This post is a distillation of my points from RightsCon 2022’s “Make Space for Human Rights” panel.
Access to space technologies during the Ukraine invasion has been a crucial aspect of the conflict, from providing communications which are resilient to attacks on terrestrial infrastructure, to providing near-real-time, public verification of atrocities and troop movements by the Russian government to push back against disinformation. With the laudable efforts behind launching SIFU / Space Industry For Ukraine, this looks poised to continue and even pick up further momentum.
However, this role has not gone unnoticed. Ukraine has been a harsh wake-up call around the power of satellite technologies – as well as their fragility in times of crisis. Services from connectivity and communications to remote sensing are critical to protecting human rights and as such are now a target of authoritarian actors.
Satellite Infrastructure has its own resiliency problems Since February 2022, there have been significant attacks on space-based communications and related infrastructure connected to defending Ukraine:
- GPS interference
- Targeted jamming of Starlink,
- An aggressive hack of Viasat’s network which bricked thousands of their terminals
- While not yet known to be under attack, satellite imaging companies like Maxar are clearly putting themselves at risk by providing the world with satellite imagery of the invasion
CISA’s March 17 alert, “Strengthening Cybersecurity of SATCOM Network Providers and Customers” (AA22-076A) was incredibly pointed about the multiple vulnerabilities satellite operators – and the users of satellite communications – should be tracking and mitigating. From default passwords to limiting remote access capabilities to using encryption, it’s a laundry list of problems you don’t want to see on what is increasingly critical infrastructure for crises.
But it’s bigger than just infrastructure security and reliability. That’s today’s problem, and companies are responding to it.
The gravity of terrestrial laws is hard to escape.
We should expect to see the same authoritarian attacks on satellite technology providers across the spectrum of services from communications to remote sensing of radio and cell signatures to detailed imagery. Beyond the technical attacks already happening above, we should expect these all to be subject to government demands to hand over subscriber data, metadata, and potentially even communications content or the precise location of active users. This will be made even more complicated by the complicated reseller markets for satellite communications services.
These demands can be leveraged by business licenses (“do this or you’re blocked from selling in our country, or banned from lucrative gov contracting”), and potentially regulation of gateways / satellite earth station locations (and their upstream, terrestrial, Internet access). For some more extreme actors, the threat or even use of more direct force could be in play - from jamming (downlink jamming / locally or the much more aggressive form, uplink jamming, directed at the satellite itself), to laser dazzling, or even potential of damage to the satellite(s). Secure World Foundation tracks such Counterspace Capabilities in annual reports.
So how do we deal with this?
Immediately, our human rights community needs to tech up on satellite technology from a more adversarial lens - what risks are we not thinking about, what mitigations or tolerances do we need to agree on?
One of my last projects at Internews was launching the Satellite Safety Guide to provide an overview of known threats at a global, adversary-neutral level that can be a reference to help contextualize risk in specific situations by local experts. The core recommendations are currently translated into Burmese and Ukrainian, and the team is working to use the research there to refresh the 2012-era operational security guide by Small World News for wider consumption by end-users.
That’s tactical. Strategically, we need to be thinking about what known threats to communications providers and platforms we see today will apply to satellite communications and technologies. Most likely, the satellite industry will be facing off with local user data laws, splinternet/sovereign internet issues, and user record “requests”, and will probably get entangled in end-to-end encryption debates as well.
The satellite companies appear interested and willing to support humanitarian efforts such SIFU, and I believe we should take this momentum and make this a 2-way street, and bringing them in to spaces like RightsCon, GNI, and other bodies where we’ve dealt with these tensions.
Our human rights and technology community is painfully familiar with the need for policies and practices such as transparency reports) and accountability efforts like Ranking Digital Rights to create - and track - industry norms. Combined, these help deter overreach, and at a minimum provide public insight into who is asking for what.
UPDATE:
This article provides further context and depth on the value of space in conflict, and specifically as an infortmational asset: War in Ukraine highlights the growing strategic importance of private satellite companies – especially in times of conflict . A worthwhile thought exercise would be to take all the capacities discusses here and flip them to an adversarial context.