound data science principles, has a unique opportunity to help mitigate and solve this challenge. Two key steps involve information and technology management best practices, to include network segmentation, multi factor authentication, network access control, etc. Organizations also need to implement quantitative risk management, ensuring they are able to properly assess, prioritize, and manage their relative cybersecurity risks.^[7]

(CISA) conducts specialized but voluntary security and resilience assessments on the CI systems to assist CISA and its federal, state, local partners—and private industry—to better understand and manage disruptive CI risks. The assessments examine infrastructure vulnerabilities, interdependencies, capability gaps, and the consequences of their disruption. Vulnerability assessments, combined with infrastructure planning resources developed through the CISA sponsored Infrastructure Development and Recovery program forms an integrated planning and assessment capability. This suite of capabilities, methods, and tools support the efficient and effective use of resources to enhance critical infrastructure resilience to all hazards. However, because most U.S. critical infrastructure is privately owned, the effectiveness of CISA assessments depends upon the voluntary collaboration of private sector owners and operators. CISA’s Protective Security Advisors (PSAs) work collaboratively to foster and facilitate technical assistance to buttress of the security and resilience of the Nation’s critical infrastructure. Assessments are offered through the PSAs at the request of critical infrastructure owners and operators and other state, local, tribal, and territorial officials. The question is—what else about CI systems interacting with space based platforms signals a security concern? Do we comprehend its scale?

7 Understanding the Scope of Cyber/Satellite Risk for Critical Infrastructure

Several CI systems exhibit a degree of vulnerability to cyber/space systems intrusion and disruption. For example, nuclear plants are composed of an impressive number of components such as SCADA/ICS, sensors and legacy systems that could be hit by a hacker. The most popular case of a cyber-attack was against a nuclear plant launched in 2010. Known as Stuxnet the attack involved malware developed by experts from the US and Israel with the intent of destroying or disabling the Iranian nuclear program. Hackers hit the plant of Natanz in Iran in 2010 interfering with the nuclear program of the Government of Teheran. The Stuxnet targeted a grid of 984 converters and was designed with a number of features that allowed it to evade detection; its source code was digitally signed, and the malware uses a man-in-the-middle attack to fool the operators into thinking everything is normal. Stuxnet proves it is possible to use a malicious code to destroy operations at a nuclear plant. Experts and authorities confirm a continued risk of future cyber attacks exists, also involving satellite systems which can enable such attacks, against Nuclear plants. [“A Technical Analysis of What Stuxnet’s Creators Tried to Achieve” Ralph Langner//Langner Group, November 2013].

We must be aware of targeted disruptions to space platforms by hostile states and natural solar based electromagnetic waves which can thwart or destabilize selected satellites. Other CI systems are also clearly at risk as long as cyber avenues to their disruption are real and ever present. In contrast to nuclear plants, the idea that reliable access to water, especially the clean, drinkable kind, has become yet another CI battlefield. Security experts have noted that many national and local water and wastewater systems are extremely vulnerable to attacks by cyber criminals. In 2020, an unknown hacker or group of hackers was able to gain access to the operations technology (OT) system of a water treatment plant in Oldsmar, Florida attempting to poison the water supply by increasing the amount of sodium hydroxide, also known as lye, in the water from 100 parts per million to 11,100 parts per million. The attempt was thwarted by an operator who was able to reverse the change to the settings, before the toxic levels of the chemical reached the water. In June 2021 NBC News claimed that a hacker attempted to poison a water treatment plant that served parts of the San Francisco Bay Area a few months earlier.^[8]

Finally, another example in 2022 recently arising in Germany dealt with wind turbine operators reporting a fault in the satellite connection of their systems saying the remote monitoring and control of thousands of wind turbines had failed. German wind turbine operators first reported the remote monitoring and control of thousands of wind turbines had failed due to suspected collateral damage from a Russian cyber attack on a primarily military target in connection with its invasion of Ukraine. Wind turbines in areas without mobile network coverage use satellite-supported communication for control and remote monitoring.^[9]

8 Grasping Space Systems and Platforms as Our Newest Critical Infrastructure

There is both a national and international dimension to this problem. During a 2022 Satellite conference, in Europe guest speaker Peter Hoene president and CEO of SES Government Solutions, a telecommunications services provider from Luxembourg said ‘…we are facing incredible threats from space based systems’. Space systems are also vulnerable to signal jamming, laser dazzling—which blinds remote sensing satellites—and cyberattacks, both in space and directed toward ground systems.^[10]

Speaker Sam Costak, the national counterintelligence officer for space at the Office of the Director of National Intelligence said at the conference “While space is not designated technically as critical infrastructure, I think we can all agree that all of the critical infrastructure sectors rely on space…and the commercial space industry is just continuing to grow beyond what anybody ever thought would happen,” Commercial space system providers must be factored into the conversations because despite military systems used for surveillance, reconnaissance and communication the Pentagon uses less than 15% of the space assets orbiting our planet. Private sector space companies are looking to invest in more space systems if the Pentagon can provide leasing and security assurances. Costak also said, “…the government is currently taking steps to add space to its critical infrastructure list.” Back in May 2021, CISA formed the space systems critical infrastructure working group, designed to function as “a mix of government and industry members that will identify and develop strategies to minimize risks to space systems that support the nation’s critical infrastructure.”¹⁰

In addition, a white paper released in 2021 by the Intelligence and National Security Alliance (INSA) calls for the formal designation of U.S. space systems as a new sector of U.S. critical infrastructure. Developed by INSA’s Cyber Council, the paper, Designating the U.S. Space Sector as Critical Infrastructure , notes that space systems have become vital to U.S. national and economic security even though space-related assets were not considered as one of 16 critical infrastructure sectors designated by the 2013 Presidential Policy Directive on Critical Infrastructure Security and Resilience (PPD-21). Space assets are now integrated into almost all essential sectors and functions, including defense, agriculture, transportation, energy, and telecommunications. Designating the space sector as critical infrastructure, the paper asserts, would enhance the resiliency of space-related assets and thereby make these other critical infrastructure sectors more secure. “Space-related capabilities have become essential to both national security and economic security, yet countries like Russia and China – which have advanced offensive cyber capabilities and anti-satellite weapons – have the potential to take them offline,” said Larry Hanauer, INSA’s Vice President for Policy. “Designating the space sector as part of the nation’s critical infrastructure would make it easier for government organizations, the military, and commercial space companies to share information on threats and vulnerabilities and thereby enhance the space sector’s resilience.”^[11]

The space sector includes mission control, launch facilities, more than 6500 satellites currently in orbit, [some active and some not] deployed by a wide range of companies and universities engaged in advanced research & development and technology deployment. Some experts predict the space industry will reach almost $1.5 trillion in value by end of 2030. Designating the space sector as the United States’ newest critical infrastructure sector would clarify government agencies’ roles and responsibilities in protecting it and make clear to U.S. adversaries that the United States is committed to defending its space infrastructure, contribute to the establishment of global norms regarding the safety and security of space systems, and accelerate development of best practices and technologies for ensuring cybersecurity and resilience of space.¹¹

When CISA established the Space Systems Critical Infrastructure Working Group [SSCIWG] in 2021 CISA’s acting director Brandon Wales remarked, “The critical infrastructure on which the United States depends relies heavily on space systems. Increasing the security and resilience of space systems is essential to supporting the American people, economy, and homeland security. Secure and resilient space-based assets are critical to our economy, prosperity, and our national security,” He also said, “This cross sector working group will lay the foundation for our collective defense against the threats we face today and in the future.” noting, “this working group will serve as an important mechanism to improve the security and resilience of commercial space systems. It will identify and offer solutions to areas that need improvement in both the government and private sectors and will develop recommendations to effectively manage risk to space based assets and critical functions.” ^[12]

Further at a conference in October, 2021, an experts panel discussed the need to consider space systems as part of our nation’s critical infrastructure due to its unique technologies and capabilities combined with its interdependence with other critical infrastructure sectors. Dawn Beyer, senior fellow at Lockheed Martin, was quoted saying “We’re still debating whether space is critical infrastructure, meanwhile of all the domains, space is the furthest behind when it comes to cybersecurity.” Samuel Visner, technical fellow at MITRE and member of the ISAC board of directors, noted that “Our adversaries see space as critical to their national interest, they see space as critical to our national interest, and frankly I think they see it as a vulnerability to our national interest that they can exploit.”^[13]

Recognizing the value of supporting and reinforcing space based systems which undergird CI systems is important however, beyond that fact is the issue of increasing dependency of CI systems on space platforms and the extent to which those platforms can be arrayed to target and disable ground based CI systems is much less well known. We know that attacks from cyber-space can be as harmful to spacecraft, and to their ground-based data and support systems, as radiation belts and temperature extremes have always been. To the extent that certain space systems and platforms are the targets of disruptive cyber attacks reinforces the notion that CI systems are also in some indirect jeopardy from those cyber probes. The Director of National Intelligence wrote in 2014 about space based threats saying: “Threats to US space services will increase during 2014 and the decade beyond as potential adversaries pursue disruptive and destructive counterspace capabilities”.^[14]

The key issue of satellite controls raises three risks that must be mitigated: (1) the potential for an adversary to remotely introduce a false satellite command; and (2) the potential for an adversary to prevent the satellite operator from transmitting daily commands or receive telemetry from the satellite; and (3) an adversary could wrest hostile extended control of satellite systems from their owner/operators using cyber or related interventions. “Unfortunately, specific, detailed, information about particular incidents are hard to find in the open literature including-details describing the exact commands issued by the adversary, or the various avenues of cyber access to the space system environment at the time of the attack. Worse, limited post incident forensics often make it extremely difficult for defenders to construct a viable defense for their own space systems. Regrettably, asserting that existing controls will protect against current and future risks, or that all vulnerabilities have been remedied is sometimes accepted without reasonable supporting data. Worse, it is accepted where the lack of data is used as proof. It is important to note that as the cyber-threat environment changes, cyber defenses need to be implemented or adapted to keep pace. This can only get more complicated with the onset of quantum computers and their unhackable attributes. Cyber-attackers of today and tomorrow are malicious, persistent, and evolve their attacks over time. By contrast, radiation doesn’t change the way it attacks materials after you’ve chosen your shielding. Continual study of changing adversarial actions with respect to the operational needs of a mission is an important process that must supplement the more static failure model approaches currently prevalent in mission design.¹⁴

Cyber Defense architectures, designs, and mitigation strategies must be evaluated against a range of conditions that reflect the existing and expected threat environment and cannot be static or adopt the ‘one size fits all’ philosophy. There is also the ever present threat to space platforms and systems from EW [electronic warfare] technologies. This would include identification, interception and characterization [friend or foe analysis] of deliberate or unintended electronic warfare signals and pulses. These EW considerations would also include aspects of false targeting, uplink or downlink interference, phantom or duplicate target generation, faux surveillance, degrading radiation and signal jamming. EW spoofing attacks launched via cyber mechanisms can cause GPS receivers to provide the wrong information about satellite position, time and signal coordinates. Mitigation and defense measures can include masking, hardening and engineered deterrence subsystems.

Whatever verification activity is adopted it must cover at least these attributes: [1] Range of conditions (not just single or “best case” points); [2] Observable behaviors; [3] Comparable observations; [4] Repeatable tests; and [5] worst case scenarios. Test demonstrations must raise awareness that existing fault containment zones were inadequate in providing protections, contained gaps, or did not operate as originally intended. Tests must be robust enough to reveal a potential security breach or an exploitable weakness in a given system. Hopefully, these tests will help identify where in the systems testing and demonstration phases that existing security controls had gaps in their coverage. This is technically tough but not impossible and consideration of using red team penetration exercises to identify and root out weaknesses ought be considered. Will government and private sector managers of infrastructural integrity and assured operations test and stress these systems to ramp up their resilience? Do we even know what the criteria for satellite and infrastructure resilience is—or ought to be? Have we routinely exercised what resilience against a variety of infrastructure risk scenarios looks like? Sadly this appears unlikely.

9 Looking Ahead at CI and the Agenda for Satellite Risks and Emergency Management

Satellite ground technology is also advancing with more innovation and scalability, as it looks to leverage virtualization, orchestration and network splicing to support 5G connectivity. Software-defined satellites that can be reprogrammed to move capacity based on market demands create additional problems. With many new 5G and IoT applications these connections open up potential doors for hackers making satellites the new gateway. This jacks up the requirement for smarter satellite security and protection from hackers. There was a time when satellites seemed almost untouchable, but today’s hackers can purchase and operate the right equipment such as an antenna at a satellite and send communication to it and influence its normal operations.

Security is the most significant area of technical concern for most organizations deploying IoT systems and now 5G networks, with multiple devices connected across networks, platforms and devices. This is also true for satellite, given the size and scope, as well as the number of earth station access points. The rise in IoT means if one single device isn’t encrypted or the communication isn’t protected, a bad actor can manipulate it and potentially a whole network of connected devices. It isn’t just the devices themselves that need to be protected, but it is also every stage of data transmission too.

A key first step is for organizations to understand the vulnerabilities they have and how they can be exploited such as legacy satellite communications that are not easily updated. Significant testing must be completed to ensure upgrades for communication with next-generation platforms will not interfere or impact other key system functions. Weak encryption and old IT equipment are key vulnerabilities for satellite networks, which are a prime target for hackers to exploit. So for over 1500 satellites in orbit today encryption and other network security measures are essential and enable communications to be authenticated at every stage of data transmission between earth-bound devices and satellites. For authentication to work as designed enabling devices must meet compliance requirements at the networking level to safeguard data when traveling across the satellite ecosystem.

Space technology and services represent a major component of advanced societies and their inherent infrastructure. At the same time, space technologies and services lay in the vastly unsettled area of legislative and institutional measures, leading to a growing ambiguity among professional community, reunited under the concept of “space traffic management” (STM). STM seeks to address the tension between governmental and private initiatives related to the management and the coordination for space traffic, in short, reconciling the problem of space weather phenomena, space debris and near-Earth objects along with projected future launches. At the same time, STM analysis also takes into account the development of anti-satellite weapons and other forms of space warfare.

//[Critical Infrastructure: Space Security and Cybersecurity Intersect//May 8, 2020//By Diane M. Janosek Capitol Tech Univ] and also CRITICAL INFRASTRUCTURE DEPENDENCY ON SPACE SYSTEMS. https:// www.researchgate.net/publication/304454658_April 11, 2020].

The Joint Chiefs of Staff, according to the NIPP [National Infrastructure Protection Plan] report, has warned that space conflict “will be intense, highlighted by satellites maneuvering to hinder the operation of other satellites, co-orbital jamming, and the use of ground-based lasers to dazzle or destroy imaging sensors.” Space attacks will include the use of anti-satellite (ASAT) weapons launched from the ground and orbiting weaponized satellites that could create large debris fields and possibly produce a chain reaction that would destroy other orbiting systems. Electronic jammers and dazzlers will be used to disrupt or impede the functioning of key satellites, such as GPS navigation and communications systems. Electronic jamming, uplink and downlink attacks, spoofing, directed energy, lasers.^[15]

Consideration of various space systems and platforms includes reckoning with orbiting systems which have been in their respective paths for some years as well as likely newcomers to the crowded zones and operational areas where emerging space weapons threats must be evaluated comparatively as many system capabilities are covert and classified. Space based platforms and systems which pose a security dilemma for most CI subsystems include a variety of well known and sometimes vague orbiting mechanisms which merit a closer look. This is especially significant given inherent vulnerability issues associated with the energy grid and the other CI systems which depend on its flawless operation.

The overall threat these various space based weapons systems and platforms pose to the energy grid, reliable and potable water, farm to market food supplies, public health, transportation, emergency services and the industrial/commercial base of a nation’s daily operations cannot be underestimated. It will require serious and sustained research efforts after 2022 to devise defensive, protective and deterrent countermeasures and security practices to safeguard what major CI systems are deemed essential to normal and routine daily life in those advanced nations which demand their reliable and uninterrupted operation. Emergency managers and homeland security professionals in federal and state government must map out an agenda which addresses these issues head on. This would include

1. Assess distinct CI system vulnerabilities tied to space systems with contingency EOPs

2. Prioritize restoration and recovery of vital CI systems when space systems disrupt them

3. Understand the division of labor between government and private sector in CI crisis scenarios

4. Exercise scenarios where CI systems disruptions linked to space platforms can be studied

5. Equip state based universities and National Guard with standby CI crisis support augmentation.

In addition, countermeasures such as hardening, mobile ground control stations, autonomous operations better threat analysis, creating orbital redundant nodes, randomized platform maneuverability, and other measures may all be effective to some degree. In the age of quantum and deceptive cyber controls no guarantee of foolproof self defense systems exist. Shrewd enemies with technical skills can covertly capture or control satellites unless measures are devised to nullify or neutralize satellite operations based on periodic security code transmission updates. Natural disasters which are earth generated or those which originate from solar and space threats cannot be discounted. Nevertheless demands for upgraded defensive measures and CI contingent crisis exercises remain vital today. Here the priority and national security burden is placed equally on military and commercial satellite owners and operators. The overall burden of finding suitable fixes for CI systems vulnerability linked to space platforms requires answers which rest on the shoulders of government and private sector leadership.

It is important to reckon with some of the things that could go wrong and understand the security implications attached to each. Leadership at water districts, power plants and other critical infrastructure systems can no longer think “it will happen to others, but not us.” Penetration testing to explore system weaknesses and areas of vulnerability to be probed will continue to be essential. Looking for a broad range of problems, such as software vulnerabilities, network issues and even things like phishing schemes and other human-based attacks are part of it. Penetration testing is not a new practice, but it’s heightened now due to recent cyber ransomware attacks like Colonial Pipeline, INVIDIA chip manufacturers and the Bernanillo County, New Mexico Detention Center. [Council Post: The Rising Importance Of Penetration Testing https://www.forbes.com/sites/forbestechcouncil/2022/07/21/. Jul 21, 2022 a 5 Major Ransomware Attacks of 2022 – cm-alliance.com https://www.cm-alliance.com/cybersecurity-blog].

Finally, the workforce which underwrites, supports and sustains CI and space systems can be easily forgotten unless attention is drawn to their vital role in making the connections between CI and space systems obvious and apparent. One source claims more than 104 million U.S. workers, or 71% of the total U.S. workforce, are employed in the “Essential Critical Infrastructure Workforce”.^[16] By contrast about 170,000 workers can be identified as part of the US space systems workforce according to the US Department of Labor in 2017 and the combined workforces are as vulnerable as the systems they operate[Space careers: A universe of options – Bureau of Labor …https://www.bls.gov/careeroutlook/2017/article/careers] By comparison a more recent data point which includes all workers in the commercial and government space sector combined reckons the total closer to 2 million workers. This aggregate number of US based space workers when combined with CI workforce data suggests that nearly 106 million workers can be found in both camps.^[17]

Often because so much of CI and about 50% of space systems are in private commercial hands we can find no uniform resilience criteria except to consider how these complex systems tolerate or resist natural disasters, terrorism, cyber hacking, sabotage or natural stress and age related decline. However, it begs the question of when, how and under what rigorous standards verifiable criteria to gauge resilience in each CI and space system could be derived or developed. It also raises the perplexing dilemma of what organization or objectively skilled enterprise has the requisite talent and expertise to do so.

Inside DHS (CISA) conducts specialized but voluntary security and resilience assessments on the Nation’s CI and its partners—federal, state, tribal, territorial governments and private industry—in better understanding and managing CI risks. The assessments examine infrastructure vulnerabilities, interdependencies, capability gaps, and the consequences of their disruption. Vulnerability assessments, combined with infrastructure planning resources developed through the DHS sponsored Infrastructure Development and Recovery program. This approach, forms an integrated planning and assessment capability featuring an integrated suite of capabilities, methods, and tools support the efficient and effective use of resources to enhance critical infrastructure resilience to all hazards. These voluntary, nonregulatory assessments are a foundational element of the National Infrastructure Protection Plan’s risk-based implementation of protective programs designed to prevent, deter, and mitigate the risk of a terrorist attack while enabling timely, efficient response and restoration in an all-hazards, post-event situation.

Because most U.S. critical infrastructure is privately owned, the effectiveness of CISA assessments depends upon the voluntary collaboration of private sector owners and operators. CISA’s Protective Security Advisors (PSAs) work locally to foster this collaboration and facilitate technical assistance to support enhancement of the security and resilience of the Nation’s critical infrastructure. Assessments are offered through the PSAs at the request of critical infrastructure owners and operators and other state, local, tribal, and territorial officials. However, the voluntary nature of uniform resilience testing and verification does raise questions about best ways to validate, confirm and test the resilience claims by CI owners and operators.^[18]

Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. Some of these vulnerabilities received resilience severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and do all manner of cyber based havoc including – denial-of-service condition, change control logic, or disable communication links and found frequent flaws in such as programmable logic controllers (PLCs) and remote terminal units (RTUs) – control physical processes, while level 2 devices include supervisory control and data acquisition (SCADA) and human-machine interface systems.¹⁸

A catalog of verified CI system vulnerabilities is a starting point but with so much of CI in the operational control of the private sector, and with DHS urging voluntary resilience actions, it is hard to ascertain how CI is protected and sustained against threats in a global comparative manner. Another crude way of putting the issue is to consider whether some advanced societies reliant on CI and space systems have explored all the obvious [and less obvious] pathways to undermine, destroy or disrupt CI as a prelude to armed conflict or as a strategic ‘checkmate’ maneuver to obviate the need for a kinetic attack. In that sense the EU, US, and other advanced nations with CI at risk must tackle the sobering question of preparedness and resilience against the widest possible spectrum of threats and contingencies. So we are left to contemplate the spectrum of immediate and downstream threats against CI considering the ever present risks arising from a variety of space systems. While the nexus between space systems adding increased jeopardy to CI systems is fundamental we cannot lose sight of all the other avenues of potential CI mayhem and destruction. More specifically, the array of threat dynamics which entail robust CI protection, and which take into account the reciprocal effect of space system influence on CI systems, is large and complex. It certainly includes at least the following threat factors:

1. Space based weapons systems

2. Catastrophic natural disasters

3. Covert cyber hacking and external manipulation [quantum probes]

4. Targeted terrorism

5. Solar storms

6. EMP attacks

7. Natural age/stress related system failures

8. Insider threats/sabotage

9. Interstate war and armed conflict

The overall Homeland Defense posture of Pentagon resources versus poised to assist an support local and state governments in crisis is important. However it is just one part of a complex response system. Specifically defined roles in DHS contingency plans for selected natural disasters which are part of the National Planning Frameworks depict federal interagency roles in differential disasters and hazard situations. This is also reinforced in the Comprehensive Preparedness Guide 101 which provides guidelines on developing emergency operations plans and promotes a common understanding of the fundamentals of community-based, risk-informed planning and decision making to help planners examine threats or hazards and produce integrated, coordinated and synchronized plans.

It is fair to ask whether the NGB [National Guard Bureau] has developed and tested its operational plans for handling a range of CI system scenarios involving disruption or loss of functionality caused by space system interventions of attacks. A comprehensive exploration of scenarios and readiness plans which are geared to a variety of scenarios for exercise purposes would make sense. This also reinforces the point that the time and energy required to restore a damaged or impaired CI system from its victimized state to a point of interim versus full restoration presumes that in many cases the difference between interim and full CI restoration will be measured in days or weeks versus minutes or hours. This also assumes that in cases of complex cascading CI failures that resurrecting the one pivotal and keystone CI element which supports many others can be done in a manner that ensures the restoration of other dependent CI systems in an effective and timely manner, From the standpoint of realistic exercise design and conceptual testing this will be a complex and difficult undertaking. This also implies that designated teams involving both government and private sector leaders should be marshaled to assess the current standby capabilities of CI subsystems to withstand space based damage scenarios and devise strategies for building in greater resilience for these systems. The time for teaming between government and CI managers to address this threat is now. Experiences gained from robust exercises will be beneficial to all concerned.

One clear signal from this brief review of CI systems and their connection to space based systems is that advanced technologies to harden CI systems to ensure a level of resilience against presumptive space based threats entails consideration of

1. Cyber hardening

2. Protective shielding

3. Redundant CI systems

4. Counter-space deterrent technologies

5. Preparedness response exercises to test CI restoration and recovery plans

Once it becomes clear that CI systems are largely vulnerable to space platforms and systems nations seeking to buttress their CI systems and dependent networks will need to devise and update their strategies and technologies appropriate to the estimated threat. That threat will evolve and grow more complex as technology involving AI and quantum computers grows exponentially.

It is sensible to recognize that failure to calibrate and analyze the combined CI and space systems threat, or do nothing today to mitigate its worst effects, seems to leave open the issue of catastrophic CI systems breakdown and loss. This is clearly a challenge to both government and the private sector requiring a substantial investment of resources, talent, expertise and patience. It is clear after 2021 advanced nations reliant on CI systems must do so. However, how many advanced nations will defer the challenge and thereby accept the risk? The future will reveal who is ready for space linked CI collapse and who isn’t.

@RMcCreight//2022

Endnotes

…”[PL 107-296] Critical Infrastructure Protection Act 2002.

Satellite’s role in monitoring critical infrastructure// /X2NSat Magazine//Cara Morgan April 2, 2020.

CSIS, Space Threat Assessment, 2019, 2020, 2021, Washington DC, Harrison, Johnson, Moye, and Young.

Satellite Attack—A Mounting Arms Race in Space, Phys.Org, Nov 2021.

Competing in Space,’ National Air and Space Intelligence Center. Jan 2019. https://www.nasic.af.mil/Portals/19/documents/Space_Glossy_FINAL.

Unmanned underwater vehicle (UUV) for long-endurance persistent surveillance use introduced by Kongsberg March 2, 2021///Military Aerospace Electronics.

Standing up to new underwater threats – counter UUV intruder detection sonars I. UDT 2019//Tena, Sonardyne International, United Kingdom (ioseba.tena@sonardyne.com).

Critical Infrastructure: Space Security and Cybersecurity Intersect//May 8, 2020//By Diane M. Janosek Capitol Tech Univ] and also CRITICAL INFRASTRUCTURE DEPENDENCY ON SPACE SYSTEMS. https://www.researchgate.net/publication/304454658_CRITICAL_INFRASTRUCTURE_DEPENDENCY_ON_SPACE_SYSTEMS//2021.

Small Satellites-Big Weaknesses, Debra Werner, Sept 2019, Aerospace America] see also [Microsatellite and Nanosatellite Markets, M. Halmare, June 2021 Satellite Markets and Research Magazine].

Council Post: The Rising Importance Of Penetration Testing https://www.forbes.com/sites/forbestechcouncil/2022/07/21/the-rising-importance-of...Jul 21, 2022.