Cyber-Worthiness and Cyber-Resilience to Secure Low Earth Orbit Satellites

This paper presents research responding to the problem of cyber-attacks on Low Earth Orbit (LEO) Satellites. The increasing connectedness, dependency and reliance of platforms such as satellites on digital cyber-enabled systems is a significant concern for Defence commanders and national security planners. Networked systems delivering situational awareness require a capability management framework which facilitates mature and detailed risk management practices. This paper extends existing cyber-threat modelling concepts and techniques, to develop a LEO space system cyber-resilience model consisting of four parts: (1) a Common Generic End-To-End LEO Space-System Cyber-Security Digital Twin Testbed; (2) an Evil Digital Twin Construct; (3) a Cyber-Resilience Engineering Framework for LEO; and (4) a set of Cyber-worthiness Design Principles for LEO space systems. Cyber-worthiness as an overarching concept and model has been discussed within Defence for several years, yet a robust model has not yet emerged. This paper introduces the concept of cyber-worthiness as an assessment of the suitability of digital systems and network configuration relative to the threat environment. It describes proposed cyber-worthiness cyber-security and cyber-resilience design principles for the management of LEO satellite attack surfaces. This paper approaches the problem space with a focus on building resilience through an understanding of adversary behaviours, system vulnerabilities, space vehicle architecture, threat techniques and technical attack paths. Such an approach enables a more nuanced and flexible management of attack surfaces. Pointers to further work are presented and discussed.