This project includes several workstreams: (1) an international Group of Experts working to identify shared norms on the international level; (2) a pioneering Certificate Program on Space - Cyber Security; and (3) building of the foundations for a theory of space - cyber power.
Scott J. Shackelford
Space-based infrastructure is a critical infrastructure for security and the economy – in fact to most aspects of modern life - and is therefore a prime target. Only a handful of countries has the capabilities to physically destroy satellites – and be exposed as the perpetrators. A cyber-attack, on the other hand, has a low entry barrier in terms of required funds and technological and engineering capabilities. Moreover, the attacker can attempt to cover its tracks, leaving the attacked country perplexed. Cyber-attacks will therefore be the leading method of targeting space-based infrastructure by States as well as non-State actors, notably criminal organizations, and terrorist groups. Such attacks already occurred by States and even terrorist organizations. Indeed, a combined space-cyber warfare theater has emerged to become the primary battlefield for global powers in the 21st century. A report published by Harvard’s Belfer center suggested that the first mission of the new US Space Force should be cybersecurity of space assets. A series of Chatham House studies found that there is an ‘escalatory cycle’ of militarization of the space-cyber realm which meets inadequate national policies and global governance, and the development of a flexible, multilateral regime is urgently required (1, 2, 3). The war in Ukraine, dubbed “the first space-cyber war” saw, for the first time, the targeting of space-based services as part of a military campaign. The services that ViaSat, a US commercial space company, provides to Ukraine were disrupted on the eve of February 24th.
Whereas a space-cyber theater has already emerged, the governance is still separated. The UN and its main organs (CD, UNODA) work in two separate channels and with separate Groups of Governmental Experts (GGEs). In addition, there are the Tallinn Manual on the international law applicable to cyber warfare on the one hand and the MILAMOSand Woomera manuals on the international law applicable to space warfare on the other. The Tallinn Manual 2.0 includes a section on space law, and the MILAMOS includes a rule on the applicability of cyber law, each from a different perspective. These separate efforts and manuals on space and cyber warfare, respectively, are, however, only a starting point. There is a need for an integrated approach and focus to develop and then adopt policy through the prism of the space-cyber security nexus that responds to the complexities of the nexus.
At the national level, the space-cyber threat has not evaded the attention of some defense establishments and policy makers, but national responses are either incipient or non-existent. The US and Germany introduced initial guidance, including Space Policy Directive–5: Cybersecurity Principles for Space Systems signed by President Trump in 2020, and work in ongoing by the US Space Force, Congress and others to introduce an array of responses, while most other countries are yet to address the issue.
Indeed, current national policies and global governance are ill-equipped to address this new warfare domain. There is an urgent need to enhance cybersecurity in the aerospace sector, develop adequate national policies, and introduce a flexible, multilateral regime, adopting a polycentric approach.
Another issue is the need skilled personnel – something we are almost completely lacking today. While terrestrial cybersecurity methods can be applied to ground stations and equipment, the space segment presents new challenges. Hoever, currently there are no training programs for space cyber security experts.
Workstream 1: The International Group of Experts
With the aim of identifying the international law applicable to space – cyber warfare that will represent a broad consensus, this project brings together a cohort of scholars, experts, and practitioners from around the world to discuss governance responses to the emerging nexus of space – cyber.
Partners & sponsors
This project is a cooperation between the Laval University Graduate School of international Studies, the Centre for International Governance Innovation (CIGI), the Ostrom Workshop at Indiana University, Bloomington, and the Center for Air and Space Law at the University of Mississippi School of Law.
The academic principal investigators (PIs) are Eytan Tepper, Jean-Frédéric Morin, Scott Shackelford, and Charles W. Stotler.
Workshop 1: The Emerging Space - Cyber Warfare Theater and the Need for Governance Responses (June 14, 2022, Webinar); (poster), now on YouTube here
Workshop 2: Identifying Legal Sources and Common Norms for Responsible Space – Cyber Behavior (Summer 2023, TBD);
Workshop 3: Finalizing the Principles for Responsible Space – Cyber Behavior (Fall 2023, Washington D.C.)
Workstream 2: Certificate Program on Space - Cyber Security
while space-cyber security includes challenges different from those of terrestrial cybersecurity, there is currently no program that teaches the unique volnurabilites and how to protect space systems and services. The Indiana University Bloomington Space Governance Program, together with the Center for Applied Cybersecurity Research, are launching a new Certificate Program in Space-Cyber Security, in collaboration with the Department of Homeland Security, the Aerospace Corporation, the Space ISAC, and Amazon. The program would train the first generation of space-cyber security experts. And we intend to put diversity in mind in our recruitment efforts, so we create a diverse workforce from the beginning, and not try to fix mistakes 10 years down the road.
At the end of the program, participants would have the capacity to develop and see the implementation of an organization-wide policy and measures on space-cyber security. They will gain in-depth understanding of the cyber threats to space assets, the different types of space-cyberattacks, and the systems and applications at higher risk. They will learn protective strategies and tools as well as the legal requirements and industry best practices. They will be introduced to the available support from the government and industry organizations. They will further learn how to respond to an incident. The program promotes innovation and cyber resilience in aerospace and is also an opportunity for be part of a network of space-cybersecurity professionals.
The Program is geared at existing and would be chief information security officers (CISOs) of space companies and government agencies, as well as advanced students of cybersecurity interested in a career in the space sector.
Eytan Tepper and Scott Shackelford
Workstream 3: Toward a Theory of Space-Cyber Power
In his seminal book “The Influence of Sea Power upon History”, Mahan demonstrated how Great Britain’s sea power paved the way for its emergence as the world’s dominant military, political, and economic power, and articulated a theory of sea power. More recently, outer space and cyberspace emerged as operational military domains, as well as their nexus, as demonstrated during the war in Ukraine, dubbed as the ‘first space-cyber war’. Hoever, there has been no corresponding exploration like Mahan’s on the utility and limits of space-cyber power in modern international affairs. As a community, researchers lack the proper concepts to evaluate the power enabled by the space-cyber nexus. Sea power doctrine is already established and mature. Space power doctrine has also evolved, from the 2001 Rumsfeld Commission report through the 2011 National Defense University’s “Toward A Theory of Spacepower” to the recent US Space Force’ “Spacepower: Doctrine for Space Forces” published in 2020. This project brings together IU Bloomington’s Space Governance Lab and Center for Applied Cybersecurity Research, and the nation's leading experts on space power and cyber power with the aim of building the foundations for the missing space-cyber power doctrine. The project combines deductive theory with wargames, game theoretic analysis, and case analysis, and take into account that modern power extends beyond hard capabilities to the effect of transnational commercial activities of private actors and network centrality.
Participation in this project is by invitation only.
The academic principal investigators (PIs) are Eytan Tepper, Scott Shackelford, and three undisclosed collaborators.