Cal Poly releases Imagineering Report to anticipate scenarios for outer space cyberattacks

June 17, 2024
With the project’s ICARUS matrix—an acronym for “Imagining Cyberattacks to Anticipate Risks Unique to Space”—more than 4 million unique scenarios can be generated in considering a much wider range of threats.

The Ethics + Emerging Sciences Group today released its 95-page report on the increasing threat of cyberattacks on space systems. Funded by a $300,000 grant from the National Science Foundation, the report is the first to provide a framework for imagining novel scenarios, which helps to more effectively plan and avoid being taken by surprise.

The report comes after the wake-up call for outer space cybersecurity in 2022 when, as a prelude to invading Ukraine, Russia hacked the satellite-internet equipment of Viasat to disrupt communications, create confusion, and prevent a coordinated response to its attacks. This marked the first true “space war” in which both sides relied on space systems in its military operations.

The project fills in key gaps in space cybersecurity discussions which typically consider only a couple of generic scenarios, namely something vague about satellite hacking and signals spoofing or jamming. With the project’s ICARUS matrix—an acronym for “Imagining Cyberattacks to Anticipate Risks Unique to Space”—more than 4 million unique scenarios can be generated in considering a much wider range of threats.

“Hackers are already thinking very creatively, and our project applies structure to the dark art of anticipating those cyber threats—a method to the madness. This helps defenders to avoid tunnel-vision and stay ahead of would-be attackers,” explained Patrick Lin, the project’s principal investigator and director of the Ethics + Emerging Sciences Group. He also serves on the National Space Council’s Users’ Advisory Group.

Unlike other taxonomies of cyber vulnerabilities, the ICARUS matrix also captures the diversity of threat actors, their motivations, their victims, and the space capabilities affected. These help to establish the core elements of a full scenario—answering the who, what, where, when, why, and how questions.

The report offers a starting list of 42 novel but plausible scenarios to start priming the “imagination pumps” of researchers. They range from the near-term to the distant future, including scenarios about:

  • Insider threats
  • AI vulnerabilities
  • False-flag attacks
  • Eco-terrorism
  • Ransomware during a launch
  • Faked evidence of ET life
  • Hacked 3D printers that create built-to-fail parts
  • Asteroid mining
  • Martian settlements
  • Space pirates

Because it’s important to understand a problem in order to solve it, the report also explores the drivers of space cyberattacks. Those seven contributing factors are related to:

  1. The new space race
  2. Remoteness of outer space
  3. Space debris and sustainability
  4. Complexity of space systems
  5. Lack of clarity in both cyber and space law
  6. Economic and political advantages of cyberattacks
  7. Outsized stakes involved in space security.

For instance, the threat of space debris is shared because all space assets are equally vulnerable to catastrophic damage from a collision. This common interest to reduce space debris should push rational states and actors to avoid kinetic conflicts in orbit, which suggests that cyberattacks would be the dominant form of space conflicts, not physical battles.

The full report can be accessed at https://spacecybersecurity.org. The other Cal Poly co-authors are Keith Abney, Bruce DeBruhl, Kira Abercromby, Henry Danielson, and Ryan Jenkins, who have expertise in technology ethics, military ethics, aerospace engineering, and cybersecurity.