His Majesty’s Space Situational Awareness

LeoLabs Awarded Contract for U.K. Space Command’s Project Tyche

The contract of an undisclosed amount was announced on July 17, 2024, as reported by SpaceNews.1 In announcing the contract, LeoLabs touted it as a “first-step” in building a relationship with the United Kingdom’s Ministry of Defence and establishing itself as a credible provider of space situational awareness (SSA). Project Tyche, the supported constellation that will be monitored by LeoLabs, is part of a broader $1 billion program intended to provide the UK with low-Earth orbit (LEO) intelligence, surveillance, and reconnaissance (ISR) capability. While the article itself is relatively sparse in detail, the announcement of this award raises several interesting considerations in the realm of space cybersecurity.

Commercial-Military Partnerships

This partnership between the Ministry of Defence and LeoLabs conforms to the broader backdrop of defense departments around the globe increasingly relying on commercial providers outside the traditional prime defense contractors. This opens up numerous new capabilities in an increasingly vibrant marketplace, but also poses a challenge in adequately addressing security concerns as newer, relatively untested entrants become ever more entwined in defense networks. The UK is particularly interesting in this regard because it is a well-developed country with a mature military, and yet has relatively minimal homegrown space assets compared with the United States, Russia, or China. Having left the European Union and therefore falling outside the European Space Agency, the UK has been embarking on a journey towards greater self-sufficiency in the space domain. This can present either a pitfall or an opportunity…or perhaps a spot of both. On the pitfall side, opening up SSA to a foreign commercial entity opens up a particularly tricky attack vector, the specifics of which will be expounded upon in the next section. There is opportunity here, however. Viewed as a cautious, phased approach, this situation could provide a “blank slate” on which to establish sound security practices. Partnering with a U.S.-based company that has already demonstrated a solid track record in its relatively short-lived existence allows it to leverage lessons learned from a more mature spacefaring partner while building their own best practices.

Space Situational Awareness: Cyber Threat Vector

A 2019 paper presented to the 11th International Conference on Cyber Conflict highlighted a particularly nefarious cyber threat posed for SSA systems, which they deemed “the Cyber-ASAT.”2 The authors noted that, while traditional kinetic anti-satellite (ASAT) weapons are typically eschewed because of their limited accessibility and high threat of attribution (and therefore retaliation), cyberattacks are far more difficult to attribute, and may even escape notice entirely for a prolonged period of time. One such vector that they explored in depth was the manipulation of SSA data that could lead to a satellite either believing a conjunction (collision) event was imminent and therefore needlessly maneuver and waste its propellent (therefore reducing its useful lifetime), or to a satellite ignoring a real conjunction event, allowing the conjunction to occur while the satellite does nothing to avoid it. Both outcomes effectively disable the satellite without firing a single shot. The researchers were able to manipulate data in the Two Line Element (TLE) format that had been used with little or no modification since inception in the 1970’s. By limiting themselves to subtly manipulating existing TLE descriptions of space debris (based on the assumption that SSA systems could recognize the intrusion of completely new inserted TLE observations), they were able to employ such a Cyber-ASAT with an astonishing 90-percent success rate.

Defending Against Cyber-ASAT in SSA Context

There are some big-picture considerations that may aid in defending against this particular threat vector with regard to SSA architectures. Companies like LeoLabs provide their services to numerous end users, requiring them to gather and aggregate orbital observation data, process that data, and then distribute it to the end user. Attacks may be propagated at any point in this chain, and would not be limited to just modifying TLE data or whatever proprietary format LeoLabs employs. Countermeasures would be needed to guard against false data being gathered at the sensor level, against corruption of data at rest in whatever server architecture is employed to store data prior to processing and distribution, against manipulation of data during processing, and against corruption of data during distribution. Perhaps the most difficult challenge to overcome is attribution and determination of when data has been manipulated, as the researchers in the Cyber-ASAT study had significantly constrained their approach based on assumed detection countermeasures. Because, in this particular context, the UK is employing LeoLabs’ services in a “first-step” context, they should have time to red-team these various vectors before more widely exposing their space-borne assets in the future.

Sources

  1. Debra Werner, “LeoLabs to support UK’s Project Tyche,” SpaceNews, https://spacenews.com/leolabs-to-support-uks-project-tyche/, published 17 July 2024, accessed 21 July 2024. ↩︎
  2. James Pavur & Ivan Martinovic, “The Cyber-ASAT: On the Impact of Cyber Weapons in Outer Space,” 2019 11th International Conference on Cyber Conflict, https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8756904, accessed 21 July 2024. ↩︎