Vogon Today

Selected News from the Galaxy


Cybersecurity, European satellite infrastructures are at risk. Report Iai

Cybersecurity, European satellite infrastructures are at risk. Report Iai

The level of cyber security of satellite infrastructures is still unsatisfactory, therefore the risk is high. All the details of the report "The space domain and the cyber threat" edited by the IAI

The cyber risk is high for most of the European satellite infrastructures.

This is what emerges from "Space domination and the cyber threat, organized by the Istituto Affari Internazionali (IAI)", the report edited by Ottavia Credi, Giancarlo La Rocca and Alessandro Marrone of the IAI – Istituto Affari Internazionali.

From satellites for communication, navigation and Earth observation to scientific research and exploration, the space industry plays a crucial role in the daily lives of individuals, businesses and governments. But at the same time, new security problems are emerging. Today's space systems must be built to withstand cyberattacks, which could disrupt these essential services and which are becoming increasingly complex to counter.

Given the critical nature of space infrastructure, it risks being the target of a wide range of attacks, including those of a cyber nature.

The conflict in Ukraine demonstrated the interdependence link between the space and cyber domains, as well as their importance for operations in the physical domains, and made the vulnerabilities of space systems to this type of attack even more evident. The risk of attacks has turned into a very concrete and current possibility.

“NATO is developing its own spatial posture, following the official recognition of space and cyberspace as operational domains. Nevertheless, the current level of cybersecurity of a large part of European satellite infrastructures is not satisfactory and should be considered a priority issue to be addressed urgently” highlights the IAI report.

All the details.


The spatial and cyber domains are strictly interdependent: on the one hand, the latter is enabled by the assets in orbit; on the other, space systems depend on the exchange of data that takes place in the spectrum of cyberspace.

Interruption of Internet services and loss of connectivity can disable remotely controlled systems. Loss of positioning signals can disrupt aviation, road and marine traffic, but can also affect the synchronization signal needed for banking and other operations that rely on ultra-low latency networks. Still, interference with satellite imagery services can compromise military intelligence and invalidate scientific studies by altering the original data.

Therefore, "the interdependence between the spatial and cyber domain often translates into vulnerability since, in the event of an anomaly or accident, there is a risk of triggering a domino effect such that a possible cyber attack on a space system propagates up to impact the service same for which the space system is employed” underlines the Iai report.

In particular “a space system can be attacked on three fronts: the supply chain, the ground infrastructure supporting the devices in orbit (ground segment), and the satellites themselves (space segment). It is important to underline that, generally, the segment that is hit by a cyber attack is the one that the author of the attack himself considers most vulnerable” the think tank experts write again.

Several experts, including those from the US Space Force's Space Development Agency (SDA), identify cyberattacks as the main threat to space dominance.


And the conflict in Ukraine has demonstrated the interdependence link between the space and cyber domains.

“In some ways, the first shots fired before dawn on the day of the invasion of Ukrainian territory were virtual and digital. This occurred through a combination of cyber attacks on the network infrastructure of the satellite service provider KA-Sat (owned by the satellite giants Viasat and Eutelsat) and electromagnetic interference to satellite navigation signals along the border up to the capital Kyiv, with disturbances recorded from the Black Sea to the Baltic in the direction of Kaliningrad and repercussions also on civil aviation. In particular, the attack on KA-Sat has achieved the objective of interrupting services and disabling the modems that allow the connection and communication of the Ukrainian military forces, thus creating problems for C2 of national defense, but also repercussions on some energy infrastructures and of Ukrainian and European connectivity” underlines the IAI report.


Even the European Union has recognized the nature of space as critical infrastructure. “The NIS2 Directive, which came into force at the beginning of 2023, in fact highlights the interdependencies between space and the functioning of contemporary societies and economies, with potential cascading effects and persistent negative impacts on the internal market. Furthermore, the EU Policy on Cyber ​​Defense of November 2022 underlines the dependence of defense systems on space services and the growing exposure to the cyber threat”, report the IAI experts.

In this context, the EU Space Strategy for Security and Defense (EUSSSD), already envisaged in the Strategic Compass adopted by the EU member states in March 2022, is of considerable importance. “The Strategy anticipates an EU space law, with significant requirements for what concerns the principle of "secure by design" which ensures high safety standards right from the early stages of the development of a satellite. In particular, the Strategy recognizes the specific vulnerability of space infrastructures to cyber attacks, both as regards systems in orbit and on the ground", explains the report.

Without forgetting that on 14 February the European Parliament approved almost unanimously the proposal for a regulation establishing the Union program for secure connectivity for the period 2023-2027. The program aims for the European Union to have its own constellation of 5 satellites called "IRIS2 " (Infrastructure for Resilience, Interconnectivity and Security via Satellite) which should ensure secure communication services by 2027.

In addition, the Commission foresees the need to increase awareness of threats and to facilitate the exchange of best practices on resilience measures also relevant to the cyber domain. For this reason, the Strategy announces the creation of a European information sharing and analysis center (ISAC).


Looking ahead, an active and relevant role at the European level is played by the ESA, which has implemented its own Security Framework approved by its 22 member states and allows for the development of a common security discourse applied in a holistic manner.

“In fact, the goal is to secure all the Agency's space missions, not just the classified programs, through a certification and accreditation process first in the design phase and subsequently in the test phase to ensure an acceptable risk profile for the operating level of the system. The theme does not represent a new element for the ESA which in fact is equipping itself with a Cyber-Security Operations Center (C-Soc) under the responsibility of the Agency's Security Office and created by a consortium led by the Italian company Leonardo" they point out the iai experts.


The cyber threat to space is also a relevant issue for NATO, even if, unlike the EU, it does not have ownership structures but relies exclusively on the space systems of the Allies.

It is no coincidence that "during the NATO Cyber ​​Defense Pledge conference held in Rome in November 2022 and co-organized by Italy, the Secretary General Jens Stoltenberg highlighted the credibility of the cyber threat against space systems, recalling the concrete cases of the operations conducted in Ukraine” the experts recall.


After that, according to the IAI report, “a joint action involving governments, industries and international organizations is essential to increase the resistance of space systems to cyber attacks. In many cases, the propensity to carry on parallel conversations regarding the cyber threat to space infrastructures on the ground and those in orbit is observed in the EU, when such reflections should take place in an integrated and concerted way. There is also a tendency on the part of some political decision-makers to want to keep the various sectors involved in space activities separate, for example the military and commercial sectors, to the detriment of both given the extreme interdependence in place. At the European level, it is necessary to invest more resources and energy in the analysis and contrast of the cyber threat to space systems, trying to avoid a watertight compartment approach and recognizing that space is a shared domain, where different actors operate simultaneously".


Finally, the report concludes, “in order to manage the challenges that the fourth and fifth domains are facing, it will be necessary, both at national and European level, to guarantee stable and competent leadership, capable of thinking and operating from a multi-domain perspective. This opens up the question of human resources, a problematic issue for the Defence, which has to compete with a sector – the private sector – which often represents an attractive alternative for many, and to which the Public Administration needs to respond with creativity”.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/cybersecurity-le-infrastrutture-satellitari-europee-sono-a-rischio-report-iai/ on Thu, 06 Apr 2023 06:14:58 +0000.