Space Debris Management: Cleaning up Space with Cybersecurity in Mind

A major concern in space operations is tracking and safely avoiding space debris. Space debris consists of a wide range of objects, from small paint chips and bolts to defunct satellites and old rocket stages. As space-faring countries and space launches continue to increase, the amount of debris in space is expected to drastically rise. NASA and the U.S. Space Surveillance Network already track 25,000 objects larger than 10 cm and around 500,000 objects between 1 and 10 cm. This catalog is continuously changing as new satellites and debris are added and old debris slowly lowers in altitude until it eventually burns up in the atmosphere. One company aiming to address the space debris problem more directly is Japan’s Astroscale.

Recently, Astroscale launched the Active Debris Removal satellite, ADRAS-J, with the goal of performing continuous close approaches, or Remote Proximity Operations (RPO), with a discarded rocket upper stage that has been orbiting Earth for almost 20 years. Since its current mission phase began in February 2024, ADRAS-J has been taking pictures of the rocket stage, including one taken from just 50 meters away. These images are helping Astroscale better define the orbit and spin rate of the rocket body, something difficult to determine from the ground. Throughout the next phase and the end of the mission, ADRAS-J will perform even closer RPOs, eventually aiming to capture and deorbit the rocket stage. This would be a significant achievement for the space debris industry, as it would demonstrate the maturity of technology required to begin cleaning up space.

Unfortunately, as with many satellites, cybersecurity may not have been at the forefront of the mission designers’ minds when building ADRAS-J. This oversight may have left the spacecraft vulnerable to adversaries with the means and knowledge to exploit it.

The ADRAS-J mission has several key attack surfaces that a cyber actor could exploit, potentially causing negative or mission-ending impacts. The first of these is likely jamming of spacecraft command and telemetry or GPS links. With a satellite engaging in RPOs, this could have incredibly dangerous effects. Without accurate positioning data from the GPS link, the satellite could veer off course, potentially colliding with the rocket body it is investigating. A similar situation could occur due to a loss of command or telemetry path. Without communication with ground controllers at key close approach times, the vehicle would be unable to follow the intended flight path or respond to corrections.

Another key attack surface could be an attack on ADRAS-J via the rocket stage. To provide telemetry back to the ground station during launch operations, the rocket upper stage may have contained communication components that are in varying stages of operability and almost certainly unmonitored by the ground for unauthorized access. A threat actor could utilize this communication link to conduct an initial attack and gain unrestricted access to the rocket stage’s communications. With this accomplished, the actor could then work to gain access to the ADRAS-J satellite via the newly established node of operation, located around 50 meters from their target satellite. With such close proximity, the actors could launch continuous attacks that occur throughout the orbit and signals at much higher power than could be achieved from ground antennas.

To mitigate these attack surfaces, Astroscale should have included adequate electromagnetic shielding and COMSEC controls to deny adversaries access to the processors and memory components. Additionally, they should establish secondary communication paths that can be utilized during jamming events to allow for continued operations. Although these countermeasures may be too late to include on the ADRAS-J mission, the operators can utilize safe RPO planning to ensure that any loss of communications or positioning will result in the satellite safely passing by the rocket body, ensuring that any planned maneuvers wouldn’t result in a collision if a command or positioning message isn’t received in time.

Failure to account for cybersecurity vulnerabilities in future space debris clearing operations could result in more debris being created due to loss of spacecraft control. It is imperative that future operations consider all potential attacks and develop and implement adequate safety measures and countermeasures to mitigate these risks.