Space cyber wargame exposes satellite industry risks

A tabletop exercise tested how space industry leaders would handle a potentially devastating breach of a satellite’s ground control uplink.

Space industry executives grappled with a simulated crisis Monday as a hacker compromised a satellite and set it on a collision course with another, creating the possibility of a disastrous cascade of space debris.

The collision was averted — but the fictional scenario underscored the very real cybersecurity threats facing the space industry as the number of companies building and operating software-driven satellites has mushroomed. A new cyber threat information sharing group hosted the virtual tabletop exercise to educate attendees at a space technology conference about the importance of industry-wide collaboration to combat cyberattacks.

The Space Information Sharing and Analysis Center (Space-ISAC) said the results of the event — which played out at the American Institute of Aeronautics and Astronautics’ ASCEND space technology conference — will shape how the group builds its 24-hour watch center slated to open next year.

The wargame also helped to “practice and exercise the muscle movements that are required in order to execute this [information-sharing] mission,” said Space-ISAC executive director Erin Miller.

In the scenario, “Jessica,” a disgruntled former senior engineer at fictitious satellite operator Compromise, gains access to a shared computer drive at her former employer by socially engineering a friend who still works there. Exploiting this access, Jessica disables encryption on the ground control uplink for a Compromise satellite in low Earth orbit. She then sends it new instructions, placing it on a collision course with another satellite owned and operated by fictional competitor Perception.

The tabletop exercise highlighted vulnerabilities in critical space equipment as off-the-shelf enterprise software becomes the norm in an industry long dominated by boutique software and tailor-made installations.

The scenario was “developed by members of the space infrastructure community. … It’s very plausible and realistic,” said Andy Jabbour of Gate 15, a security company that helped stage the exercise.

Players were divided into paired teams — one playing Perception, one Compromise — a structure that enabled the scenario to unfold multiple times. About 30 participants provided three paired teams of players.

By drilling multiple pairs of players, “We get to see how those different teams work through it … we get more samples,” said Steve Lee, a game organizer from the American Institute of Aeronautics and Astronautics.

Beyond the Perception and Compromise teams, a group playing the role of the Space-ISAC watch center — called a white cell—injected new developments into the game by sharing bulletins with participants.

One player suggested that the teams should be further broken down to reflect specific roles during a cyber emergency. “Within any company, you have legal, you have operations — there are different equities,” he said. The ground rules of the exercise bar the identification of any of the participants except the organizers.

As the scenario unfolds, Jessica just wants to get back at her former employer, but her actions threaten to unleash an orbital armageddon.

As thousands of satellites are launched into real-world constellations like Starlink and OneWeb, the risk grows that a single collision could spark a disastrous chain reaction, as debris collides with additional satellites, in turn creating more debris. Such a cascade could end by destroying everything in orbit, a phenomenon known as the Kessler effect.

The danger was underlined this week when Russia destroyed its Cosmos-1408, a derelict signals intelligence satellite, in an apparent test of an anti-satellite weapon. U.S. officials said they were individually tracking more than 1,500 larger pieces of debris and monitoring hundreds of thousands of smaller pieces. U.S. Space Command said the debris “will remain in orbit for years and potentially for decades.”

In the Space-ISAC exercise, players had to decide how much information to share, with whom and when. “These are real tough problems that the Space-ISAC has to confront … cultivating trust, sharing critical information in a timely way,” said Lee. “What is public information? What is sensitive information? What would companies be willing to share with each other, for example, as Compromise tries to figure this out with Perception? How do those owner-operators behave and how do they respond to mitigating the threats?”