Photo: Shutterstock

The work of space security is both an art and a science. Imagination is essential for anticipating novel scenarios and avoiding unwelcome surprises — bringing to life the urgency, the dramatic stakes, and the human impact that a technical taxonomy of cyber vulnerabilities cannot. Below is the first in a series of hypothetical scenarios, each one examining a different fictional threat.

[This article was published exclusively for Space Security Sentinel, a new monthly newsletter at the intersection of cybersecurity and space. Subscribe to the newsletter here.]

The Scenario

A cubesat is a miniaturized satellite used for space research, communications, Earth observation, and other purposes. These small satellites are increasingly popular due to their low cost and ease of deployment. While size-constrained cubesats are typically not equipped with thrusters, prototypes are being developed that may hold new and serious risks.

If hijacked, cubesats with thrusters have significant potential to be stealth weapons. Their size and popular use by academic labs (with tight academic budgets) also mean that onboard cybersecurity is generally non-existent or very limited — making them attractive, easy targets for threat actors.

In this scenario, one cubesat in a small constellation (or group or flock) of university-owned research cubesats with thrusters has gone off-path and destroyed a state-owned surveillance satellite in a collision. It was immediately unclear to the world whether this was a natural failure or a cyberattack, but either way, it became an ongoing threat when another cubesat in the same constellation collided with a privately owned satellite. The university operating the cubesats has stated that they cannot verify the current status of the remaining cubesats in its flock.

In the hours following the destruction of the second satellite, concerns that these were not mere accidents quickly began to escalate. If it were a deliberate attack, the entire constellation could become targeted and transformed into a swarm of killer cubesats that could do even more damage, such as directing them toward the International Space Station. If directed against a corporate target, that victim’s market value might be affected by disrupting services or otherwise shaking investor confidence.

News reports are repeating allegations that a hostile state had committed these attacks, leading to calls for retaliation, including to attack the alleged perpetrator’s own satellites. Social media is inundated with other rumors, speculation, and amateur sleuths claiming to have the real answer. Watchdog groups are concerned that unknown parties are creating disinformation here for their own purposes.

The surveillance satellite that was first destroyed had been monitoring national-security interests of the launching state. That state has put together an internal task force to investigate the incident and explore policy options for an official response. They are considering the potential causes of the collision, possible attribution if the act is determined to be intentional, and how best to reach out to industry and academic experts, given the sensitive nature of the targeted satellite and the pressure to respond in a timely fashion.

Gaslighting Potential

Gaslighting in this context refers to the manipulation of information to create confusion or doubt about the true nature of the attack — ideally persuading the cubesat operator that it was a hardware malfunction or their own programming fault and not an attack at all. The potential for gaslighting also exists for just about any cyberattack, but for this particular scenario, gaslighting could occur if the attackers were able to:

1. Conceal their identity: The attackers could mask their origin or make it appear as if the hijacked cubesat belongs to another nation or organization, potentially leading to false accusations and escalating tensions.
2. Manipulate satellite data: By tampering with the hijacked cubesat’s telemetry or other data, the attackers could create a false narrative about the satellite’s behavior or intentions, making it difficult for authorities to understand the situation and impacting their ability to respond effectively.
3. Create plausible deniability: The attackers could stage the hijacking to appear as an accident or natural failure, further complicating the attribution process and enabling them to avoid consequences for the attack.

Discussion Questions

Some starting questions to think through the scenario, response-options, and mitigation measures:

1. Given limited resources and room, what are some best practices for securing data on a cubesat as well as critical systems, such as (future) maneuvering capabilities?
2. What technical steps can be taken to mitigate the potential for further damage or escalation in the scenario, including the risk of creating more space debris?
3. More robust logs for forensics would consume much of the limited power on a cubesat: under what conditions, if any, would it make sense to have more robust logs?
4. How can we differentiate between an accidental failure and a cyberattack, especially in systems with minimal or no cybersecurity protections?
5. What could be the possible motivations, if a threat actor were behind these events?
6. Who could be the potential victims or stakeholders in the scenario?
7. What immediate actions should governments, industry, and the university in question take, especially to prevent potential escalation, despite an uncertain information environment?
8. If you were a government policy advisor, how would you recommend decisionmakers take advantage of the expertise in the private sector and academia to develop a response plan?
9. If you were a corporate advisor, what would you recommend that your client do to protect their commercial interests?
10. If you were a public relations advisor at the cubesat-launching university, what would you recommend the administration do in response to demands for unfettered access to the cubesat constellation’s data and guidance?

For other questions to help think critically about the scenario, please see this report (pp. 69-71) for a general list. Given the interdisciplinary nature of these and other questions, interdisciplinary expertise will be needed preparing for and responding to space cyberattacks.

Acknowledgements: This particular scenario was developed with the help of Cal Poly space cybersecurity researchers Kira Abercromby, Henry Danielson, Bruce DeBruhl, Patrick Lin, and Dexter Rush.