Abstract
As space assets continue to move towards the integration of more advanced information technologies the entry points for cyber-attacks are inevitably bound to increase. Similarly, the globalization of the space supply chain, the proliferation of small satellites using COTS components and the possibility to operate space mission payloads across networks through public internet connectivity substantially increase the vulnerability of space systems to cyber-attacks. In the emergent Australia's space sector, these risks are exacerbated by the fact that the cybersecurity of the space infrastructure is scantly addressed at the operational and policy levels. Despite the rising efforts of the Australian Cyber Security Centre within the Signal Directorate and the Attorney-General's Department, numerous technology and policy gaps remain, including those regarding the definition of roles and responsibilities of the different stakeholders in case of cyber-attacks and those pertaining to policy guidance for R&D and procurement activities by public bodies.
Building on an ongoing research project conducted by Flinders University in cooperation with CyberOps, this paper aims to contribute to bridging these gaps by identifying cyber threats that exist within the Australian space market today and assessing the policy and legal protection (or lack thereof) available to satellite operators in case of cyber-attack with a view to underpin the case for the creation of a dedicated framework providing Australia space industry and public institutions with strategic and operational cyber security guidance. Towards this, the paper will first identify a representative set of cyber threats that Australia's space missions can be subject to throughout their lifecycle, from the manufacturing of satellite systems to their exploitation, passing through their launch and operations. The exercise will in turn enable the identification and assessment of vulnerabilities of the different space systems as well as the identification and assessment of risks associated with the identified vulnerabilities. Subsequently, the paper will complement the threat analysis with an investigation of the policy and legal frameworks that surround threat vectors. The project will also examine the extant roles and responsibilities of different stakeholders in response to different types of incidents affecting the space infrastructure's cybersecurity and the applicable legal framework. Based on the findings of this assessment, the paper will eventually provide considerations for the development of a Space Cyber Framework specifically designed and tailored for use by the nascent Australian satellite industry. The value-adding nature of this paper is that it will provide Australia's space companies and public stakeholders with actionable inputs to tackle the cybersecurity threats associated with space operations.
Original language | English |
---|---|
Number of pages | 2 |
Publication status | Published - 2022 |
Event | 73rd International Astronautical Congress 2022 - Paris, France Duration: 18 Sept 2022 → 22 Sept 2022 |
Conference
Conference | 73rd International Astronautical Congress 2022 |
---|---|
Abbreviated title | IAC Paris 2022 |
Country/Territory | France |
City | Paris |
Period | 18/09/22 → 22/09/22 |
Bibliographical note
Session IAC-22.E9.2.1, Sunday, September 18, 2022Keywords
- Australia
- cyber resilience
- cybersecurity
- space cyber policy
- space infrastructure