Frontier Foundry's RFI Response for the White House Office of Science and Technology Policy (OSTP) Draft: "National Plan for Civil Earth Observations" 🌐
Key Highlights:
- The increasing complexity of the LEO environment fundamentally changes the risk profile of space services and the resilience of future satellite launches.
- Cybersecurity should be a central principle of the Civil Earth Observation Plan in alignment with existing space policy.
- Artificial intelligence holds the key to a more secure and resilient space domain in the face of increased complexity and cyberattack threats.
Executive Summary
As the commercial space industry grows, so does the range of capabilities on orbit assets provide to Earth. Advances in emerging technologies are making activities in space possible that were never conceived of by previous generations and an entirely new economy developed as a result. With new commercial actors in the domain bringing fresh investment and innovations, the number of space assets in low Earth orbit (LEO) is growing. These assets are democratizing the space domain and providing access to communities and individuals that could never before access space-based tools or data. We saw how crowd-sourced Earth observation data and analysis provided new insights into Russia’s brutal invasion of Ukraine changing the world’s perspective on the conflict. Similar tools are providing new insights into the effects of climate change on the U.S. and our planet. These capabilities are critical to a society living in a world of emerging technology and rampant disinformation.
As we work to mitigate the climate crisis, consistent and reliable access to our Earth observation capabilities is paramount. Consistent with Initiative A: Sustained Observing and Monitoring System Capacity – Earth observations as a reliable enabling infrastructure, ensuring the availability of observations and derivative products over long timescales, Frontier Foundry provides comments below concerning the importance of including cybersecurity and risk analysis priorities into the Plan. The focus of the Plan remains unchanged and issues such as climate change and equity will remain central to the Plan, however, currently a gap exists that could have ramifications to the overarching goals and desired end state of the Plan. Without sufficient prioritization of cybersecurity and risk analysis, Initiative A will be directly threatened and with it several of the stated goals. The security and risk issues cut across the entire Plan and enable a reliable and equitable Earth observation capability for the benefit of all.
Three fundamental issues underpin all activities in LEO regardless of the function or mission of the asset: complexity, security, and resilience. These three elements comprise the essential framework for understanding risk and assuring operational continuity for space assets. Through this framework, FF provides comments to the Plan focusing on Initiative A and on the use of artificial intelligence (AI) as a tool to better understand and mitigate risk in space. Earth observation capabilities bring essential information to critical scientific study, such as climate change, and make the world better informed on a multitude of issues. The innovation driving the availability and quality of Earth observation satellites is enabled by an economic demand for services that is itself contingent on the domain’s ability to remain safe and secure for continued operations. The Plan should include specific language based around complexity, security, and resilience as guidance on achieving its more specific goals. Looking through this lens will reveal issues like cybersecurity, which is not mentioned in the Plan. It also reveals a direct need for a new means by which we can de-risk the space domain for the benefit of continued operations and peaceful use in pursuit of the study of our planet and people.
FF is proud to contribute to this important work and looks forward to additional opportunities to work with OSTP on this issue.
Framework
- Complexity
- Security
- Resilience
What had once been the exclusive domain of a small number of wealthy governments and a handful of contractors became an open area for commercial activities with hundreds or thousands of players. Complexity of activities in space rose exponentially as the number of operational satellites on orbit surpassed 6,700 in 2022 with no signs of slowing. Orbital debris threatened life and equipment in LEO and powerful militaries began to show their abilities to threaten satellites. Framing the discussion about the continuity of Earth observation satellites should begin with complexity. Between the large debris fields, rapidly expanding satellites and satellite constellations, and other random pieces of debris, the space domain is a physically more complex place. Adding to that complexity is the increasing number of actors in the domain. It is not sufficient to simply count the number of launch providers but also the number of companies sending assets into orbit and the additional companies that are manufacturing components of those systems. Further, space is increasingly viewed as a contested military domain adding another element of compounded risk that was not present in previous decades.
A downstream impact of complexity is the potential for security compromises that was previously a minimal effect. Many of the legacy orbital systems still operational today do not encrypt their uplink or downlink data presenting an almost laughably simple target for malicious cyber actors. The complexity of the individual systems themselves now include software that is vulnerable to attack while on orbit or before launch. The impact of an attack against an Earth observation satellite may go much further than simple denial but instead be a data poisoning attack where scientific papers are published with false data. The impact to public trust in these systems could be devastating and undermine the entire purpose of the Plan if not addressed as a strategic priority.
Finally, we live in an era where attacks or system failures are expected. We can mitigate but not eliminate risk and as such, our systems must be resilient to any number of potential situations. Resilience is closely tied to complexity and security and should govern how we design and operate our space assets. To do so, we have to understand complexity and identify where the risks really are. We need to build tools that can analyze and identify risks that humans alone may miss. This is where AI holds promise and should also be prioritized in the Plan. It is always important to use AI with ethical principles, but it is equally important to use powerful Earth observation capabilities ethically. AI should be prioritized as a way to de-risk growing complexity in furtherance of the Plan.
Cybersecurity and Trust
The 2021 hack of American company Viasat at the opening of Russia’s invasion of Ukraine brought the cybersecurity for space issue to the fore in national security and space conversations. Technically, Russian actors hacked routers and modems on Earth and not the vehicle on orbit itself, but it still constitutes an attack on a ground segment that disrupted the satellite’s service across large geographic regions. This serves as a perfect case study for how Earth observation could be disrupted through a cyberattack. Attacks could originate in the design and development phases before a satellite ever leaves Earth. Other attacks could target the ground segment, command and control, uplink, downlink, or the user interface. In the case of Earth observation, full denial of satellite service or data is not the most devastating effect. Worse would be an adversary that gains access to the satellite data or user interface and provides false outputs through data poisoning or otherwise corrupting critical functions of the satellite. If an Earth observation satellite was so attacked, the users on the ground may be none the wiser and carry on as if there are no problems. However, all their output is based on false information and could impact multiple downstream decisions and operations.
Today’s space assets have complex software systems, ground segment connections, and potentially millions of users on the ground. NSpC recognized this threat when it published SPD-5, Cybersecurity Principles for Space Systems, in September 2020.
SPD-5 set, and continues to stand as, the standard for principles for building cybersecurity into satellite systems. According to the document
Space systems are reliant on information systems and networks from design conceptualization through launch and flight operations. Further, the transmission of command and control and mission information between space vehicles and ground networks relies on the use of radio-frequency-dependent wireless communication channels. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy satellites.
This quote is true of satellites regardless of their mission or intended use and should be considered when discussing Earth observation capabilities. The Plan should be amended to prioritize the cybersecurity of Earth observation assets consistent with SPD-5 and aligned with the intent and ends state of the Plan.
“Consistent with the National Space Policy of the United States and Space Policy Directive 5, the National Plan for Civil Earth Observations recognizes the importance of cybersecurity for all space assets including Earth observation capabilities. To realize the vision of this plan, cybersecurity will be viewed as a cross-cutting priority to ensure continued, reliable, and trustworthy access to Earth observation data.”
Satellite Risk
Use of satellite capabilities is truly a cross-sector issue as space data proliferates across the missions of industries, governments, and nations. Space capabilities are more integrated into vital Earth services and functions such as critical infrastructure. The extent and depth of integration of space assets into cross-sector mission areas is neither fully understood nor easily analyzed in the event of a disruption. With so many satellites providing services to so many consumers on Earth, there is inherent risk in using and depending on satellite data for any individual or organization. For an issue like climate change that benefits so greatly from Earth observation capabilities, it is vital for the spirit and intent of the Plan that the risk of disruptions and of dependencies is understood for those using the output of Earth observation assets. This risk analysis is essential to a holistic analysis of any problem using data that originates from space assets. Given the level of complexity and the need for rapid risk analysis, AI can be applied to give operators a better picture of the risk to their respective satellite or constellation.
The use of satellite data by any organization should include a risk analysis of the on-orbit assets that provide that data. This analysis shows the operators and the ultimate consumers of the data what a denial or disruption of the satellite would mean for their individual missions and for others that use the same data. Given the wide range of potential risks with an ever-growing number of satellites, the use of AI to de-risk an inherently risky domain will be critical for the continued safe operation of any number of satellites on orbit, to include Earth observation capabilities.
Initiative B calls for the promotion of ethical AI and machine learning (ML) to ensure algorithms are developed with diversity and inclusion principles to ensure that data does not skew away from minority groups. The ethical use of AI and other technologies should always be the foundation of their use. Development of ethical use principles should extend beyond simply AI and encompass the use of Earth observation capabilities. The ability to obtain satellite imagery from any number of sources quickly and cheaply has significant potential for abuse regardless of whether AI is used. AI can, in fact, be used to detect inequity, skews in data, or abuse of capabilities to de-risk their use in line with the Plan. AI ethics are important, but the Plan currently limits those principles to AI and should instead develop ethical use principles from the use of Earth observation capabilities across the board and integrate AI to detect inequitable or abusive behavior.
Conclusion
The Plan seeks to ensure the continued availability of Earth observation capabilities largely to fuel scientific discovery and progress in critical research areas like climate change. FF fully supports the spirit and letter of the plan. In support of the stated goals, FF recommends the end goals be viewed through the framework of complexity, security, and resilience. The space domain is changing constantly, and new levels of risk are present for Earth observation satellites as much as others. The Plan should prioritize the security and resilience of Earth observation satellites and direct users to seek novel approaches to understanding complexity to mitigate risk. The use of AI to produce data-driven risk assessments will directly affect the envisioned outcomes of the Plan and will maintain the scientific integrity and public trust required to fully realize its goals.
Strategic documents that direct action and set priorities in space must consider the context in which they are written. Space is no longer a domain of mutual scientific discovery but is explicitly defined as a contested military domain by the US and its adversaries. The pace of launches is unlikely to slow and the potential for more debris increases each day. What is required for Earth observation assets to operate in that environment continuously, safely, and securely should be a core element of the Plan. The Plan should also be brought into alignment with standing space policy documents such as SPD-5 and the 2020 National Space Policy to ensure consistent application of previously prioritized issues. Earth observation is too important to leave to the better angels of Earthlings and should be protected as we would protect other assets on orbit.