Meyer: Space systems are too important to leave unprotected against cyber attack

Canada has not designated space systems as part of the nation’s critical infrastructure, even though allies Australia, France, and the United Kingdom have done so.


While it may seem a cliché to say we live in rapidly changing times, this is especially true for our use of outer space. In the span of three years, we have seen a fourfold increase in orbiting satellites to over 9,000 active units. These numbers will continue to grow exponentially as “mega constellations” with tens of thousands of satellites are currently in the pipeline for launch. These satellites provide a wide array of services from broadband internet connectivity to remote sensing to the provision of positioning, navigation, and timing signals on which our societies have become increasingly dependent. It is not hyperbole to say that a “day without space” would be ruinous for national and global well-being.

In addition to the natural hazards satellites face in the challenging operating environment of outer space there are also man-made threats. These have become more prominent as geopolitical tensions have led to antagonism among space powers, and the development of anti-satellite weapons and other so-called “counter space capabilities.”

An attack vector of particular concern is that via cyber means. All elements of satellites—from the ground stations that control their movements to the on-board systems—are potentially vulnerable to cyber attack. A recent demonstration of such an attack was the Russian cyber operation against the Viasat telecommunications system that coincided with their invasion of Ukraine, and which seriously disrupted that country’s communication links (as well as those of neighbouring states).

In defending against malicious cyber activity, governments have tended to focus on damage and disruption to their terrestrial systems. The cyber security incidents that have become all too common and which attract the most attention are those directed against government or corporate entities. Whether perpetrated by states or criminals, these damaging attacks impact all categories of victims. In the face of this assault, the government is moving to enhance the nation’s cyber defences. A key legislative vehicle to upgrade Canada’s cyber resiliency is contained in the Critical Cyber Systems Protection Act, part of Bill C-26, currently under scrutiny in the House of Commons.

The draft legislation aims to enhance cyber security for a selected number of “vital services and vital systems” deemed critically important for national security or public safety. The legislation makes the establishment of a cyber security program mandatory, and requires reporting of cyber security incidents. These measures would help enhance cyber resiliency in the six areas designated as “vital services and vital systems.” These areas overlap to some degree with Canada’s 10 designated areas of “critical infrastructure.” Efforts to enhance our cyber defensive posture in areas of crucial importance are to be commended. However, conspicuous in its absence from these “vital services and vital systems” is the space dimension, the satellites enabling the functioning of many of these crucial systems.

To ensure that the nation’s space systems can benefit from the legislation, coverage should be extended to all space systems engaged in the delivery of these vital services.

Canada has not designated space systems as constituting part of the nation’s critical infrastructure, although several allies such as Australia, France, and the United Kingdom have done so. At present there is a bill in the United States Congress that would designate space as the “critical infrastructure.” There are divided views in the American space industry as to the desirability of having a new regulatory regime apply. The United States has already issued guidance—through the administration’s Space Policy Directive #5—specifically directing a robust cyber defence posture for all space systems. It has also established a government-private sector joint working group on “Space Systems Critical Infrastructure” overseen by the Cybersecurity and Infrastructure Security Agency.

Whether through expanded legislation or focused collaboration between governmental cyber security authorities and the space industry, it is imperative that action is taken to ensure that the highest standards of cyber defence are applied throughout Canada’s space sector. At a time of increasingly sophisticated and potent cyber attacks, we cannot afford to treat our space systems as if they were somehow out of reach of malevolent actors.

Paul Meyer is adjunct professor of international studies at Simon Fraser University, and a fellow of the Outer Space Institute.

The Hill Times