A report for the 2021 AIAA Ascend conference, written by Dr. Gregory Falco and Nicolò Boschetti, aims to demystify the realm of space systems cybersecurity by enumerating the many threats to modern space systems. While attempts to quantify space system risk have been made previously, this report undertakes a broader, more holistic view of the sector. At the highest level of the risk taxonomy proposed, the authors define four main types of risk that may manifest during the lifecycle of a space mission (i.e., after the vehicle has been launched): physical, digital, organizational, and regulatory risks. This increased breadth does not come at the expense of depth–rather, the subsequent layers of the taxonomy classify how risks manifest, their sources, and the specific types of threats they pose to a mission.
The taxonomy has been paired with an extensive database of space security incidents spanning the entire scope of the investigation. This database has been made publicly available here.
The complexity and interconnectedness of space missions means opens the possibility of the whole enterprise being compromised by a single risk. For instance, while a space vehicle may be designed to withstand a variety of physical risks, a lack of diligence at the organizational level could leave the mission vulnerable. Hence, it is paramount that both government and corporate institutions designate resources to analyzing the security of their space missions through risk taxonomies and learning lessons from the catalogue of past incidents.