UK Space Agency Chief Security Officer: ‘Space is an ubiquitous catalyst for modern life’

The British Space Agency (UKSA) was created in 2010 in the last weeks of Gordon Brown’s government, taking over from the British National Space Centre. He is responsible for the UK’s civilian space programme. The space sector is worth £16.5bn in the UK and employs around 47,000 people, according to the UKSA. One of its roles is to work with the industry to support and improve its cybersecurity.

“We work with space service owners and operators, providing support and guidance to help them understand the nature of the risks posed by cyber threats and encouraging appropriate and proportionate action,” said Stephen Straughan, Head of security and resilience at the UKSA. , Told Projector. However, he pointed out that cybersecurity risks for the agency itself are managed by the Department for Business, Energy and Industrial Strategy (BEIS), which is its parent department within the government.

Space services essentially involve the communication of data, often audio and video, around the world. These can be used to transmit television programs, make phone calls, track the weather or even remotely control military drones. In addition, there are services that depend on these communication networks, such as energy and transport. Space services are handled by the approximately 4,500 operational satellites in orbit around the Earth, which work quietly to keep the modern world running smoothly. “Space is a pervasive enabler of modern life in the UK and around the world,” Straughan said. “Space services are so integrated into our day-to-day activities that most people don’t realize how much they depend on them.”

In 2021, the German Space Agency made a video inviting the viewer to imagine what would happen if the satellites stopped working. TV and phone lines go down, flights are canceled and blackouts sweep the planet as energy management becomes impossible. Emergency services and the military would struggle to find locations, bank withdrawals and transactions would be disrupted, and modern weather forecasts would be unavailable. In short, it would be chaos.

One of the biggest challenges in protecting satellites is that the hardware cannot be changed once launched. “It’s important that any cyber threats are recognized early in the development cycle of new services,” Straughan said, hence why his security and resiliency team works to promote security “by design” in the whole sector. Fortunately, so far the sector has avoided any specific attacks or suffered “major attacks” – but the vulnerabilities are there.

Select and enter your email address

morning call

A quick and essential guide to national and world politics from the New Statesman’s political team.

The crash

A weekly newsletter helping you put the pieces of the global economic downturn together.

World review

The New Statesman’s world affairs newsletter, every Monday and Friday.

Green times

The New Statesman’s weekly environmental email on the politics, business and culture of the climate and natural crises – in your inbox every Thursday.

Culture Edit

Our weekly culture newsletter – from books and art to pop culture and memes – sent out every Friday.

Weekly Highlights

A weekly digest of some of the best stories featured in the latest issue of The New Statesman, sent out each Saturday.

Ideas and letters

A newsletter featuring the best writings from the ideas and archives section of the NS, covering political ideas, philosophy, criticism and intellectual history – sent every Wednesday.

Events and offers

Sign up to receive information about NS events, subscription offers and product updates.

  • administration office
  • arts and culture
  • Crew member
  • Business / Corporate Services
  • Customer / Customer Service
  • Communication
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Management and maintenance of facilities / grounds
  • Financial management
  • Health – Medical and Nursing Management
  • HR, training and organizational development
  • Information and communication technologies
  • Information services, statistics, records, archives
  • Infrastructure Management – Transportation, Utilities
  • Lawyers and practitioners
  • Librarians and library management
  • Management
  • Marketing
  • OHS, Risk Management
  • Operations management
  • Planning, policy, strategy
  • Print, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, asset and fleet management
  • Public relations and media
  • Purchasing and Supply
  • Quality management
  • Scientific and technical research and development
  • Security and Law Enforcement
  • Delivery service
  • Sports and leisures
  • Travel, Lodging, Tourism
  • Wellness, Community / Social Services

Satellites also operate for up to 15 years, which means they can quickly become obsolete. Straughan said this can be mitigated by things like software-programmable radios, or the “mega-constellation route” in which large numbers of short-lived satellites are put into low Earth orbit and reconstituted. with new ones when they reach their end of life, perhaps every five years instead of 15. He acknowledged that replacing hardware is “still outside of current capabilities”, but that it might be possible at the moment. future with the development of “in-orbit servicing”.

Content from our partners

During an average working day, UKSA’s Security and Resilience team will work with space service operators, helping them secure their systems and monitor emerging threats. They also hold drills to test their own and space service companies’ responses to cybersecurity incidents.

According to Straughan, the main challenges of cybersecurity in space are that systems and networks are “highly distributed”, which means that space services exist in a large network with many potential weaknesses that can be exploited. Combined with a long lifespan, rapid technological change and fixed hardware, space services are relatively vulnerable. However, he said, “the benefits of our work in cyberspace are that we can help UK owners and operators understand the risks they may face and help them mitigate those risks.” This means more reliable services and reduced risk. The UKSA currently runs Security Working Groups which bring together businesses and experts to discuss issues and share advice and guidance on cyber threats. Straughan wouldn’t be drawn to specific cybersecurity projects, saying it would be “inappropriate to discuss details of any activity that might reveal details of risks and mitigations.”

Asked what lessons other utilities could learn from the UKSA’s experiences, Straughan stressed that “mitigating the threat of cyberattacks is not something that can be done in isolation”. Because the world is becoming “increasingly interconnected,” risks will traverse networks across the globe and not just within a single nation-state. Straughan said it was “vital” that the international aspects were addressed, and added that the UKSA was in talks with other space agencies on “collaborative working, mutual assurance mechanisms and establishing standards of behavior”.

“Space is no longer the purview of monolithic governments and corporations,” Straughan said. “The cyber threat is keeping pace and companies need to understand this risk and be proportionate in their activities. Even start-ups can be exposed to cyber risks, but it’s too late to try to solve them once their systems are developed, operational and reliable.

[See also: Is the UK’s cyber-space more secure after Boris Johnson?]

Leave a Reply