The British Space Agency (UKSA) was created in 2010 in the last weeks of Gordon Brown’s government, taking over from the British National Space Centre. He is responsible for the UK’s civilian space programme. The space sector is worth £16.5bn in the UK and employs around 47,000 people, according to the UKSA. One of its roles is to work with the industry to support and improve its cybersecurity.
“We work with space service owners and operators, providing support and guidance to help them understand the nature of the risks posed by cyber threats and encouraging appropriate and proportionate action,” said Stephen Straughan, Head of security and resilience at the UKSA. , Told Projector. However, he pointed out that cybersecurity risks for the agency itself are managed by the Department for Business, Energy and Industrial Strategy (BEIS), which is its parent department within the government.
Space services essentially involve the communication of data, often audio and video, around the world. These can be used to transmit television programs, make phone calls, track the weather or even remotely control military drones. In addition, there are services that depend on these communication networks, such as energy and transport. Space services are handled by the approximately 4,500 operational satellites in orbit around the Earth, which work quietly to keep the modern world running smoothly. “Space is a pervasive enabler of modern life in the UK and around the world,” Straughan said. “Space services are so integrated into our day-to-day activities that most people don’t realize how much they depend on them.”
In 2021, the German Space Agency made a video inviting the viewer to imagine what would happen if the satellites stopped working. TV and phone lines go down, flights are canceled and blackouts sweep the planet as energy management becomes impossible. Emergency services and the military would struggle to find locations, bank withdrawals and transactions would be disrupted, and modern weather forecasts would be unavailable. In short, it would be chaos.
One of the biggest challenges in protecting satellites is that the hardware cannot be changed once launched. “It’s important that any cyber threats are recognized early in the development cycle of new services,” Straughan said, hence why his security and resiliency team works to promote security “by design” in the whole sector. Fortunately, so far the sector has avoided any specific attacks or suffered “major attacks” – but the vulnerabilities are there.
Satellites also operate for up to 15 years, which means they can quickly become obsolete. Straughan said this can be mitigated by things like software-programmable radios, or the “mega-constellation route” in which large numbers of short-lived satellites are put into low Earth orbit and reconstituted. with new ones when they reach their end of life, perhaps every five years instead of 15. He acknowledged that replacing hardware is “still outside of current capabilities”, but that it might be possible at the moment. future with the development of “in-orbit servicing”.
Content from our partners
During an average working day, UKSA’s Security and Resilience team will work with space service operators, helping them secure their systems and monitor emerging threats. They also hold drills to test their own and space service companies’ responses to cybersecurity incidents.
According to Straughan, the main challenges of cybersecurity in space are that systems and networks are “highly distributed”, which means that space services exist in a large network with many potential weaknesses that can be exploited. Combined with a long lifespan, rapid technological change and fixed hardware, space services are relatively vulnerable. However, he said, “the benefits of our work in cyberspace are that we can help UK owners and operators understand the risks they may face and help them mitigate those risks.” This means more reliable services and reduced risk. The UKSA currently runs Security Working Groups which bring together businesses and experts to discuss issues and share advice and guidance on cyber threats. Straughan wouldn’t be drawn to specific cybersecurity projects, saying it would be “inappropriate to discuss details of any activity that might reveal details of risks and mitigations.”
Asked what lessons other utilities could learn from the UKSA’s experiences, Straughan stressed that “mitigating the threat of cyberattacks is not something that can be done in isolation”. Because the world is becoming “increasingly interconnected,” risks will traverse networks across the globe and not just within a single nation-state. Straughan said it was “vital” that the international aspects were addressed, and added that the UKSA was in talks with other space agencies on “collaborative working, mutual assurance mechanisms and establishing standards of behavior”.
“Space is no longer the purview of monolithic governments and corporations,” Straughan said. “The cyber threat is keeping pace and companies need to understand this risk and be proportionate in their activities. Even start-ups can be exposed to cyber risks, but it’s too late to try to solve them once their systems are developed, operational and reliable.
[See also: Is the UK’s cyber-space more secure after Boris Johnson?]