Guardians assigned to Space Delta 11 conduct a simulated mission planning session at Schriever Space Force Base in Colorado. Credit: Space Training and Readiness Command

Ambiguous Responsibility Weakens Space Sector Incident Response

Responsibility for defending satellites from cyberattacks remains unclear across a number of countries. The division of roles between space commands and cyber commands across military and commercial bodies differs, which leads to response delays and poor coordination. Research performed on France, Germany, the U.K., and the U.S. highlighted the various approaches to addressing threats and attacks, with differing levels of involvement from government and private sectors. The lack of defined roles is a significant security concern considering the increasing threats to commercial satellites that support military operations. France has a joint command structure led by French cybersecurity agency ANSI. France’s Cyber Command is responsible for managing defense and response, but the Space Command remains informed throughout the process. At the same time, the Space Command is responsible for vulnerability remediation and monitoring. Germany and the U.K. take different approaches. The Cyber and Information Domain Service is fully responsible for cyber-related activities and national response to attacks in Germany. The National Cyber Force in the U.K. handles cyber defense of military satellites, involving defense and intelligence agencies, while the U.K.’s private sector is completely responsible for commercial satellites. Finally, the U.S. Space Force oversees cybersecurity for military satellites, organized by several squadrons under Space Delta 6. However, during the Russian attack on Viasat, there did not appear to be a dedicated agency for incident response and coordination.

Incident response is one of the many important tasks in the realm of cyber security. This activity involves identifying an attack and planning and executing strategies to reduce damage, stop the attack, restore nominal operations, and identify any vulnerabilities that contributed to the attack being successfully initiated. Clear responsibilities are crucial for this process, especially considering the potentially massive scope of national and international cyberattacks on space systems involving both military and commercial assets. The lack of clear responsibility for defending against and remediating space system attacks poses significant risks operationally, economically, and for national security. When accountability is ambiguous, response times to threats can be delayed, increasing the damage caused during an incident. Delayed or ineffective responses could result in the loss of sensitive data, infrastructure and service outages, and weakened defense capabilities. The overlapping roles of military and civilian organizations complicate coordination as well. Different nations and their respective space and cyber defense agencies approach threat and incident response in different ways, assigning varying levels of satellite protection activities between space commands and cyber commands, potentially leading to inconsistencies in response strategies when cross-collaboration is required. As commercial satellite operators increase their support of government operations, shared responsibility between these sectors needs more deliberate clarification, since commercial operators may lack the defense capabilities to adequately respond to advanced cyber threats, while government agencies may lack insight and control over the commercial assets they rely on.

Werner, Debra. “Who’s in Charge of Preventing and Responding to Cyberattacks?” SpaceNews, 14 Oct. 2024, https://spacenews.com/whos-in-charge-of-preventing-and-responding-to-cyberattacks/.