Since the start of August, a National Science Foundation (NSF) center responsible for coordinating international astronomy initiatives has experienced a puzzling "cyber incident" that has resulted in the disabling of significant telescopes located in Hawaii and Chile. Approximately 10 telescopes have ceased operations entirely, with a few others only capable of conducting in-person observations. The cyberattack at the Atacama Large Millimeter Array was a separate incident that took place first (October 2022), and then months later the Gemini Observatory was attacked (August 2023). Even email services have been restricted in the aftermath, underscoring the far-reaching consequences of the breach. We have asked Dr. Roy Balleste to comment on these cases and provide his assessment.
August 28, 2023
About Dr. Roy Balleste
Dr. Roy Balleste is a tenured Professor of Law at Stetson University College of Law, where he is also director of the Dolly & Homer Hand Law Library. He teaches cyberlaw and space law and has concentrated his scholarship on the areas of internet governance, cybersecurity law, space law, space cybersecurity, and astronautical ethics.
Moreover, Dr. Roy Balleste is also the Director of Information Security for ABH Aerospace and a member of the International Institute of Space Law and Upsilon Pi Epsilon Association (the only National Honor Society for the computing and information disciplines).
In your opinion, what is the reason for the increasing number of cyberattacks on space sector?
Cyberattacks against the space sector are on the rise. It is troubling to learn that officials halted operations at 10 telescopes, including the International Gemini Observatory twin optical/infrared telescopes consisting of Gemini North, located in Hilo, Hawaii, and the Gemini South, located in Cerro Pachón, Chile. While experts seek out solutions, the observatory hack should not have been a surprise. While an educational-driven organization aimed at exploring the universe and seemingly a low target, the observatory ended at the center of a disruptive cyberattack. The truth is that the open nature of sharing data in academia can be a calculated factor in a cyber risk assessment. The lessons learned during the last decades in the banking and commercial sectors now need to be transferred to the space industry.
The cyberspace domain belongs to a time more innocent than our own. Sputnik’s launch in 1957 opened the space age and eventually, hundreds of satellites opened the gate into a new age of exploration. These satellite networks existed in isolation for decades. As the technology and its interconnectivity evolved, it unavoidably extended the cyberthreat landscape into satellite networks. As noted in the NATO Legal Gazette, “all the space system components may be vulnerable to cyber interference in one form or another and require protection”. Satellite on-board computers usually run Real Time Operating Systems. These operating systems are mission-critical and similar to SCADA systems, where time is a factor of function. And time is the crucial factor that now challenges the operation of the telescopes. The observations are successful only with a combination of time and precise alignment for an optimal field of view.
The space industry’s cyberthreat landscape is already fertile ground for the abuse of any actor with technological capabilities. This is the lesson learned from the Russian VIASAT-Skylogic hack. Even more concerning is the news of the hack of the Atacama Large Millimeter/submillimeter Array (ALMA) in October 2022. This hack, just as in the VIASAT and Gemini cases, represented efforts to disrupt consumer-oriented services. While the specifics surrounding these cases remain shadowed in secrecy, some observers have suggested ransomware attacks as a possible cause. Could these organizations have fallen victim to the ransomware operation called Akira? This is a possibility. The space industry is now a target, and the techniques used are familiar. For example, in August 2022, hackers used an image taken by the James Webb Space Telescope to target victims through phishing emails designed to deploy malware. In this case, the image is undetectable by antivirus programs. And in the summer of 2020, the Physics and Astronomy department at Michigan State University was the target of a ransomware attack.
How are cyberattacks regulated by law?
In the geopolitical and legal areas, it is no secret that particular governments have engaged in an assortment of malicious cyber operations. And these cyberattacks have the traditional traits of previous hacks. In other words, these governments launch cyberattacks without regard to international space law and against the peaceful use of outer space. There is also the rising prospect of outer space becoming another warfighting domain, with changes to the traditional cybersecurity dynamics understood until recently.
Article I, paragraph 2 of the 1967 Outer Space Treaty, states that: “Outer space, including the Moon and other celestial bodies, shall be free for exploration and use by all States, without discrimination of any kind, on a basis of equality and in accordance with international law, and there shall be free access to all areas of celestial bodies.” Today, experts are now pressed to identify solutions to the use of cyber operations targeting space services. The reality is that cyber operations in space are far from the reach of any enforceable and binding law. While the efforts of the UN GGE, and the UN OEWG offer blueprints for future legal norms, at the moment, those efforts only offer aspirational and, ultimately, optional guidelines. A source of hope is reflected in the experts’ efforts found in the MILAMOS, Tallinn, and Woomera Manuals.
The standards discussed by the United Nations and the military manuals could eventually become norms of international law, but at the moment, that is not the case. While notions of international law beyond those found in space law may be applicable, there is no sign of improvement in the ambit of cross-border and cross-domain cyber operations. The Office of the US Director of National Intelligence, in a recent advisory titled Safeguarding the US Space Industry, noted how “space-related innovation and assets” can be “potential threats as well as valuable opportunities to acquire vital technologies and expertise.” According to the US National Institute of Standards and Technology Internal Report (NISTIR 8270), all segments of a space architecture are vulnerable. Indeed, these unexpected ramifications serve as the catalyst for the development of future space cybersecurity and threat mitigation.
What would you recommend for space sector actors in order to become more protective?
One potential solution to ensure security of space systems is a zero-trust model. A new space age is evolving, and the real challenge is a gray area of online maneuvers in which industry stakeholders must be cognizant of the rising threats that plague cyberspace. Lack of planning could cost space industry organizations millions of dollars in losses and, most likely, millions of dollars in legal fees. An essential factor in the protection of space objects is to guarantee an appropriate threat mitigation strategy and an incident response plan. Since the cyberthreat landscape continues to change, security risk management should be a continuous process. As previously noted, the spear-phishing attacks on the Ukraine energy distribution companies demonstrated the need to have trained operators in cybersecurity, which, in turn, protect the human-machine interface.
Author: Nessa, Cyber Journalist
Photo: Dr. Roy Balleste and Freepik
You can support TheSIGN by becoming our SATELLITE. Click to learn more about sponsorship.