Access to space technology and participation in national or international space programs is becoming a hallmark of major world powers. The former USSR and the United States displayed one of the earliest examples of this trend through the Space Race, as their competition to advance their capabilities in space was motivated by a broader ambition to establish dominance. Now, established and emerging powers such as the member states of the European Space Agency, Japan, China, India, and more have dedicated space agencies aimed at advancing scientific research and even engaging in human spaceflight. As another nation with a thriving technology industry, South Korea is now planning to apply those resources in a more focused way to space projects. KASA, the Korea Aerospace Administration, hopes to facilitate such projects. Having begun operations on May 27, 2024, its leadership has recently publicized a wide-ranging agenda for space projects and engaged with established agencies like NASA to discuss potential opportunities for collaboration (Foust, 2024).

One key benefit to this development from a cybersecurity perspective is the centralization and standardization of space efforts within Korea. The article notes that the launch of KASA is not the first engagement that South Korea has had with space, as other research centers and universities had previously conducted research and spearheaded their own projects (Foust, 2024). The variety of entities involved likely meant that inconsistent cybersecurity practices were followed, if any were followed at all. Each institution would have some flexibility in setting its own policies as well as enforcing them, so while some previous missions may have taken cyber risk into consideration and prioritized the development of a secure system, others may have disregarded it entirely. One central agency coordinating space missions is more likely to be able to set a cybersecurity policy and ensure that it is followed.

Realizing the benefit of centralization is only possible if cybersecurity is one of the top priorities of KASA. The initial research agenda and set of proposed missions, such as a lunar lander by 2032 and a Mars follow-up by 2045, are quite ambitious, and having publicly set those deadlines, there may be pressure to deliver a functioning product on time at the expense of keeping it secure (Foust, 2024). With such a new organization, living up to such commitments is key for establishing legitimacy and a track record, so it is possible that cybersecurity is a secondary consideration to them. Additionally, setting high standards in the first place may require consultation with companies and other national agencies with more experience to learn from their previous missions. Fortunately, the Korean monetary investment in space is expected to increase by 50% by 2027, and KASA leadership has already initiated contact and collaboration with NASA, so it is possible that KASA has the financial and informational resources to ensure secure systems (Foust, 2024).

The novelty of some of KASA’s proposed missions may create unknown unknowns, where the cybersecurity implications or requirements are just not understood at all at this time. One example is a Sun observation spacecraft stationed at L4, which has not been used by other organizations for space science missions. This spacecraft is intended to provide groundbreaking observations of the Sun (Foust, 2024). In designing the communication and data handling systems particularly, as with all aspects of the spacecraft, the engineering team must understand any new factors introduced by the novel location and what, if any, security impact they may have.

Finally, as KASA builds relationships, caution is warranted. While most nations do have genuine positive intentions in space, as do most companies, universities, and research groups, collaboration and providing access to or information about a system is always at least some level of risk exposure. More people knowing details about a spacecraft or even being able to access it directly increases the chance that someone with malicious intentions and the means to act on them is among that group. Additionally, as conversations surrounding supply chains show, increasing the number of entities involved with a system heightens the risk of unintentional disruptions as well. If multiple space agencies, companies, researchers, or schools are contributing parts to a spacecraft, the entire spacecraft is only as secure as the most vulnerable part. Attackers would only need to compromise a poorly protected part or subsystem to escalate access, and that risk increases with more participants in a mission. 

Works Cited:

Foust, J. (2024, July 21). South Korea’s New Space Agency outlines plans. SpaceNews. https://spacenews.com/south-koreas-new-space-agency-outlines-plans/