A recent joint warning issued by the National Counterintelligence and Security Center (NCSC), FBI, and the Air Force Office of Special Investigations (AFOSI) has highlighted the growing threat of cyber espionage campaigns against the US space industry. Foreign intelligence entities (FIEs) are specifically targeting the space industry due to its critical role in driving the economy and its reliance on satellite networks for various vital services.
The two-page advisory cautions that these FIEs are actively working to steal the technology powering the space industry and disrupt its operations through cyberattacks. This is a significant concern considering that the US leads the world in space investment, with over $130 billion invested in the last decade, surpassing China’s $79 billion investment.
The primary objective of these foreign adversaries is to obtain intellectual property and other proprietary data from US space firms to benefit their own national security programs. They are also leveraging state-backed resources and unfair business practices to disadvantage US space companies. China and Russia are identified as leading threats to the US space industry.
The warning raises several national security concerns, including attempts by FIEs to gather sensitive data related to satellite payloads and disrupt US satellite communications capabilities. Such disruptions could have severe consequences, particularly during emergencies when critical services rely on satellite communications.
Moreover, the economic security of the space industry is vulnerable to attempts by foreign adversaries to influence international laws governing space. This could put US space firms at a disadvantage or exploit critical resources and supply chain dependencies.
To combat these threats, the advisory advises companies involved in the space industry to remain vigilant and detect any attempts to infiltrate their organizations. This includes identifying cyber activity targeting the company, attempts to recruit technical experts, or unsolicited offers to establish joint ventures with companies tied to foreign governments or state-owned enterprises.
The document also recommends implementing various mitigation strategies, such as establishing an insider threat program within the organization and developing an “anomaly log” to track unusual incidents that may indicate malicious activity. It also emphasizes the importance of incorporating security requirements into third-party contracts and carrying out robust due diligence on suppliers.
Furthermore, the advisory stresses the need for collaboration among different departments within a company, including security, cyber, IT, insider threat, legal, human resources, and procurement offices. This enterprise-wide security posture ensures that all relevant parties work together to enhance security efforts.
The cybersecurity risks in space are also highlighted in the advisory. Researchers at the University of Michigan and NASA published a report in November 2022, revealing that a single device with malicious code could disrupt networking protocols used by spacecraft, aircraft, and industrial control systems, leading to unpredictable operations and potential failures.
Recognizing the significance of cybersecurity in the space domain, the US Space Force has requested a $700 million investment in cybersecurity as part of its $30 billion 2024 budget. In addition, the Space Force’s Delta 6 mission, responsible for the cyber defense of US military satellites, has expanded its operations and added four squadrons to enhance cybersecurity within the military branch.
To improve cybersecurity for space systems, a working satellite called Moonlighter was launched into low-earth orbit (LEO) earlier this summer. Moonlighter aims to provide a real-time, real-world target for penetration testers, helping to improve the overall security of space systems.
As the US space industry continues to play a vital role in the economy and national security, the joint warning serves as a wake-up call to the increasing threats posed by cyber espionage campaigns. By raising awareness and enhancing security measures, it is crucial for space companies to stay one step ahead of foreign adversaries seeking to exploit vulnerabilities and steal valuable information.