Stellar Deception: Disinformation’s Threat to Effective Space Incident Response

Over seven days in April 1970, Gene Kranz solidified his legend in the long history of legends at NASA. Kranz was the flight director credited with bringing the Apollo 13 astronauts home after a near-catastrophic equipment failure. Kranz’s quick and decisive thinking in the face of unclear and incomplete information led to a series of solutions to the right problems at the right moments, bringing the astronauts to a soft splashdown in the Pacific near a waiting USS Iwo Jima . However, imagine a scenario where Kranz was uncertain whether the information was actually coming from the crippled spacecraft, where he had even the slightest doubt in the veracity of the information he was receiving.  The Apollo 13 disaster occurred in an era when cybersecurity was an afterthought. Today, the cybersecurity of space systems combined with the proliferation of disinformation campaigns creates an environment where the responses to incidents in space could be slowed just enough for critical lifesaving decisions to be delayed—or for decisions to be made on misleading information with potentially catastrophic results. The increasing complexity of our low-Earth-orbit (LEO) environment, combined with the militarization of the space domain by major powers, all but assures that disinformation in the space domain will be a factor in space incident response.  As a follow-up to our previous article, Beware the Black Hole: Unraveling the Gravity of Disinformation in Space Exploration , published in the April 2024 issue of SIGNAL Magazine, we explore how disinformation could cause cascading physical and economic effects in the space domain and how we can mitigate this new attack surface for our commercial, civil and national security space assets. Outages deny the target the use of the system but simultaneously offer the victim a warning that there is a problem. The most successful cyber attacks in history are the ones you’ve never heard of. Cybersecurity concerns in space are no different, and the responsible space cybersecurity planner should consider how persistent, undetected attacks will impact their system(s).  Our previous article identified disinformation threats in the space domain such as manipulation of commercial imagery or other data collected from sensors in space. We also covered the threat to scientific research and the potential erosion of trust in data from space. These remain significant threats to the space domain, requiring mitigation strategies. As our LEO environment grows in complexity and dependency, we must also consider the threat of disinformation to incident response in space. Kranz never had to consider whether the data he received from the Apollo 13 spacecraft was real or spoofed. Modern responders will have to make this determination.  Responses to incidents in the modern space environment will not necessarily involve human lives, making the means of response more difficult. More distant missions will come with the increased complexity of communications lags that could last hours. The assets under duress could be commercial, civil or military from a growing number of commercial space companies and state actors active in the space domain. More ground services and functions depend on space data, impacting terrestrial activities during an outage or disruption. Think of the implications for everything from disaster response to transportation and navigation, to financial services and beyond. Even without the threat of disinformation, the landscape of space incident response is significantly more complex than it was a decade ago. How decision-makers and responders on the ground handle this complexity has only been lightly tested. As human space exploration begins its resurgence, it is time to examine how incident response, from LEO to cislunar to interplanetary space, will evolve. Precious Moments The growth in the space economy has a direct and unmistakable correlation to the number of Earthlings willing to pay for services from space. That inescapable fact means that interdependence between space assets and the daily lives of millions is growing. Satellite services touch everything from critical infrastructure to entertainment to scientific research. An outage, natural or human-made, requires quick and decisive action to recover and restore services. The response also must be based on the real situation as it is unfolding.  Imagine a communications satellite outage that impacts 911 coverage in a remote area. The impact on first responders and the public is obvious. It is in the interest of the commercial provider to restore services as soon as possible. The technicians will work through their checklists, review the latest telemetry and adjust system settings as they troubleshoot the problem. As they do so, they are inherently assuming that the telemetry they see is true and accurate, and that their decisions are based on the best available data.  Share Now imagine this outage was due to a cyber attack and, in an effort to cause maximum damage, the perpetrators found a way to control the onboard telemetry. The information coming back to the ground could be spoofed, and the technicians on the ground could decide to fire a thruster or execute a maneuver that causes the vehicle to deorbit into the atmosphere or tumble out of control. In this way, the attacker can cause doubt over what occurred in the incident and even call attribution into question. After all, the fatal maneuver was executed by technicians inside the company, not by a malicious actor with control of the vehicle.  Yet, disinformation or manipulated data itself is not the only threat. The mere possibility that incident data could be manipulated, even if it hasn’t been, can have severe consequences for response efforts. In any crisis, there are a few moments where decisions must be made or the crisis escalates. There were many such moments in the Apollo 13 crisis and there will be more in future incidents. However, the threat of data manipulation can cast doubt on the reliability of the information used to make decisions, leading to hesitation and confusion and potentially delaying or misguiding the responses. This uncertainty erodes trust in the systems and processes designed to handle incidents as decision-makers pause their response efforts to question the integrity of the data.  Decision-makers may also be reluctant to share information among stakeholders if they have any reason to fear that the data they would share might be manipulated. Such a reluctance hinders the collaboration and coordination efforts required for a rapid and informed response.  Malicious actors, therefore, need not even undertake an active data integrity attack but can rather threaten the potential of doing so and achieve a similar outcome of chaos and destruction. In this environment, the critical few moments of the incident response system where immediate action is essential fall victim to uncertainty and mistrust.  Tough and Competent Kranz is the person for whom “The Kranz Dictum” is appropriately named. The dictum states that mission control shall be “tough and competent,” referring to its ability to own mistakes and competently conduct missions. After a long hiatus, we are returning to human space flight. We are doing so in the middle of a historical moment when great powers are militarizing space, commercial powers are monetizing space and people worldwide are weaponizing information at scale. These factors combine to create an underappreciated and certainly under-mitigated risk to our brave space-faring brethren. As we benefit from and continue to advance scientific and technological developments in space, we must prepare for the fact that such endeavors will never be risk-free, nor will humans ever build flaw-free systems. Future crises are a certainty, and the militarization of space puts those missions at risk.   A future Artemis mission might suffer an outage to one of its critical computers or a malfunction in its life support systems. In that case, the next generation of Gene Kranzes will have to respond and save lives far from Earth. Our confidence in the competence, dedication and creativity of these people is absolute, but only if they are working with accurate information. A spoofed communications link or doctored telemetry, or the threat that they could be manipulated, could spell the end of the mission and the brave souls onboard through no fault of the responders. Such an incident could be a death blow to human space flight and do untold damage to the space economy. All the toughness and competence in the world will not matter if the data is wrong or insinuated to be incorrect.  Subscribe now Addressing Disinformation in Space Our previous article laid out a framework for mitigating disinformation in space, but this is only a start. Specific policy guidance from the National Space Council, in coordination with national security agencies, should be developed to provide commercial entities with the tools they need to build safety measures, checks and procedures that specifically address the potential for disinformation during a crisis in space. Even delays in decision-making due to disinformation concerns can cause damage, so this must be treated as a priority. As an economic, national security and human safety issue, there is more than enough at stake. Any framework that begins to illuminate these threats must consider the following elements: 1) Identify inconsistencies: Look for discrepancies in data, sudden changes in patterns or information that contradicts established facts. 2) Verify sources: Verify incoming information via a secondary channel. 3) Analyze impact: Evaluate the potential consequences of the manipulated information on decision-making processes and outcomes. 4) Investigate motive: Consider who benefits from the manipulated information and their possible motivations. 5) Develop a response plan: Establish multiple communication channels and outline steps to mitigate the impact of the disinformation threat as part of a cybersecurity framework. Applying such a framework will require a comprehensive knowledge database of the various disinformation tactics and techniques adversarial actors may use to manipulate space-related data. A well-defined framework that systematically characterizes potential attacks and their impacts will allow stakeholders to develop effective strategies, policies and technologies to safeguard the space domain. The economic value and strategic advantages of dominance in the space domain are too enticing for cyber actors to leave them to their orbits. Crescendos in complexity and dependence result in commensurate rises in the number of available attack vectors. Disinformation, and the threat thereof, is one of the most long-term effective and least attributable methods by which a malicious actor can achieve a strategic goal. Disinformation threats are interwoven with cybersecurity threats, yet the space policy environment in the United States completely ignores the disinformation threat against space assets. With all eyes elsewhere, attackers have an unimpeded path to an attack surface to which we are unprepared to respond. Disinformation against space assets and operations should be integrated into cybersecurity frameworks for the sake of the long-term sustainability of the space economy and continuity of safe operations in and beyond LEO. This article was co-authored (original link here ) by Nick Reese, COO of Frontier Foundry. Visit his LinkedIn here . To stay up to date with Frontier Foundry’s work, please follow us on LinkedIn and visit our website . To learn more about the services we offer, please visit our product page. Leave a comment Share Frontier Foundry Substack