Source: Matthew Kleiman and Sonia McNeil for The Space Review
Secretary of State Hillary Rodham Clinton recently announced that the United States would join international efforts to develop an International Code of Conduct for Outer Space Activities. Space systems are “of vital interest to the United States and the global community,” Secretary Clinton observed, and the Code of Conduct is a step toward ensuring the “sustainability, safety, stability, and security” of outer space, which “irresponsible actors” have placed “at serious risk.”
The United States has warned it will not sign on to a Code of Conduct that “constrains our national security-related activities in space or our ability to protect the United States and our allies.” This statement is a reminder of the complexities of national defense in the space environment. Activity in space today is largely governed by treaties written in the 1960s and 1970s. Not surprisingly, these treaties were designed in response to the threats of their time: kinetic threats, like anti-satellite (ASAT) missiles and other physical means of attacking a spacecraft.
Space systems, however, are now vulnerable to a variety of new forms of attack. Broadly speaking, these emerging threats take two forms: non-kinetic, cyber-enabled attacks made possible by connecting satellite communications systems to the Internet; and kinetic, satellite-to-satellite attacks enabled by the proliferation of inexpensive nanosatellites that are easy to launch and hard to detect, particularly in high orbits.
Although individual threat vectors can for now be roughly grouped into “novel kinetic” and “non-kinetic” categories, both their consequences and the theater of conflict itself will cross domains. Space and cyber systems are “intertwined,” as Air Force Lt. Gen. Larry D. James, former commander of the Joint Functional Component Command for Space, recently observed. “[T]he opening actions of a conflict could take place in either medium,” Lt. Gen. James noted, “and, more than likely, the effects would be felt across both domains.”
The United States’ space security strategy and the international community’s norms of conduct must be calibrated accordingly. Deterrence should remain a key component of the United States’ approach in both outer space and cyberspace. Achieving deterrence in these realms is notoriously difficult, however. While the theories that informed Cold War-era deterrence will continue to be relevant, adapting to multi-domain threats also means reexamining certain strategic assumptions.
The Code of Conduct initiative offers the United States an important opportunity to begin engaging spacefaring nations in discussion. Some of the most vital—and challenging—conversations should focus on articulating “red lines” that are relevant to modern threats to space systems. Clear red lines in outer space will strengthen efforts to deter aggressive behavior and help policymakers and military commanders determine when defensive action is justified.
To be sure, red lines alone are not enough to achieve deterrence. Robust security in the space environment also requires the ability to detect and identify bad actors. Red lines and attribution are complementary components of space security, both strategically and technologically. The way the international community draws red lines may impact the development of technology built to enable attribution, for example. Clarity in one sphere informs progress in the other.
The difficulties of attribution are clear. Nevertheless, the spacefaring community should not miss the opportunity to advance space security by developing red lines. The discussion below examines emerging threats to space systems, discusses deterrence in outer space and cyberspace, and explores how effective red lines could be developed.
Emerging threats to space systems
Until fairly recently, an adversary attempting to disable a satellite system needed either to destroy the system’s ground station or to target the satellite itself, usually with an anti-satellite (ASAT) missile or a powerful Earth-based jammer. Generally, only well-financed and sophisticated state actors were able to acquire and deploy these weapons. As a result, it was possible to attribute responsibility for attacks with relative ease and certainty.
Connecting satellite systems to the Internet, however, has made them vulnerable to a variety of new forms of attack. Using the Internet to perform certain satellite communications functions allows would-be bad actors a variety of low-cost opportunities to access both ground stations and satellites. Almost any tech-savvy hacker is now a potential threat, and a successful hacker can do more than simply damage or destroy the satellite itself. The hacker can also deny, degrade, or counterfeit the satellite’s transmissions; access and leak imagery and other data collected by satellite sensors; or compromise other terrestrial or space-based networks used by the satellite. Without pervasive situational awareness and advanced technical attribution tools, perhaps complemented by other non-technical forms of information gathering, the attacker’s identity, affiliation, and location may never be known.
Space systems have already suffered both suspected and confirmed cyber- and other non-kinetic attacks from state and non-state actors. For example:
- In 1998, the US-German ROSAT satellite was disabled after it inexplicably turned toward the sun. NASA investigators later determined that the accident was linked to a cyber intrusion at the Goddard Space Flight Center. The attack is believed to have originated from Russia.
- In 2003, the Cuban and Iranian governments collaborated to jam Telstar 12, a US commercial communications satellite in geostationary orbit used to transmit programming by Voice of America to Iran.
- In 2005, the Libyan government jammed two telecommunications satellites, “knocking off air dozens of TV and radio stations serving Britain and Europe and disrupting American diplomatic, military and FBI communications.”
- In 2009, Brazilian authorities arrested 39 university professors, electricians, truckers, and farmerswho had been using homemade equipment to hijack UHF frequencies dedicated to satellites in the US Navy’s Fleet Satellite Communication system for their personal use.
- In 2010, the head of Iran’s state media company acknowledged jamming Persian-language satellite broadcasts originating from other countries.
- According to a November 2011 report to Congress by the US-China Economic and Security Review Commission, at least two U.S. government satellites, Terra EOS and Landsat 7, have “each experienced at least two separate instances of interference consistent with cyber activities against their command and control systems.” In the case of the Terra satellite, the hackers “achieved all steps required” to assume control of the spacecraft.
To date, all publicly reported assaults on space assets have originated on the ground. However, attacks can also be initiated from other spacecraft. A November 2010 article by the chief scientist of the US Air Force described a number of ways small satellites can disable space systems. Small satellites could, for example, be designed with “microwave-based directed-energy capabilities” that may be used to “degrade or destroy” target satellites. Actions short of physical destruction can also be damaging. Co-orbiting satellites, for instance, give attackers the ability to interfere with satellite uplink transmissions and launch other “proximity operations in support of counterspace efforts.”
Satellite systems can be protected from kinetic and non-kinetic threats in several ways. The satellite itself may be hardened against radiation, micrometeoroids, and orbital debris. Ground stations can also be physically reinforced to protect against natural disasters and kinetic attacks, equipped with high-power radio uplinks that are difficult to jam or overpower, and use other physical and cyber security controls. Communications signals may be encrypted, employ unique satellite-specific digital interfaces, and be spread across a wide band of the radio spectrum. To minimize disruption in the event that a single satellite or ground station is disabled, satellite networks may use multiple satellites and ground stations to provide redundancy.
Inevitably, these defenses are not perfect. They are also not enough. Despite the changing nature of space threats, however, many satellite systems are not built with sensors able to detect non-kinetic cyber attacks or technologically advanced sources of kinetic damage. Without specialized sensors, malfunctions caused by cyber attacks may be difficult to distinguish from failures with natural causes, such as solar radiation. It is also more difficult to detect malicious, co-orbiting nanosatellites. In short, inadequate sensors mean inadequate situational awareness. Inadequate situational awareness means vunerability.
The problem only worsens as orbit altitudes increase. For instance, consider the Department of Defense’s Space Surveillance Network (SSN). According to public reports, the SSN can detect objects measuring less than 5 centimeters in diameter in low-Earth orbit. In geosynchronous orbit (GSO), however, the network can only detect objects larger than 1 meter in diameter. A CubeSat-class (a 10-centimeter cube) approaching a communications satellite in GSO would therefore be undetectable by the SSN.
In short, while redundancy and other means of increasing hardiness against attacks are valuable, these measures have limited utility. Resilience allows space systems to survive when deterrence fails. It is not a deterrent in itself, except insofar as it might make an aggressor believe an attack would be ineffective and, hence, not worth pursuing. Moreover, even if perfect defense were technologically possible, it would be economically impractical. As a result, deterrence will and should remain a fundamental strategic objective in space.
Deterrence in outer space and cyberspace
Deterrence has been part of US national security strategy since the dawn of the Cold War. It remains fundamental to the protection of national interests in the space and cyber domains today. The United States’ 2010 National Space Policy, for instance, declares the United States “will employ a variety of measures to help assure the use of space for all responsible parties.” “[C]onsistent with the inherent right of self-defense,” the policy continues, the United States will “deter others from interference and attack, defend our space systems and contribute to the defense of allied space systems, and, if deterrence fails, defeat efforts to attack them.” Similarly, the 2011 Department of Defense (DoD) Strategy for Operating in Cyberspace states the DoD will “work with interagency and international partners to encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuade and deter malicious actors, and reserve the right to defend these vital national assets as necessary and appropriate.”
Effective deterrence in any theater requires red lines. Deterrence in cyberspace, however, is notoriously difficult. Deterrence in outer space is equally challenging. The convergence of the space and cyber domains, moreover, creates extraordinary urgency and strategic complexity.
The U.S. Air Force Space Command’s Schriever Wargame 2010 vividly illustrated the barriers to effective deterrence in outer space. The wargame simulated a global space and cyber war beginning in the year 2022. In the game scenario, a localized conflict quickly became global when the “China-like” adversary interfered with United States’ and allied forces’ cyber and space systems, degrading their air and naval operations. For defenders, “[t]he challenge of coming up with effective policies and strategies to deter attacks or limit their effectiveness was only too apparent.”
The lack of clear red lines contributed to this difficulty. In post-game discussions, Lt. Gen. James observed that open questions included, “What are the red lines in space? How does an adversary understand what our red lines are as we operate in the space domain? Is jamming a satellite a red line? Is destroying a satellite a red line?”
“If you don’t articulate those red lines to the adversary, they will never know when they get close,” added Col. Roger M. Vincent, commander of the Air Force Space Innovation and Development Center. “If they don’t know when they’re close, how can they be deterred?”
Without established red lines, military commanders are left unsure when defensive action is justified and unable to provide rules of engagement for the field. But, as is explained below, current space law does not clearly define red lines for non-kinetic threats.
Red lines and the International Code of Conduct
Red lines for kinetic threats, to the extent they exist, may be roughly summarized as follows: A spacefaring nation may operate freely in outer space as long as its spacecraft do not purposefully interfere with the spacecraft of another nation, except in self-defense. Red lines for non-kinetic threats are less plain, however.
Various sources of international law offer broad guidance on the boundaries of acceptable conduct for nations, including nations making peaceful use of outer space. Article I of the 1967 Outer Space Treaty, for instance, provides that outer space is “free for exploration and use by all States,” though Article IX of the treaty states that nations must conduct their activities in outer space “with due regard to the corresponding interests of all other States.” “Due regard” includes undertaking “international consultations” before proceeding with any activity that would cause “potentially harmful interference” with activities of other countries “in the peaceful exploration and use of outer space.” Article 2(4) of the United Nations Charter, in turn, provides that member nations must “refrain in their international relations from the threat or use of force.” Under Article 51 of the Charter, however, states retain the “inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations.” The United States’ domestic policy incorporates key concepts from international law. The 2010 National Space Policy, first introduced above, declares, “[p]urposeful interference with space systems, including supporting infrastructure, will be considered an infringement of a nation’s rights.”
With respect to non-kinetic threats, the definitions of “due regard” and “harmful interference” in the Outer Space Treaty and “purposeful interference” in the United States’ National Space Policy are murky at best. It is also unclear what constitutes an “armed attack” for the purposes of Article 51 of the UN Charter. It is generally understood that a direct attack on a spacecraft with an ASAT missile would qualify both as an “armed attack” and as “harmful interference.” But what about harmful actions short of direct, kinetic attacks?
In the cyber context, a 1999 DoD assessment framed this ambiguity as follows:
There is no way to be certain how [international law on the use of force] will be applied by the international community to computer network attacks… If we were to limit ourselves to the language of Article 51, the obvious question would be, “Is a computer network attack an ‘armed attack’ that justifies the use of force in self-defense?” If we focused on the means used, we might conclude that electronic signals imperceptible to human senses don’t closely resemble bombs, bullets, or troops. On the other hand, it seems likely that the international community will be more interested in the consequences of a computer network attack than in its mechanism.
Lt. Gen. Keith B. Alexander’s 2010 Senate testimony suggests that substantial uncertainty remains. As Lt. Gen. Alexander explained to the committee considering his nomination to head the new US Cyber Command:
There is no international consensus on a precise definition of a use of force, in or out of cyberspace. Consequently, individual nations may assert different definitions, and may apply different thresholds for what constitutes a use of force. Thus, whether in the cyber or any other domain, there is always potential disagreement among nations concerning what may amount to a threat or use of force.
In space law, as in the cyber realm, there is presently no international agreement on the appropriate legal treatment of non-kinetic attacks. State practice sheds little light on the question. For instance, despite a long history of interference by some countries with others’ space activities, such as through satellite jamming and debris-generating ASAT testing, Article IX of the Outer Space Treaty has never been formally invoked. But as Ambassador Gregory L. Schulte, then acting Deputy Assistant Secretary of Defense for Space Policy, observed, space is increasingly “congested, competitive, and contested.” In this context, it is both impractical and strategically unwise to assume nations’ past practice will endure.
To clarify current law and enhance space security, the drafters of the new International Code of Conduct should encourage international dialogue in two areas. First, the international community must eventually agree on a common definition of “harmful interference.” The definition of “harmful interference” set out in the Constitution of the International Telecommunication Union (ITU), an organization of which the United States is a member, offers one source of initial guidance. The ITU Constitution mandates that radio stations, including satellites, “must be operated in such a manner as not to cause harmful interference to the radio services or communications of other Member States.” “Harmful interference” is defined as “interference which endangers the functioning of a radionavigation service or of other safety services or seriously degrades, obstructs or repeatedly interrupts a radiocommunication service.”
Several of the ITU Constitution’s provisions and limitations prevent it from being ideally suited to the spacefaring community’s current needs. Most notably, the ITU Constitution applies only to radiocommunication satellites, not to all spacecraft. It also contains a broad carve-out for military operations, stating that member nations “retain their entire freedom with regard to military radio installations” and that such installations must prevent harmful interference only “so far as possible.”
Spacefaring nations could also benefit from a different definition of “harmful interference” than the ITU Constitution provides. One possible definition of “harmful interference” may be, for example,
A purposeful act that: (i) is reasonably likely to result in damage to or destruction of a spacecraft or in harm to personnel on board a spacecraft; (ii) endangers, degrades, obstructs, or interrupts the operation of a spacecraft; or (iii) accesses telecommunications, imaging, or other spacecraft systems without authorization.
Second, the drafters should identify and propose a non-exclusive list of red lines. This list should describe both kinetic and non-kinetic activities that could constitute harmful interference. These red lines would include a direct ASAT attack on a satellite, of course, but might also encompass acts such as a nation destroying its own satellite in a manner that creates long-lasting debris in a commonly-used orbit, or introducing a malicious software virus to another nation’s satellite through a hacked satellite ground station or a co-orbiting spacecraft.
The spacefaring community should also discuss red lines for threatening behaviors that, while short of a kinetic attack, would nonetheless justify defensive action. For example, the Code’s drafters could elaborate the circumstances in which a satellite approaching another satellite too closely would be considered to cross a red line, such as an approach made without providing identifying information or other advance notice. This model would roughly approximate international norms regarding vessels in international waters, which may take defensive action if another vessel approaches too closely in a threatening manner and does not give way or respond to requests for communication. Such a red line could be enforced by requiring satellites to transmit transponder signals similar to those used on aircraft and large commercial vessels.
In the end, though, the discussion itself will be as valuable as the red lines that emerge. By enabling nations better to understand each other’s interests and expectations, the spacefaring community as a whole can begin to prepare to meet novel, multi-domain challenges.
International agreement on the definition of “harmful interference” and a list of red lines would strengthen efforts to deter aggressive behavior in outer space. Clearly defined red lines would also help policymakers and military commanders determine when defensive action is justified under international law and allow aggressors to anticipate when their actions will provoke a response. Finally, these discussions may spur the development of helpful technologies to improve space situational awareness, increase trust and transparency among satellite operators, and permit attacker identification, as well as provide a foundation for later agreement on legal and technical attribution standards.
The International Code of Conduct initiative is an important opportunity to begin these discussions. It should not be missed. While establishing red lines in space will not alone fully deter potential attackers, the community of spacefaring nations must begin to engage these issues. Threats in space are evolving. So too should the law.
This article was originally published on March 5 by The Space Review. It is reposted with permission of the authors and editor. The opinion expressed in this article are those of the authors, and do not necessarily reflect those of the International Association for Advancement in Space safety and the International Space Safety Foundation, publishers of the Space Safety Magazine.