The Space ISAC recently held its 4th Annual Value of Space Summit in Colorado Springs, Colo., with record attendance from government, security and space industry professionals. During three days of classified and unclassified sessions, we discussed emerging trends in satellite cybersecurity, orbital sustainability and industry best practices to navigate an evolving threat landscape. We bring you the highlights from discussions you may have missed at this year’s summit.

1. Space ISAC 2023 Watch Center Key Insights

Since the Space ISAC Watch Center was stood up in March 2023, analysts have been busy tracking prominent nation-state threat actors such as Russia, China, Iran and North Korea, signifying a shift in cybercriminal tactics. Ransomware and hacktivist groups are on the rise, leveraging as-a-service attacks such as denial of distributed service, phishing and identity theft, indicating websites and public-facing applications are the most exploited vectors. Furthermore, tense geopolitical areas of conflict have indicated an uptick in GEO interference activities, such as jamming. Additionally, the most notable tactics, techniques and procedures observed by threat actors are Initial Access, Persistence, Defense Evasion, Execution, and Command and Control.

2. The Complexity of Space’s Designation as a Critical Infrastructure

There currently exists a space systems cross-sector working group but a space critical infrastructure model that outlines sector-specific risk management is lacking. Space has many sectors, such as launch, engineering, supply chain, orbital operations, launch stations and cislunar operations. Greater collaboration across governmental and commercial sectors of space is needed, as a designation fails to constitute regulation. The governmental sector has the appropriate resources and authorities to signify a designation, while the commercial sector is equipped to allocate what is most critical to life on Earth and life in space which could allow space to undertake its own structural model.

3. Space Weather and the Establishment of a Sustainable Cislunar Ecosystem

As the exploration of cislunar capabilities continues to emerge, cislunar missions face increased difficulties. The global community requires space weather monitoring to protect and differentiate between cislunar anomalies that hinder missions, such as space weather or threat actors. A current race back to the moon exists which brings political, economic and military implications for all. Greater protection for cislunar operational capabilities is required as multiple entities operate between ground stations and the cislunar observational area, posing determinantal risks for future space exploration. The cislunar ecosystem would prosper under collaborative partnerships amongst international organizations to enable science-driven exploration and space resource utilization to establish permeant human activity in cislunar space.

4. Aerospace SPARTA, Space Policy Directive-5 and Risk-based Cybersecurity-informed Engineering

U.S. Space Policy Directive-5 (SPD-5) implies there were already established cybersecurity best practices for the industry to follow. However, the addition of the Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) matrix addresses this gap to enable space protection concepts and does not offer a perspective regarding the lack of space-qualified cybersecurity and security-enabled technologies. Cyber matrices are industry standard tools appropriated for commercial and government users to navigate rapidly evolving cyberthreats and vulnerabilities to tailor threat-informed/risk-based requirements. The Space ISAC community is set to outline the top 5-10 threats with a focus on mitigation techniques to drive best practice development that will ensure practices are motivated by necessity and not compliance with a regulation or standard that typically trails the threat landscape. To bolster the protection against cyberattacks, a common and minimum baseline of cybersecurity best practices must be equally balanced and flexible.

5. The Building Blocks of Cyber Resiliency

To become resilient within the global space and cybersecurity industry, collaborative efforts from multiple parties are required with the mindset of fully achieving resiliency. Cybersecurity is a triad with sensitive data protection at the forefront of the concern, where applying Zero Trust Architecture principles to all critical elements can enhance security, thus minimizing attack vectors, improving compliance, proactive defense and flexibility. Furthermore, the application of AI/ML or Machine Learning Security Operations (MLSecOps) can establish and sustain trust through advanced data drift and data monitoring that can characterize and predict behavior for optimized responses to mitigate novel security vulnerabilities. Lastly, cyber resiliency can be achieved through a “Cyber-Fault Tolerance” model to anticipate, withstand, recover and adapt from an attack by leveraging technology to address a privilege hierarchy of compromised accounts by moving endpoints and securing all touchpoints in between.