As conflict escalates, a combatant country will likely find its normal military resources strained far beyond the norm, perhaps being asked more than they can physically support. The United States has mechanisms in place to absorb this additional demand, such as the Civil Reserve Air Fleet (CRAF).¹ Members of the CRAF are contractually committed to provide airlift services for the Department of Defense should its needs exceed the capabilities of its existing fleet. The United States is now pursuing a similar framework to establish resiliency in its space-borne cybersecurity infrastructure by establishing the Commercial Augmentation Space Reserve (CASR), as explained in a June 2024 Wired article.²

Under the CASR construct, private sector satellites and their associated infrastructure would be embedded in military units, being used intermittently for training exercises until they are “called up” in an actual wartime crisis. An earlier Space News article³ highlighted that this initiative, already several years in the making, is entirely voluntary for applicants that can prove they have the capacity to meet Department of Defense requirements. According to Space News, the benefits flow both ways: “Incentives extend beyond financial rewards. Companies would gain access to threat intelligence, a valuable asset in a rapidly evolving space landscape.”

The Wired article notes how there will inevitably be difficulties in integrating the two supply chains, and commercial companies will be faced with the challenge of meeting stringent Department of Defense standards that may not have direct parallels in the commercial sector. However, the article does highlight how commercial capabilities have surpassed those of the legacy Department of Defense incumbents on many occasions.

The Cyber Opportunity

First, the upside of this effort, if properly executed, is undeniably vast. America’s space cyber infrastructure gains robust new technologies, builds resilience through a diversity of approaches, and more companies get access to threat data that may help turbocharge their efforts to create ever more capable technologies. While there will likely be numerous unforeseen challenges in trying to bridge the gap to military standards for commercial technologies that were not designed with them in mind, there is potential for this to be a forcing function to put some dedicated effort into a unified standard for space cybersecurity.

The Cyber Challenge

On the flipside, as companies get these valuable insights into threat technology, that also means that the National Security enterprise may be opening itself up for more of its critical information to leak to unintended end users. As more disparate technologies get linked together in the greater cyber infrastructure, more entry points are opened, creating a dangerously large surface area for attack if the enterprise is not properly segmented. The article highlights that cyberattacks are particularly pernicious in some respects than kinetic antisatellite weapons because they “can be carried out in ways that are cheaper, quicker, and more difficult to trace.” Is the U.S. setting itself up to lose everything it gains in resilience through diversity due to missteps in opening itself up to a wider array of attack vectors?

Of course, this goes both ways—companies don’t want their equipment to be vulnerable either, so this may again provide a forcing function to establish effective unified cyber standards that extend from the Department of Defense and into the private sector as discussed earlier. This continues the delicate dance that has prevented openness between commercial space companies thus far: codifying best practices and lessons learned requires them to open up about the hard-learned lessons from past incursions, something that opens them up to embarrassment or perhaps loss of proprietary information. Perhaps their inclusion in this partnership with the Department of Defense may provide the third-party bridge necessary for this information to be shared more effectively while also maintaining some level of confidentiality on the level of individual participants.

Sources

1. Wikipedia, “Civil Reserve Air Fleet,” https://en.wikipedia.org/wiki/Civil_Reserve_Air_Fleet, accessed 30 June 2024. ↩︎
2. Sharon Lemac-Vincere, “The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyberattacks,” Wired, https://www.wired.com/story/space-cyber-attacks-security/, written 29 June 2024, accessed 30 June 2024. ↩︎
3. Sandra Erwin, “Pentagon to forge deeper ties with space industry in ‘first-of-its-kind’ program,” Space News, https://spacenews.com/pentagon-to-forge-deeper-ties-with-space-industry-in-first-of-its-kind-program/, written 19 May 2024, accessed 30 Jun 2024. ↩︎