"It's part of modern warfare, it's nothing new – we've seen GPS spoofing in Ukraine since 2014," says Juliana Suess, research analyst and policy lead on space security, as part of the military sciences team at security thinktank the Royal United Services Institute (RUSI). "Jamming and spoofing directly targets the links between satellites and ground stations," she explains.
Even then, "a launch program alone does not guarantee the resources and precision required to operate a meaningful ASAT capability". But nations that do have ASAT capability are increasingly using these technologies to flex their muscles, even using live tests to destroy actual satellites.
China first destroyed one of its own satellites in 2007, attaching a kinetic energy weapon to a ballistic missile that targeted an ageing Fengyun-1C weather satellite. This led to concerns from other countries over both security and the prospect of space debris that could damage other satellites in orbit.
More recently, Russia has also been criticised for using anti-satellite weaponry to destroy one of its own defunct satellites in November 2021. This test used an anti-ballistic missile interceptor as an ASAT weapon, destroying the low-orbit satellite and creating a vast amount of space debris, even forcing astronauts aboard the International Space Station to take shelter as a precaution.
The US condemned the test as "dangerous and irresponsible" and warned that the debris will remain in orbit for years, even decades.
While no military has launched a missile at the satellite of another country, the way a number of different countries have demonstrated its potential – including the US – means that such attacks against satellites can't be discounted in a future conflict.
While doubtless an effective strategy, using a missile to blow up a satellite is very much a blunt approach. But using electronic warfare and cyberattacks could provide an attacker with an option that could be just as debilitating.
The University of Oxford's research paper states that "as space systems become increasingly interconnected and computationally complex, new concerns about the threat of cyberattacks have been raised." It goes on to add that they could "pose a structural threat to the long-standing peace in orbit".
According to the US Department of Defense, one of those threats is the People's Republic of China. An in-depth research paper into China's military power suggests space is on the agenda, with "electronic warfare" a part of that approach, as Beijing looks to develop technology "that can contest or deny an adversary's access to and operations in the space domain during a crisis or conflict". However, what this technology might look like isn't specified.
A successful cyberattack against a satellite could have significant consequences. Blocking communications with the satellite, could shut off vital communications and services for millions of people on the ground, for example. A cyberattack could even alter the course of a satellite in an attempt to disrupt or even permanently damage it.
"It does sound a bit 'Star Wars' to say, but if you were to take control over a satellite, you could make it do what you want it to – it obviously depends on the capability that satellite possesses," says Suess at RUSI.
"It could be something relatively simple, like completely shutting off communications links. Or you could expend limited fuel supplies, so a satellite becomes space debris. If you could make it tumble out of its orbit, you could make it collide with another satellite. Or you could destroy solar panels if you angle them correctly – the options are limitless," she explains.
Suess says many of these tactics would be complicated to pull off, especially due to the potential risk of inadvertently disrupting other targets.
"If the actor carrying out this attack is also a state actor, if you attack a satellite in a way where it collides with another satellite or becomes space debris, you could threaten your own space assets as well. Which is why I'd argue that the extreme end of the attack isn't feasible from a military perspective, if you're also using space," says Suess.
But while there could be rules and conventions that restrict governments from conducting full-scale cyberattacks against satellites run by other nations in space, the war in Ukraine shows that disrupting satellite communications is far from off the table.
Satellites aren't built to last forever, but they can be in orbit for a decade or even longer, which means – along with the often lengthy timescales of satellite and space programs – that many satellites might be using ageing technology.
That situation means that, if a cybersecurity vulnerability emerges, it could be there for the entire life of the satellite. And as space-connected technology becomes even more integrated into all our lives, that could be a problem if malicious cyber attackers find ways to disrupt or tamper with services.
It warned that the use of old IT equipment, the failure to update software with patches for removing known vulnerabilities, leaving potential weaknesses in supply chains and other factors are leaving satellite systems open to attack.
"I want to emphasize it's not really fair to say that it was their fault for not originally designing that into the security, because it wasn't a concern when that was originally designed," says Douglas McKee, principal engineer and director of vulnerability research for cybersecurity company Trellix's Advanced Research Centre.
Meanwhile as cyber criminals improve their capabilities, there's the potential they could look to the skies for new targets and opportunities.
Cyber criminals in space?
In what used to be an area that was the domain of governments, private companies are now making it easier to get into space. So at some point, could it become worthwhile for crooks to send up their own satellites?
"Would an attacker, if it allowed them to get a larger attack surface, pay half a million dollars to get either their hardware or themselves into space? It's a simple ROI calculation," suggests McKee. "If it cost me five hundred thousand dollars to do an attack but I get access to a new attack surface that's going to give me hundreds of millions of dollars – that cost benefit analysis is pretty reasonable," he says.
That means ensuring the computer systems and ground stations used to communicate with and control satellites, are secured.
"More broadly, think about constellations, not individual satellites. Most jammers will only work for a certain frequency, so if you have several satellites that all run with different frequency bands, that means if one of them is suddenly not working or compromised, you still have the others," says Suess.
"It's a similar thing for a cyberattack. If one of your ground terminals is compromised, but you have diverse networks of satellites and ground stations, that's less of a problem," she adds.
While the prospect of cyberattacks against a satellite might appear to be unlikely in the very near future, anything that's built with IoT connectivity can be accessed via the internet – and that could potentially include satellites. Having that in mind long before anything is launched into space is going to be key for the future.
"It just comes down to making sure that security architecture is baked in from day one. This is something we've learned in other areas of the computer industry and the security industry – and there's lots of processes and policies already that we can learn from," says McKee.