As DoD grows more reliant on space industry, it needs to define the relationship – Sandra Erwin SpaceNews.com
“ “Now we need to codify our relationships with commercial [industry] to best bring those capabilities to bear in a fight,” [Maj. Gen. DeAnna] Burt said Sept. 21 at the Air, Space & Cyber conference.”
This article goes in depth to show how commercial companies like Maxar, SpaceX, and Viasat have all aided in the war in Ukraine. For obvious reasons, the Military would love to use these commercial resources more. Commercial operates cheaper than the military, so the war fighter may become more dependent on commercial resources. But is that a good thing?
The rest of the article focuses on if the government would compensate a commercial entity if their vehicle got damaged in aiding the USA, and while that is (kinda) interesting, let’s focus on the security aspect of commercial space becoming a primary warfighting tool. Is commercial a secure and reliable means to aid the warfighter? We already saw that Viasat could be hacked in the first months of the Ukraine conflict. If the warfighter is going to be a subscriber of commercial space, then commercial space needs to be more secure.
The Viasat hack brought the network down; so, one could argue that if there are more networks for the war fighter to use it would only be a mild inconvenience for them to move from Viasat to SpaceX. From an availability aspect of cybersecurity that argument makes sense, but it gets more complicated from an integrity and confidentiality. Commercial does not have the scrutiny on these aspects as they do on availability (after all availability pays the bills). A warfighter should be able to use a satellite without being traced back (confidentiality), and the data they receive should be very accurate (integrity). This data may be used to direct the call to fire on an enemy or move troops.
Let’s look back at Viasat now. What if the hack just compromised the integrity of the data, say by changing the geodetics or timestamps of the data to make it look like its coming from a different source? Or what if it reported back to the enemy what the US Warfighter is looking for, or where the warfighter is accessing from? If the military wants to use commercial as a primary warfighting tool then it needs to as secure as the militaries own tools, and thus security should be primary functional requirements handed down from the government as part of its user subscription agreement.