Skip to main content
EventsExperts
representation of topic
PublicationsBrief
Technology11 November 2024

Looking to the skies: The importance of satellite cybersecurity

Brief by
Tom Barrett, a Research Associate for the Emerging Technology program at the United States Studies Centre

Tom Barrett

Research Associate, Emerging TechnologyUnited States Studies Centre

Executive summary

Between 7,5001 and 9,200 active satellites2 orbit the Earth every day. Yet, losing a single satellite can have more of an impact than ever before. Satellites are now integral components in our economies, governments and telecommunications networks; losing even a single satellite can have disastrous consequences. Case in point, in early 2022 a cyber-attack on one satellite, KA-SAT, cut internet access for more than 40,000 internet modems across Europe, taking offline thousands of wind turbines in Germany, impacting emergency services in France and leaving remote communities without any means of contact to the outside world.3

The cybersecurity of satellites is a well-documented but long-overlooked issue. This brief examines the Russian attack on KA-SAT and considers what Australia and the region can learn from this event, particularly as satellites become an increasingly vital component of regional communications networks. It also considers the role of satellites in broader digital connectivity as well as their complex supply chains and dual-use nature.

While there is no silver bullet to addressing cybersecurity flaws — including with satellites — there is a set of practices that countries should have in place to improve their resilience and responsiveness. This brief proposes the following steps for the Australian Government to undertake, including the Department of Home Affairs in coordination with the Department of Defence and other relevant departments:

  1. Encourage its allies and partners to follow its lead in adding satellite systems — as part of the space technology sector — to its set of critical infrastructure sectors, thereby mandating important cyber measures.4 While some of these measures are yet to be activated for satellites in Australia, overseas key allies like the United States and European Union have not yet designated satellites in their entirety as critical infrastructure (although some parts are captured by other legislation).
    a. Ensure the appropriate monitoring and assessment processes are in place to guarantee ongoing adoption of best practices. This can be included in contracts, requiring partners throughout the satellite supply chain to meet certain cyber standards and authorising monitoring mechanisms to ensure ongoing compliance.
  2. Ensure a ‘one is none’ approach to involving private-sector actors in defence satellite networks to build redundancy capability and spread risk in a manner that does not excessively increase exposure by offering additional attack surfaces for malicious actors.
  3. Expand threat intelligence-sharing networks between providers and agencies in national and international contexts, building on the Information Sharing and Analysis Centres (ISACs) used in other cybersecurity areas, to help thwart attacks and build best practices.
    a. The recent Memorandum of Understanding between the Australian Cyber Collaboration Centre with the Space ISAC5 is a welcome step. Space ISAC also counts US, Japanese, Israeli, Greek, French and UK government agencies amongst its partners as well as private-sector members. However, with the European Union also recently launching the EU Space Information Sharing and Analysis Centre,6 there is a need for coordination and collaboration between and amongst these different ISACs and their members to ensure rapid and expansive threat and information sharing. Cyber threats do not respect regional boundaries, and information-sharing mechanisms must be similarly flexible.
  4. Promote pathways for international intelligence sharing after cyber-attacks between governments and the private sector to improve preventative responses and allow for accelerated joint attributions against perpetrators. This can include improving the measuring and accounting of cyber harms and violence to evaluate the impact of different actors.
    a. Accelerate cyber attributions after events — including involving as many willing partners as possible to continue promoting responsibility and international norms, as well as adding pressure on malicious actors.
  5. Closely monitor the concentration and integration of satellite capabilities into large technology companies, particularly those used for defence purposes. Clearer contracts when using civilian technologies in defence contexts will be important to avoid some of the tension seen in Starlink’s use in Ukraine and to protect critical civilian satellite networks.

The attack on KA-SAT

In February 2022, just as Russian ground troops entered Ukrainian territory, a communications satellite that orbits the earth 36,000 kilometres above the equator7 suddenly stopped providing internet connections to more than 40,000 internet modems across Ukraine and Europe.8 This event was one of the largest satellite cyber-attacks in history and marked a significant moment in satellite cybersecurity, where a mode of communication was intentionally taken offline as part of a coordinated military strategy — Russia’s invasion of Ukraine.

How satellites work

Satellites, together making up ‘constellations’ or networks, underpin a number of fundamental, modern-day technologies. These include everything from the navigation and timing in smartphones and Google Maps to disaster responses, power grids and ATM transactions, as well as communications, such as in-flight entertainment and internet access for remote areas.9 The United States dominates satellite infrastructure (see Figure 1), with American owners or operators managing more than two-thirds of all recorded operational satellites.10 By comparison, Australian owners or operators make up a mere 0.2% of the global share of operational satellites.11

Figure 1. Country of satellite owner or operator (as of May 2023)

Source: Union of Concerned Scientists
Note: Figures are from an open-source database.

Advances in satellite technology have expanded the capabilities of and access to various satellite networks12 and led to their integration into broader technologies — including in defence and national security applications as backup communications channels13 — alongside individual and commercial uses. These innovations include the development of inter-satellite links where signals can be carried between satellites before being beamed back down to a ground station — allowing for a string of smaller satellites to send their signals further than was previously possible.14 Different satellites offer a range of benefits, challenges and functions, as set out in Table 1.

Table 1. Types of satellites

Sources: Inmarsat; International Telecommunications Union; EOS
Note: x. These functions can be covered by different satellite types, these are those most adept for each type.

At its launch in 2010, Eutelsat’s new KA-SAT communications satellite network — which sits in a geostationary high-Earth orbit (HEO) — promised to lower the cost of satellite-provided internet access for up to two million European customers.15 In the years following its launch the KA-SAT system amassed clients spanning government, commercial and individual users. However, on the morning of 24 February 2022, access to the KA-SAT satellite network, purchased from Eutelsat by American company Viasat in 2020, began to cut out. Approximately one hour after the outage started, Russia’s invasion of Ukraine began.16

The loss of internet connection impacted individual and corporate users in Ukraine and across Europe17 and marked one of the most prominent, large-scale attacks on a satellite network to date.18 In total, between 40,000 and 45,000 modems were taken offline,19 with users left with no way to reconnect — severing the only form of communications for some in remote regions.20 While Viasat “largely stabilized [the network] within hours,”21 the nature of the attack meant recovery times were significant. Due to the way modems were integrated into broader systems, for some customers the aftermath took months to be resolved. This included over-the-air updates, shipping replacement modems and manually replacing faulty modems, including restoring the capabilities of 5,800 wind turbines in central Germany whose modems were knocked offline.22 The attack also impacted critical first-responder services in France, including ambulance and firefighting services.23

KA-SAT coverage over Europe and the Mediterranean Basin (different colors show frequency reuse).
Source: Wikipedia

More than two years later, the degree to which the attack impacted Ukrainian military communications is still unclear. Shortly after the attack in early March 2022, Viktor Zhora, the deputy head of Ukraine’s State Service of Special Communications and Information Protection, was quoted saying: “It was a really huge loss in communications in the very beginning of war.”24 Media reported25 that the Ukrainian Government and military had contracts with Viasat for their satellite networks.26 However, Viasat emphasised that no government users were affected by the attack.27 Additionally, in an interview about six months later, Zhora contrasted his earlier statement, suggesting Viasat’s KA-SAT was only used as a ‘backup service’ for military communications. He noted that the attack “didn’t impact the process of coordination between forces and between state leaders and forces” on the day of the Russian invasion.28

In May 2022, following a month-long US-led diplomatic effort, the United States,29 alongside the EU,30 the United Kingdom,31 Australia32 and several other countries, publicly attributed the Viasat attack to the Russian Government. In particular, the UK’s National Cyber Security Centre stated that “the primary target [was] the Ukraine military” and Russia was “almost certainly responsible.”33 In both the UK and the EU statements, the timing of the attack was emphasised, noting it took place “one hour” before the Russian invasion, “facilitating the military aggression” or invasion of Ukraine in a manner that appeared to coordinate with the military’s actions.34 All four statements also emphasised that the attack had “spillover impacts into other European countries,” affecting those beyond the direct, intended targets.35

The nature of this attack and the response to it raise important considerations for policymakers and the communications industry, with satellites now a core part of the infrastructure that supports the modern digital economy, connects remote communities and provides vital interconnectivity.

Lessons for Australia

With satellites integrated into critical infrastructure across the globe, including in Australia, it is critical to seize all opportunities to improve their cybersecurity. As highlighted by the Volt Typhoon campaign where Chinese hackers have targeted US critical infrastructure,36 the vulnerabilities of these vital assets are a target for adversarial actors. As in all cases, including with satellites, cybersecurity is only as strong as its weakest link.

Growth in satellites and subscribers means increasing dependency and integration

As the uses for satellites have expanded from the bespoke provision of satellite television and GPS navigation to disaster response and competing with fibre-optic cables for internet streaming, the number of satellites and satellite users has boomed (see Figure 2). More than 7,500 operational satellites are estimated to be in operation, with thousands of launches planned for the future.37

Figure 2. Satellites by launch year and country (2009–2024)

Source: Jonathan McDowell
Note: * 2024 launches are only until October 2024.

The introduction of new players has led to a rise in constellations of low Earth orbit satellites (LEOs) under programs like SpaceX’s Starlink and Amazon’s soon-to-be-launched Project Kuiper.38 These constellations use a combination of mass launches and low latency — by virtue of their lower orbit and technical innovations — to make LEOs a competitive (if still costly) internet provider compared with high-end, fibre-optic connections. As seen below, since launching in 2019, Starlink’s fleet of LEO satellites (with a total of 7,010 launched)39 has achieved global coverage to service consumers in all seven continents — with more than four million customers globally in 2024.40 These trends mean that the internationally regulated orbital slots for satellites are becoming “increasingly crowded.”41

Starlink satellites in orbit over Australia and the Indo-Pacific, November, 2024.
Starlink satellites in orbit over Australia and the Indo-Pacific, November, 2024. Source: https://satellitemap.space/

Despite its low satellite ownership figures, Australia is a global leader in the use of satellites for broadband connections, making it potentially more exposed to satellite-related cybersecurity vulnerabilities. Australia sits third in total broadband satellite subscriptions (Figure 3a) and third in per-100-inhabitant terms (Figure 3b) among OECD member countries. At a conservative estimate, this means that one in every 296 Australians holds a satellite subscription, although further analysis suggests this is an underestimation.

Other estimates suggest that between the NBN-affiliated Sky Muster service (86,254 subscribers as of June 2024)42 and Starlink’s Australian customers (more than 250,000 in mid-2024),43 Australia has close to 300,000 users of broadband satellite services. Starlink has also signed partnerships in 2023 with local telecommunications companies, including Telstra44 and Optus,45 to provide an additional option for voice and broadband internet connection for those currently without optimal access in Australia.

Figure 3a. Total satellite broadband subscribers (2009–2023)


Figure 3b. Satellite subscriptions relative to population (2009–2023)

Source: OECD
Note: Rest of world captures all other OECD member countries noted in the data — other countries not included in this dataset may also have satellite subscribers.

Across the broader Indo-Pacific region, a similar story is playing out. Throughout Asia and the Pacific, only 21.6% of the population is within 10 kilometres of high-capacity fibre-optic cable infrastructure — the lowest of any region globally.46 Island nations without their own subsea cable or connections to nearby cables for internet, such as Norfolk Island, must rely on satellites for their communications. For others like the Philippines with its 7,100 islands and Indonesia with 16,000,47 satellites offer one of the most cost-effective approaches to addressing digital exclusion — with the former using them to connect key infrastructure like hospitals and schools.48 In Malaysia, Prime Minister Anwar Ibrahim waved “nitty gritty bureaucratic encumbrances”49 to support SpaceX’s Starlink, noting that: “I was just in one of the indigenous villages in the hills. To them, connectivity means Starlink.”50

For other countries, satellites offer redundancy in the event of a natural disaster. For example, after a volcanic eruption damaged subsea cables in 2022, Tonga lost connection to the world for more than a month — something satellite connectivity can help prevent.51 As the Asian Development Bank noted, the advent of increased LEO satellite constellations will suit regions like Southeast Asia, allowing for infrastructure that can service broad swathes of the region at a potentially lower cost than other cable-based solutions.52 Some estimates expect Southeast Asia to have close to 1.8 million subscribers for satellite communications by 2028.53

However, this level of uptake raises the stakes for future incidents. These satellite systems are often framed as designed for those that lack other internet connection options, such as fibre-optic connections or telecommunications towers, including in remote or inaccessible areas. As they become integrated into and integral to broader systems, the impact of any potential outage or attack is amplified and can render whole systems unusable. Australia has already experienced first-hand the impact of a satellite outage with Inmarsat I-4 F1 in mid-2023, which delayed crop seeding in farms and compromised maritime safety systems, requiring farmers to return to manual processes to sow seeds.54 With their growth in use and integration into broader systems, it is critical that satellite systems are also secure.

The cybersecurity of satellite infrastructure is concerningly weak

While various researchers have highlighted55 the ongoing cybersecurity vulnerabilities of communications satellite networks — from issues with network configuration56 and ground systems57 to onboard satellite firmware,58 a number of researchers59 and industry voices have noted that the KA-SAT attack was a “wake up”60 or “clarion call”61 for the industry, exposing the fact that satellite networks were now a target for malicious actors. The KA-SAT attack was specifically initiated by targeting vulnerabilities in the software of the ground station, which sends the signal up to the satellite itself.62 Following the attack, the US Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigations released advice for satellite communication providers about improving their cybersecurity.63 Notably, while LEO constellations with a larger number of smaller satellites have the benefit of redundancy simply by virtue of their numbers, research has still assessed them as having “largely insufficient protections against attackers.”64

A number of researchers and industry voices have noted that the KA-SAT attack was a “wake up” or “clarion call” for the industry, exposing the fact that satellite networks were now a target for malicious actors.

This issue of cybersecurity is an area of growing focus in Australia and internationally. Australia has experienced a spate of hacks and cyber-attacks65 in recent years, exposing the health, financial and personal data of millions of Australians.66 Simultaneously, with the spread of the internet, many systems have become homogenised, concentrating internet traffic and security with a few key players.67 This increases the impact that any single outage can have. This was highlighted by the recent global CrowdStrike outage, which affected 8.5 million computers worldwide,68 grounding planes, closing supermarkets and leading to New York City’s famous Times Square billboards going dark.69 It is estimated that the outage cost Australia around $1 billion alone.70 As the former CEO of the UK’s National Cyber Security Centre Ciaran Martin noted, such an innocuous (if impactful) outage offers a “glimpse” into the damage a proper, disruptive cyber-attack by a malicious actor — motivated by geopolitical, strategic or financial reasons — could cause.71

As satellites increasingly become part of the connectivity infrastructure of large enterprises across the globe — either as redundancy systems or to deliver particular services — they must be appropriately cyber-resilient. This is especially important as they are integrated into a nation’s critical infrastructure (such as hospitals or power grids), including as primary means of communication. The very process of integrating them into larger systems could help drive an uplift in their cybersecurity, through the adoption of best practices from other communications systems and being held accountable through more stringent regulations, like Australia’s Security of Critical Infrastructure Act 2018 (SOCI) that mandated consistent cybersecurity standards and obligations for providers across a range of sectors.72

Satellites face unique weaknesses

There is a particular need to tackle some of the unique weaknesses of satellite systems — including the fact that satellites are literally out of reach when it comes to making hardware changes or adaptations once they have been launched.73 Similarly, the sheer scale and complexity of each satellite, ground system and launch requires large supply chains and networks, again raising the likelihood of vulnerabilities being introduced.74 Indeed, in the case of the KA-SAT attack, the key vulnerability, a Virtual Private Network (VPN), was not managed by Viasat, but actually operated by Skylogic, a subsidiary of KA-SAT’s former owner, Eutelsat.75 It was precisely the complexity of the KA-SAT system that made it vulnerable.76 This is something that may only increase if satellite providers and users continue to diversify.

Satellite systems also tend to feature certain centralised management capabilities, meaning that one attack on a central piece of infrastructure can have far-reaching impacts across a whole system.77 In the case of the KA-SAT attack, it was not the satellite itself that was targeted but part of the ground system, before the satellite was used as a springboard to nullify tens of thousands of internet modems. The scale of the cybersecurity challenge is captured by one project from a team of academics at California Polytechnic State University to map space cyber-attack possibilities — their ICARUS matrix offers approximately four million unique scenario prompts of potential scenarios in which satellite infrastructure could be targeted.78

Increased sharing of satellite networks between civilian and defence clients makes them a target

While Viasat’s systems in Australia only serve government clients, the KA-SAT attack ignited greater public discussion of the complexities around dual-use satellites across the globe.79 As the KA-SAT situation highlights, government clients, which include the military, can share the same satellite infrastructure as civilian and commercial clients. This increases the possibility of infrastructure that provides communication for hospitals or helps manage power grids and assets (as was the case with KA-SAT)80 being targeted due to its simultaneous role in military networks. As one report highlighted, satellite network providers “inherit the threat models of their clients.”81

In late 2022, a Russian delegate to the United Nations reinforced this view, noting that commercial satellite systems used by militaries could be a “legitimate target for retaliation.”82 The primary example of this is the deployment of Starlink in Ukraine, which has provided both civilians and the Ukrainian military with communications support and internet access throughout the conflict. Alongside being the target of jamming efforts,83 the nuance over how the Starlink system is used — including whether it facilitates missile strikes by the Ukrainian military or simply offers communications channels and navigational support — was a hotly contested issue between its users and SpaceX’s executive.84

The risk of dual-use satellite systems being targeted will rise as the integration of commercial technology into military systems increases at pace. This is something the US Space Force has prioritised with its planned Commercial Augmentation Space Reserve85 and the use of open-source intelligence (OSINT), which harnesses commercial satellites for geospatial imagery.

Australia’s concentration in the satellite industry, paired with complex supply chains, heightens risk

As private-sector technologies are integrated into national security systems, a variety of considerations are necessary to avoid significantly increasing the exposure of the national security apparatus to risk. Former US Principal Deputy Director of National Intelligence Susan Gordon highlighted that, when working with private actors on national security capabilities, maintaining a principle of ‘one is none’ is key to mitigating risk.86

As private-sector technologies are integrated into national security systems, a variety of considerations are necessary to avoid significantly increasing the exposure of the national security apparatus to risk.

Notably, a small number of key players in the satellite industry supply communications satellite networks in Australia. Offerings for individual customers are limited to the NBN-affiliated Sky Muster and Starlink.87 In Australia’s commercial and government sector there is a little more variety, including O3b, and a small number of GEO satellite providers like Optus, as well as global players like Viasat.88 However, this concentration risk remains, potentially giving single actors, including those from the commercial sector, outsized influence over a key communications channel or component of government or military systems. This has been evident overseas, with the geopolitical interests89 of SpaceX’s management influencing the use of the Starlink satellite system in Ukraine — including reported “fencing” of access to Starlink,90 limiting its use to specific geographic areas that were reportedly not past the frontlines of Ukrainian positions.91 Over-reliance on any single commercial provider can give the private sector huge power, potentially compromising sovereign decision-making.

Some of the underlying ‘barriers to entry’ in the satellite market are shifting, as declining rocket costs lower the financial burden in relative terms for companies and countries to launch satellites.92 A diversity of satellite options from different providers could reduce the potential impact of any single system being taken offline. The same principle could be applied to the civilian context. In a conflict scenario, having multiple providers of satellite connection services for civilian use can improve coordination of emergency responses, and ensure greater coverage and bandwidth for communications. However, such diversification should not come at the expense of maintaining strong cyber standards across the array of satellite providers.

Accelerating cyber attribution response times is critical

Attributions for cyber-attacks by governments or companies often emerge months after the incident, given the need for technical investigations and the political risk of misattributions.93 This is despite efforts from recent US administrations to accelerate attributions and partner with other nations to hold those responsible to account.94

However, continued efforts to improve joint attributions — both in response time and partners involved — will be key to dissuading further attacks against critical technological infrastructure like satellites. The broader the participants in a joint attribution, the more robust the normative weight of the international framework for responsible state behaviour in cyberspace.95 In addition, continued improvement in information sharing between satellite providers — akin to the national practices in Australia to improve cyber resilience for the telecommunications and financial services sectors — will prove vital, including at the international level.96

Where space meets the sea: Why satellites are part of a bigger picture

As satellites become more prominent, it is critical to consider the role they play in the broader system of telecommunications and digital connectivity. Communications satellites are one of two conduits that can send internet signals across oceans and around the globe. The other conduit is subsea cables, which run along the bottom of the world’s oceans and deliver around 99% of the world’s internet.97 However, with growing concerns over the potential for subsea cables to be a grey zone target for sabotage,98 communications satellites present the only viable international, long-distance alternative to ensure connectivity in the event of cables being cut. In addition, the bifurcation of new subsea cable installations99 and fears around ‘cable spying’100 mean that satellites may well play a larger role as resilience providers for the global flows of data that underpin national economies, even when cables have not been physically damaged. While they carry far less volume than subsea cables, the role of satellites as an important backup system for international connectivity makes them critical to cyber resilience. If a country’s subsea cables are cut, satellites may offer the only avenue for international communications, simultaneously making them potential targets and vital infrastructure. Nations are already exploring satellite networks as an alternative for subsea cable internet connections — particularly small island nations, including in the Indo-Pacific.101

With growing concerns over the potential for subsea cables to be a grey zone target for sabotage, communications satellites present the only viable international, long-distance alternative to ensure connectivity in the event of cables being cut.

Satellites are part of the asymmetric power advantages held by large technology companies

The role of satellites in the broader digital connectivity ecosystem and the concentrated set of satellite suppliers also risks further entrenching the asymmetric advantage large technology companies have when it comes to owning and transmitting large volumes of data. Recently, a series of satellite cloud computing partnerships (see Table 2) have been announced, tying together the major operators of these two infrastructural components and those that also hold some of the most significant troves of data.

Table 2. Examples of major satellite-cloud computing partnerships

Sources: CNBC News; Microsoft; Viasat

This concentration is also evident within one major technology firm and a major player in the satellite industry that has yet to launch a single payload: Amazon. With ambitious plans to launch a LEO fleet of 3,236 satellites, Amazon’s Kuiper program102 would potentially be the biggest player in the LEO satellite industry by 2030, behind only Starlink.103 In particular, Amazon has stated that it will pair Kuiper with the most popular cloud computing service in the world with an estimated 32% of market share: Amazon Web Services (AWS).104

Two important implications emerge from marrying these burgeoning satellite networks with cloud computing in a more dynamic geopolitical context. First, these trends are helping drive an increase in the monopolisation of communications and computing infrastructure as large technology companies become more involved in the hardware that underpins their operations. Second, this further integrates satellite networks into the broader infrastructure and systems of large technology companies that provide enterprise solutions to companies across the globe. As an additional part of this broader system, their cybersecurity is now an important consideration, potentially even for those not directly using these satellite services. This concentration and integration of infrastructure is not bad in and of itself — and can offer important benefits and efficiencies. However, without appropriate oversight and policy controls, it risks giving technology companies unbridled power across a multitude of technological domains, further concentrating authority and risk in a select set of companies.

Policy recommendations: What’s next?

Satellites are not just a growing industry, but increasingly critical pieces of infrastructure that enable communications and underpin economic activity.105 They also offer important backup or redundancy capabilities in the event of natural disasters, attacks or sabotage. But they can only do so if they are secure. Drawing on the lessons of the KA-SAT attack, and the series of cyber-attacks against digital infrastructure more broadly, there is still significant work to be done. The cybersecurity of any system is only as strong as its weakest link.

While there is no silver bullet to addressing cybersecurity flaws — including with satellites — there is a set of practices that countries should have in place to improve their resilience and responsiveness as overall satellite use and greater shared use for civilian and defence purposes increases. In particular, the Australian Government (led by the Department of Home Affairs in coordination with the Department of Defence, Department of Foreign Affairs and Trade and other relevant departments), should encourage its allies and partners to follow its lead in adding satellite systems (as part of the space technology sector) to its set of critical infrastructure sectors,106 thereby mandating important cyber measures for relevant entities.107 While there are concerns that some of these measures are yet to be activated for satellites in Australia,108 with no assets currently defined under the SOCI Act,109 the situation overseas is even less developed.

In the United States, there is ongoing debate over whether satellites should be designated critical infrastructure.110 While some satellites are covered by other critical infrastructure designations (such as communications or information technology), ‘space systems’ are not yet designated critical infrastructure and are tangled up in broader conversations around the governance of space.111 The European Union faces similar challenges, with an ongoing debate over shifting space from ‘crucial’ to critical infrastructure.112

Beyond assigning satellites as critical infrastructure, governments should:

  1. Ensure the appropriate monitoring and assessment processes are in place to guarantee best practices.This can be included in contracts, requiring partners throughout the satellite supply chain to meet certain cyber standards and authorising monitoring mechanisms to ensure ongoing compliance.
  2. Ensure a ‘one is none’ approach to involving private-sector actors in defence satellite networks to build redundancy capability and spread risk in a manner that does not excessively increase exposure by offering additional attack surfaces for malicious actors.
  3. Expand threat intelligence-sharing networks between providers and agencies in national and international contexts, building on the Information Sharing and Analysis Centres (ISACs) used in other cybersecurity areas, to help thwart attacks and build best practices.
    The recent memorandum of understanding between the Australian Cyber Collaboration Centre with the Space ISAC113 is a welcome step (Space ISAC also counts US, Japanese, Israeli, Greek, French and UK government agencies amongst its partners as well as private-sector members). However, with the European Union also recently launching the EU Space Information Sharing and Analysis Centre,114 there is a need for coordination and collaboration between and amongst these different ISACs and their members to ensure rapid and expansive threat and information sharing. Cyber threats do not respect regional boundaries, and information-sharing mechanisms must be similarly flexible.
  4. Promote pathways for international intelligence sharing after cyber-attacks between governments and the private sector to improve preventative responses and allow for accelerated joint attributions against perpetrators. This can include improving the measuring and accounting of cyber harms and violence to evaluate the impact of different actors.
    a. Accelerate cyber attributions after events— including involving as many willing partners as possible to continue promoting responsibility and international norms, as well as adding pressure on malicious actors.
  5. Closely monitor the concentration and integration of satellite capabilities into large technology companies, particularly those used for defence purposes.Clear contracts when using civilian technologies in defence contexts will be important to avoid some of the tension seen in Starlink’s use in Ukraine and to not imperil critical civilian satellite networks where possible.

Malicious cyber actors give little attention to national borders or the distances between them and their targets. The same must apply when it comes to governments learning from major attacks, even if they occur on the other side of the world or target other systems. As satellites become a vital component of broader communications networks — especially in Australia and its region — improving the cyber resilience and security of these systems is of vital importance. Only by proactively learning from overseas incidents and attacks, coordinating with allies and partners to put the appropriate regulatory protections in place, and holding those responsible to account, can governments properly defend their systems.

Endnotes
  1. Union of Concerned Scientists, “UCS Satellite Database,” 1 May 2023. Available at: https://www.ucsusa.org/resources/satellite-database.
  2. Kate Irwin, “Starlink Satellites Make Up 60% of All Active Spacecraft in Orbit,” PC Mag, 3 May 2024. Available at: https://au.pcmag.com/networking/105054/starlink-satellites-make-up-60-of-all-active-spacecraft-in-orbit.
  3. Katrina Manson, “The Satellite Hack Everyone Is Finally Talking About,” Bloomberg, 1 March 2023. Available at: https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/.
  4. Cyber and Infrastructure Security Centre, “Security of Critical Infrastructure Act 2018 (SOCI),” Department of Home Affairs, Australian Government, 27 August 2024. Available at: https://www.cisc.gov.au/legislation-regulation-and-compliance/soci-act-2018.
  5. Space ISAC, “Australian Cyber Collaboration Centre Partners with Space ISAC,” 26 June 2024. Available at: https://spaceisac.org/australian-cyber-collaboration-centre-partners-with-space-isac/.
  6. European Union Agency for the Space Programme, “Introducing the EU Space Information Sharing and Analysis Centre,” 24 April 2024. Available at: https://www.euspa.europa.eu/newsroom-events/news/eu-space-isac.
  7. Jonathan Amos, “Ka-Sat net-dedicated spacecraft lifts off,” BBC, 27 December 2010. Available at: https://www.bbc.com/news/science-environment-12065466.
  8. Cynthia Brumfield, “Incident response lessons learned from the Russian attack on Viasat,” CSO Online, 16 August 2023. Available at: https://www.csoonline.com/article/649714/incident-response-lessons-learned-from-the-russian-attack-on-viasat.html.
  9. Maral Gérard, Michel Bousquet and Zhili Sun. Satellite Communications Systems: Systems, Techniques and Technology, Sixth edition (Hoboken, New Jersey: Wiley, 2020).
  10. Union of Concerned Scientists, “UCS Satellite Database.”
  11. Ibid.
  12. International Telecommunications Union, “Regulation of satellite systems,” February 2022. Available at: https://www.itu.int/en/mediacentre/backgrounders/Pages/Regulation-of-Satellite-Systems.aspx.
  13. Rebecca Connolly, “Space surveillance and AUKUS: The power of awareness,” Lowy Institute, 19 January 2024. Available at: https://www.lowyinstitute.org/the-interpreter/space-surveillance-aukus-power-awareness.
  14. Gérard, Bousquet and Sun. Satellite Communications Systems.
  15. Amos, “Ka-Sat net-dedicated spacecraft lifts off.”
  16. Foreign, Commonwealth & Development Office and The Rt Hon Elizabeth Truss, “Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion,” UK Government, 10 May 2022. Available at: https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion.
  17. Viasat, “KA-SAT Network cyber attack overview,” 30 March 2022. Available at: https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview.
  18. Manson, “The Satellite Hack.”
  19. Brumfield, “Incident response lessons learned.”
  20. Manson, “The Satellite Hack.”
  21. Viasat, “KA-SAT Network cyber attack overview.”
  22. ENERCON, “Over 50 per cent of WECs back online following disruption to satellite communication,” Windfair, 28 March 2022. Available at: https://w3.windfair.net/wind-energy/pr/40316-enercon-wind-turbine-wind-farm-satellite-communication-converter-disruption-remote-monitoring-scada-ka-sat-russia-ukraine-europe-access.
  23. Jurgita Lapienytė, “VIASAT hack impacted French critical services,” cybernews, 22 August 2022. Available at: https://cybernews.com/news/viasat-hack-impacted-french-critical-services/.
  24. Raphael Satter, “Satellite outage caused ‘huge loss in communications’ at war’s outset -Ukrainian official,” Reuters, 16 March 2022. Available at: https://www.reuters.com/world/satellite-outage-caused-huge-loss-communications-wars-outset-ukrainian-official-2022-03-15/.
  25. Matt Burgess, “A Mysterious Satellite Hack Has Victims Far Beyond Ukraine,” WIRED, 23 March 2022. Available at: https://www.wired.com/story/viasat-internet-hack-ukraine-russia/.
  26. James Pearson, Raphael Satter, Christopher Bing and Joel Schectman, “Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say,” Reuters, 12 March 2024. Available at: https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/.
  27. Viasat, “KA-SAT Network cyber attack overview.”
  28. Kim Zetter, “Viasat Hack “Did Not” Have Huge Impact on Ukrainian Military Communications, Official Says,” Zero Day, 26 September 2022. Available at: https://www.zetter-zeroday.com/viasat-hack-did-not-have-huge-impact/.
  29. Antony Blinken, “Attribution of Russia’s Malicious Cyber Activity Against Ukraine,” US Department of State, 10 May 2022. Available at: https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/.
  30. Council of the EU, “Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union,” Council of the European Union, 10 May 2022. Available at: https://www.consilium.europa.eu/en/press/press-releases/2022/05/10/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union/.
  31. Foreign, Commonwealth & Development Office and Truss, “Russia behind cyber-attack.”
  32. Marise Payne, Peter Dutton and Karen Andrews, “Attribution to Russia for malicious cyber activity against European networks,” Minister for Foreign Affairs and Minister for Women, 10 May 2022. Available at: https://www.foreignminister.gov.au/minister/marise-payne/media-release/attribution-russia-malicious-cyber-activity-against-european-networks.
  33. Foreign, Commonwealth & Development Office and Truss, “Russia behind cyber-attack.”
  34. Ibid. Council of the EU, “Russian cyber operations against Ukraine.”
  35. Blinken, “Attribution of Russia’s Malicious Cyber Activity”; Council of the EU, “Russian cyber operations”; Foreign, Commonwealth & Development Office and Truss, “Russia behind cyber-attack”; Payne, Dutton and Andrews, “Attribution to Russia for malicious cyber activity.”
  36. Cybersecurity & Infrastructure Security Agency, “CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity,” US Government, 19 March 2024. Available at: https://www.cisa.gov/news-events/alerts/2024/03/19/cisa-and-partners-release-joint-fact-sheet-leaders-prc-sponsored-volt-typhoon-cyber-activity.
  37. Union of Concerned Scientists, “UCS Satellite Database”; Chris Daehnick, John Gang and Ilan Rozenkopf, “Space launch: Are we heading for oversupply or a shortfall?” McKinsey & Company, 17 April 2023. Available at: https://www.mckinsey.com/industries/aerospace-and-defense/our-insights/space-launch-are-we-heading-for-oversupply-or-a-shortfall.
  38. Amazon, “Project Kuiper,” Amazon News, 2024. Available at: https://www.aboutamazon.com/what-we-do/devices-services/project-kuiper.
  39. Satellite Map, “Starlink,” 8 October 2024. Available at: https://satellitemap.space/?constellation=starlink#.
  40. Starlink is connecting more than 4M people with high-speed internet across 100+ countries, territories and many other markets.” X [formerly Twitter], 27 September 2024. Available at: https://twitter.com/starlink/status/1839424733198344617?s=61&t=Lk2m2nWD
    Hcu72n0QZxqQow
  41. International Telecommunications Union, “Regulation of satellite systems.”
  42. NBN Co, “Weekly Summary,” National Broadband Network – Rollout Information, 27 June 2024. Available at: https://www.nbnco.com.au/content/dam/nbn/documents/about-nbn/weekly-progress/2024/public-progress-data-20240627.pdf.coredownload.pdf.
  43. Starlink, “Starlink now serves high-speed internet to more than a quarter million active Aussie customers, connecting ~2.5% of homes across Australia!” X [formerly Twitter], 27 July 2024. Available at: https://x.com/Starlink/status/1816867256971980872.
  44. Loretta Willaton, “We’re working with Starlink to connect more people in remote Australia,” Telstra, 3 July 2023. Available at: https://www.telstra.com.au/exchange/we-re-working-with-starlink-to-connect-more-people-in-remote-aus.
  45. Optus, “Together Optus and SpaceX Plan to Cover 100% of Australia,” 12 July 2023. Available at: https://www.optus.com.au/about/media-centre/media-releases/2023/07/together-optus-and-spacex-plan-to-cover-100-percent-of-australia.
  46. International Telecommunications Union, “Infrastructure Connectivity Map,” 2024. Available at: https://bbmaps.itu.int/bbmaps/.
  47. Yuichi Shiga, “Satellite internet poised for big bang of growth in Southeast Asia,” Nikkei Asia, 9 July 2022. Available at: https://asia.nikkei.com/Business/Telecommunication/Satellite-internet-poised-for-big-bang-of-growth-in-Southeast-Asia.
  48. Michael Sheetz, “Astranis to bring satellite internet to 2 million people in the Philippines next year,” CNBC, 11 July 2023. Available at: https://www.cnbc.com/2023/07/11/astranis-satellite-internet-coming-to-the-philippines-next-year.html.
  49. Nicholas Gordon, “Malaysia prime minister convinced Elon Musk to invest in the country by freeing Tesla and SpaceX from ‘nitty gritty’ bureaucracy,” Yahoo Finance, 1 September 2023. Available at: https://finance.yahoo.com/news/malaysia-prime-minister-convinced-elon-112328242.html.
  50. Ibid.
  51. Edwina Seselja and Richard Ewart, “Tonga reconnects with outside world after data cable cut off by volcanic eruption, tsunami repaired,” ABC News, 22 February 2022. Available at: https://www.abc.net.au/news/2022-02-22/tongas-internet-cable-restored/100846976.
  52. Asian Development Bank, “Digital Connectivity and Low Earth Orbit Satellite Constellations: Opportunities for Asia and the Pacific,” 20 December 2021. Available at: https://seads.adb.org/report/digital-connectivity-and-low-earth-orbit-satellite-constellations-opportunities-asia-and.
  53. ABI Research, “Connecting the Unconnected: Utilizing SatCom to Close the Digital Divide,” 29 September 2023. Available at: https://www.abiresearch.com/news-resources/chart-data/satcom-subscriptions-in-southeast-asia/.
  54. David Claughton and Anna Conn, “Inmarsat I-4F1 satellite outage disables tractor GPS services for farming operations and some maritime safety,” ABC News, 18 April 2023. Available at: https://www.abc.net.au/news/rural/2023-04-18/inmarsat-i-4f1-satelite-outage-asia-pacific-gps-farms/102234678.
  55. Pietro Tedeschi, Savio Sciancalepore, and Roberto Di Pietro, “Satellite-Based Communications Security: A Survey of Threats, Solutions, and Research Challenges,” Computer Networks Vol. 216, issue 109246 (2022): 1–18.
  56. Ruben Santamarta, “Last Call for SATCOM Security,” IOActive, August 2018. Available at: https://ioactive.com/wp-content/uploads/2018/08/us-18-Santamarta-Last-Call-For-Satcom-Security-wp.pdf.
  57. Ruben Santamarta, “SATCOM Terminals: Hacking by Air, Sea, and Land,” IOActive, 2014. Available at: https://www.blackhat.com/docs/us-14/materials/us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land-WP.pdf.
  58. Johannes Willbold, Moritz Schloegel, Manuel Vogele, Maximilian Gerhardt, Thorsten Holz and Ali Abbasi, “Space Odyssey: An Experimental Software Security Analysis of Satellites.” In 2023 IEEE Symposium on Security and Privacy (SP) (2023): 1–19.
  59. Kevin Poireault, “Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites,” Infosecurity Magazine, 9 May 2023. Available at: https://www.infosecurity-magazine.com/news/takeaways-russian-cyberattack/.
  60. Manson, “The Satellite Hack.”
  61. Christian Vasquez and Elias Groll, “Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault,” CyberScoop, 10 August 2023. Available at: https://cyberscoop.com/viasat-ka-sat-hack-black-hat/.
  62. Viasat, “KA-SAT Network cyber attack overview.”
  63. Cybersecurity & Infrastructure Security Agency, “Strengthening Cybersecurity of SATCOM Network Providers and Customers,” US Government, 10 May 2022. Available at: https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-076a.
  64. Willbold et al., “Space Odyssey.”
  65. Tom Barrett and Miah-Hammond Errey, “Towards national cyber resilience: What to expect from the 2023–2030 Australian Cyber Security Strategy,” United States Studies Centre, 13 November 2023. Available at: https://www.ussc.edu.au/what-to-expect-from-the-2023-2030-australian-cyber-security-strategy.
  66. John Davidson, “Latitude breach now one of the biggest in Australian history,” Australian Financial Review, 27 March 2023. Available at: https://www.afr.com/technology/latitude-breach-now-one-of-the-biggest-in-australian-history-20230327-p5cvjr.
  67. James Purtill, “Why global tech meltdowns such as the CrowdStrike outage are the new normal,” ABC News, 25 July 2024. Available at: https://www.abc.net.au/news/science/2024-07-25/crowdstrike-global-tech-outage-cybersecurity-vulnerability/104127728.
  68. ABC News/Wires, “It could take up to two weeks to resolve ‘teething issues’ following CrowdStrike outage, Clare O’Neil says,” 21 July 2024. Available at: https://www.abc.net.au/news/2024-07-21/microsoft-says-crowdstrike-outage-affected-more-than-8-million/104123326.
  69. CBS News, “Times Square billboards go dark in Microsoft outage,” 21 July 2024. Available at: https://www.cbsnews.com/newyork/video/times-square-billboards-go-dark-in-microsoft-outage/.
  70. Nadia Daly, “CrowdStrike outage tipped to leave Australian businesses with damage bill surpassing $1 billion,” ABC News, 22 July 2024. Available at: https://www.abc.net.au/news/2024-07-22/crowdstrike-outage-bill-for-australian-business-may-be-1-billion/104127486.
  71. David Swan, “‘The next threat’: Former UK cybersecurity chief’s warning for Australia,” The Sydney Morning Herald, 13 September 2024. Available at: https://www.smh.com.au/technology/the-next-threat-former-uk-cybersecurity-chief-s-warning-for-australia-20240912-p5ka3d.html.
  72. Cyber and Infrastructure Security Centre, “Security of Critical Infrastructure Act 2018 (SOCI).”
  73. Patrick Lin, “To guard against cyberattacks in space, researchers ask ‘what if?’” The Conversation, 3 July 2024. Available at: https://theconversation.com/to-guard-against-cyberattacks-in-space-researchers-ask-what-if-232365.
  74. Ibid.
  75. Viasat, “KA-SAT Network cyber attack overview.”
  76. Andrea Valentino, “Why the Viasat hack still echoes,” Aerospace America, November 2022. Available at: https://aerospaceamerica.aiaa.org/features/why-the-viasat-hack-still-echoes/.
  77. Jessie Hamill-Stewart and Awais Rashid, “Threats Against Satellite Ground Infrastructure: A retrospective analysis of sophisticated attacks,” Workshop on Security of Space and Satellite Systems (SpaceSec) 2024, 1 March 2024. Available at: https://www.ndss-symposium.org/wp-content/uploads/spacesec2024-87-paper.pdf.
  78. Patrick Lin, Keith Abney, Bruce DeBruhl, Kira Abercromby, Henry Danielson and Ryan Jenkins, “Outer Space Cyberattacks: Generating Novel Scenarios to Avoid Surprise,” California Polytechnic State University, 17 June 2024. Available at: https://ethics.calpoly.edu/spacecyber.html.
  79. Cade Metz, Adam Satariano and Chang Che, “How Elon Musk Became a Geopolitical Chaos Agent,” The New York Times, 28 October 2022. Available at: https://www.nytimes.com/2022/10/26/technology/elon-musk-geopolitics-china-ukraine.html.
  80. ENERCON, “Over 50 per cent of WECs.”
  81. Clémence Poirier, “The War in Ukraine from a Space Cybersecurity Perspective,” European Space Policy Institute, October 2022. Available at: https://www.espi.or.at/wp-content/uploads/2022/10/ESPI-Short-1-Final-Report.pdf.
  82. Konstantin Vorontsov, “Statement by Deputy Head of the Russian Delegation Mr. Konstantin Vorontsov at the Thematic Discussion on Outer Space (Disarmament Aspects) in the First Committee of the 77th Session of the UNGA,” Permanent Mission of the Russian Federation to the United States, 26 October 2022. Available at: https://russiaun.ru/en/news/261022_v.
  83. Alex Horton, “Russia tests secretive weapon to target SpaceX’s Starlink in Ukraine,” The Washington Post, 18 April 2023. Available at: https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/.
  84. Joey Roulette, “SpaceX curbed Ukraine’s use of Starlink internet for drones -company president,” Reuters, 10 February 2023. Available at: https://www.reuters.com/business/aerospace-defense/spacex-curbed-ukraines-use-starlink-internet-drones-company-president-2023-02-09/.
  85. US Space Force, “U.S. Space Force Commercial Space Strategy,” Department of the Air Force, April 2024. Available at: https://www.spaceforce.mil/Portals/2/Documents/Space%20Policy/USSF_Commercial_Space_Strategy.pdf.
  86. Miah Hammond-Errey, “Intelligence, AI and AUKUS with former US Principal Deputy Director of National Intelligence Susan Gordon,” Technology and Security Podcast, 24 May 2023. Available at: https://www.ussc.edu.au/podcasts/technology-and-security-ts-podcast/technology-and-security-ts-podcast-intelligence-ai-and-aukus-with-former-us-principal-deputy-director-of-national-intelligence-susan-gordon.
  87. Emma Bradstock, “Best Satellite Internet Plans in Australia,” Canstar Blue, 13 October 2023. Available at: https://www.canstarblue.com.au/internet/best-satellite-nbn-plans/.
  88. Stephen Myers, “Satellite Services Comparison for Australian Businesses,” NBN Co, September 2022. Available at: https://www.nbnco.com.au/content/dam/nbn/knowledge-hub/documents/white-papers/lifting-the-digital-capability-of-australian-businesses.pdf.coredownload.inline.pdf.
  89. Metz, Satariano and Che, “How Elon Musk.”
  90. Alex Marquardt, “Exclusive: Musk’s SpaceX says it can no longer pay for critical satellite services in Ukraine, asks Pentagon to pick up the tab,” CNN, 14 October 2022. Available at: https://edition.cnn.com/2022/10/13/politics/elon-musk-spacex-starlink-ukraine/index.html.
  91. Alex Marquardt and Kristin Fisher, “SpaceX admits blocking Ukrainian troops from using satellite technology,” CNN, 9 February 2023. Available at: https://edition.cnn.com/2023/02/09/politics/spacex-ukrainian-troops-satellite-technology/index.html.
  92. Daehnick, Gang and Rozenkopf, “Space launch.”
  93. Manson, “The Satellite Hack.”
  94. Patrick Howell O’Neill, “The US is unmasking Russian hackers faster than ever,” MIT Technology Review, 21 February 2022. Available at: https://www.technologyreview.com/2022/02/21/1046087/russian-hackers-ukraine/.
  95. United Nations Group of Governmental Experts, “Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security,” United Nations General Assembly, 22 July 2015. [endorsed by consensus by the United Nations General Assembly A/RES/70/237]. Available at: https://undocs.org/A/70/174.
  96. Critical Infrastructure ISAC, “CI-ISAC,” 2024. Available at: https://ci-isac.com.au/index.html.
  97. Sophie Kesteven and Ann Arnold, “Underwater cables play a huge role in global communication, security and the world’s economy,” ABC News, 17 October 2023. Available at: https://www.abc.net.au/news/2023-10-17/geopolitics-of-submarine-cables-late-night-live/102956008.
  98. Hayley Channer, “Linking up with business on undersea cables: How Australia, the United States and Japan can better cooperate with the private sector on cables in a more contested Indo-Pacific,” United States Studies Centre, 18 March 2024. Available at: https://www.ussc.edu.au/linking-up-with-business-on-undersea-cables-how-australia-the-united-states-and-japan-can-better-cooperate-with-the-private-sector-on-cables-in-a-more-contested-indo-pacific; Sophie Hamel, “Australia’s role and opportunity in the contested arena of subsea cable networks,” United States Studies Centre, 8 December 2023. Available at: https://www.ussc.edu.au/australias-role-and-opportunity-in-the-contested-arena-of-subsea-cable-networks.
  99. Anna Gross, Alexandra Heal, Chris Campbell, Dan Clark, Ian Bott and Irene de la Torre Arenas, “How the US is pushing China out of the internet’s plumbing,” Financial Times, 13 June 2023. Available at: https://ig.ft.com/subsea-cables/.
  100. Joe Brock, “U.S. and China wage war beneath the waves – over internet cables,” Reuters, 24 March 2023. Available at: https://www.reuters.com/investigates/special-report/us-china-tech-cables/.
  101. Elizabeth Beattie, “Starlink lifts off in Asia as satellite internet race heats up,” The Japan Times, 18 August 2023. Available at: https://www.japantimes.co.jp/business/2023/08/18/tech/starlink-lifts-off-in-asia-as-satellite-internet-race-heats-up/.
  102. Amazon, “Project Kuiper.”
  103. Ramin Skibba, “Amazon Is Going to Fill the Sky With Satellites. Astronomers Aren’t Happy,” WIRED, 6 October 2023. Available at: https://www.wired.com/story/as-amazon-launches-project-kuiper-astronomers-debate-how-to-fix-a-satellite-filled-sky/.
  104. Amazon Staff, “Learn how Project Kuiper leverages AWS to provide secure connectivity from virtually anywhere,” Amazon, 28 November 2023. Available at: https://www.aboutamazon.com/news/innovation-at-amazon/amazon-project-kuiper-aws ; Synergy Research Group, “Cloud is a Global Market - Apart from China,” 21 August 2024. Available at: https://www.srgresearch.com/articles/cloud-is-a-global-market-apart-from-china.
  105. Charlotte Van Camp and Walter Peeters, “A World without Satellite Data as a Result of a Global Cyber-Attack,” Space Policy, Vol. 59, issue 101458 (2022): 1–9.
  106. Australian Government, “Security of Critical Infrastructure Act 2018,” 28 October 2023. Available at: https://www.legislation.gov.au/C2018A00029/latest/text.
  107. Cyber and Infrastructure Security Centre, “Security of Critical Infrastructure Act.”
  108. Melissa Tan and Joann Yap, “CyberSight 360: Is space the forgotten sector in critical infrastructure cyber security?” Lander & Rogers, March 2024. Available at: https://www.landers.com.au/legal-insights-news/is-space-the-forgotten-sector-in-cyber-security.
  109. Cyber and Infrastructure Security Centre, “SOCI Act 2018 for space technology,” Department of Home Affairs, Australian Government, 22 November 2023. Available at: https://www.cisc.gov.au/information-for-your-industry/space-technology/legislation-regulation-and-compliance/soci-act-2018.
  110. Nick Reese, “Space Critical Infrastructure: Breaking the Binary Debate and a Call for Space Council Action,” Space News, 26 September 2023. Available at: https://spacenews.com/space-critical-infrastructure-breaking-the-binary-debate-and-a-call-for-space-council-action/; Frank Cilluffo, Mark Montgomery, Sharon Cardash and Kelsey Shields, “Time to Designate Space Systems as Critical Infrastructure,” CSC2.0, 14 April 2023. Available at: https://cybersolarium.org/csc-2-0-reports/time-to-designate-space-systems-as-critical-infrastructure/.
  111. Nick Reese, “Space Critical Infrastructure.”
  112. Mark Holmes, “Debate Over Space as a Critical Infrastructure in Europe Takes Center Stage at Cysat,” Via Satellite, 24 April 2024. Available at: https://www.satellitetoday.com/cybersecurity/2024/04/24/debate-over-space-as-a-critical-infrastructure-in-europe-takes-center-stage-at-cysat/.
  113. Space ISAC, “Australian Cyber Collaboration Centre Partners with Space ISAC,” 26 June 2024. Available at: https://spaceisac.org/australian-cyber-collaboration-centre-partners-with-space-isac/.
  114. European Union Agency for the Space Programme, “Introducing the EU Space Information Sharing and Analysis Centre,” 24 April 2024. Available at: https://www.euspa.europa.eu/newsroom-events/news/eu-space-isac.