The next cybersecurity concern for NATO? Space

By: Kelsey Reichmann

A new report warns that the cybersecurity vulnerabilities related to military space systems, specifically terminals and command-and-control systems, deserves renewed attention from NATO countries.

The report, titled “Cybersecurity of NATO's Spaced-based Strategic Assets,” was produced by Chatham House, which is part of the Royal Institute of International Affairs, a policy institute in London. The paper, by Beyza Unal, was released July 1.

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyberthreat to space-based command and control systems,” the report read. “The increasing vulnerability of space-based assets, ground stations, associated command and control systems, and the personnel who manage the systems, has not yet received the attention it deserves.”

The report highlights cybersecurity vulnerabilities to space systems used by countries in the NATO alliance, notably singling out commercial products used in military operations as a particular risk. These vulnerabilities can come from back-door encryption, supply chain security, and personnel and procedural practices, according to the report. NATO uses space assets to defend territory, peacekeeping missions, humanitarian assistance and disaster relief, counterterrorism, and conflict prevention.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” the report read. “If military standards are not met, items procured from commercial industry with design flaws may expose NATO's systems to additional vulnerabilities."

The report also points to the importance of securing satellite terminals.

“Terminals located in ground stations constitute a critical vulnerability, as a terminal is an access point to a satellite and is usually not protected by authentication in order not to hinder operational actions,” the report said. “Terminals house software systems that can be compromised and require patching and upgrading.”

Data flowing between satellites, especially ground stations, can become vulnerable, according to the report.

“Adversaries infiltrating ground- or space-based systems could exploit weak software implementation, or the incompatibility of network or data transfer protocols in the chain,” the report read. “While the absence of data is easy to detect, the manipulation of data or erosion of confidentiality at such an interface is potentially more difficult to discern.”

Among the report's recommendations is that NATO strengthen its cyber defense through increased collaboration between the public and private sector. This would allow for more timely information sharing of cyberthreats.

The report also urges NATO to emphasize that commercial manufacturers meet basic cybersecurity standards and possibly more stringent military protection standards.

“In the future, military systems will be increasingly connected to non-military systems,” the report stated. “This has important implications for the laws of armed conflict, as the combination of civilian, commercial and military capabilities in the cyber domain and space raises the risk that civilian capabilities used for military purposes qualify as legitimate military targets.”

https://www.fifthdomain.com/international/2019/07/30/the-next-cybersecurity-concern-for-nato-space/