NATOs Mission-Critical Space Capabilities under Threat: Cybersecurity Gaps in the Military Space Asset Supply Chain

Abstract: The North Atlantic Treaty Organizations (NATO) public-private Space Asset Supply Chain (SASC) currently exhibits significant cybersecurity gaps. It is well-established that data obtained from space assets is fundamental to NATO, as they allow for the facilitation of its missions, self-defence and effective deterrence of its adversaries. Any hostile cyber operation, suspending control over a space asset, severely impacts both NATO missions and allied Member States national security. This threat is exacerbated by NATOs mostly unregulated cyber SASC. Hence, this thesis answers a twofold research question: a) What are current cybersecurity gaps along NATOs global SASC; and b) How can NATO and its allied Member States gain greater control over such gaps to safeguard the supply of NATO mission-critical information? An ontological field study is carried out by conducting nineteen semi-structured interviews with high-level representatives from relevant public, private and academic organizations. This research was undertaken in collaboration with the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. This thesis concludes that current cybersecurity gaps along NATOs SASC are caused by cyber vulnerabilities such as legacy systems or the use of Commercial-Off-the-Shelf (COTS) technology. Inadequate cyber SASC management is caused by hindrances such as misaligned classification levels and significant understaffing. On this basis, NATO should consider two major collaboration initiatives: a) Raising Awareness throughout the whole of the NATO system, and b) Pushing forward the creation of regulation through a standardized security framework on SASC cybersecurity. Doing so would enable NATO and its Member States to recognise cyberthreats to mission-critical data early on along its cyber SASC, and thus increase transparency, responsibility, and liability.