Next Article in Journal
Circular–Sustainable–Reliable Waste Management System Design: A Possibilistic Multi-Objective Mixed-Integer Linear Programming Model
Previous Article in Journal
Predicting Dependent Edges in Nonequilibrium Complex Systems Based on Overlapping Module Characteristics
Previous Article in Special Issue
Cybersecurity Risks Analysis in the Hospitality Industry: A Stakeholder Perspective on Sustainable Service Systems
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Systems
Volume 12
Issue 10
10.3390/systems12100434
systems-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Cyber Resilience Limitations in Space Systems Design Process: Insights from Space Designers

by
Syed Shahzad
1,*,
Keith Joiner
2,
Li Qiao
1,
Felicity Deane
3 and
Jo Plested
4
1
School of Engineering & Technology, University of New South Wales, Canberra, ACT 2600, Australia
2
Capability Systems Centre, University of New South Wales, Canberra, ACT 2600, Australia
3
Faculty of Business & Law, Queensland University of Technology, Brisbane, QLD 4000, Australia
4
School of Systems & Computing, University of New South Wales, Canberra, ACT 2600, Australia
*
Author to whom correspondence should be addressed.
Systems 2024, 12(10), 434; https://doi.org/10.3390/systems12100434
Submission received: 5 September 2024 / Revised: 3 October 2024 / Accepted: 11 October 2024 / Published: 15 October 2024
(This article belongs to the Special Issue Cyber Security Challenges in Complex Systems)
Browse Figures
Versions Notes

Abstract

:
Space technology is integral to modern critical systems, including navigation, communication, weather, financial services, and defence. Despite its significance, space infrastructure faces unique cyber resilience challenges exacerbated by the size, isolation, cost, persistence of legacy systems, and lack of comprehensive cyber resilience engineering standards. This paper examines the engineering challenges associated with incorporating cyber resilience into space design, drawing on insights and experiences from industry experts. Through qualitative interviews with engineers, cybersecurity specialists, project managers, and testers, we identified key themes in engineering methodologies, cybersecurity awareness, and the challenges of integrating cyber resilience into space projects. Participants emphasised the importance of incorporating cybersecurity considerations from the earliest stages of design, advocating for principles such as zero-trust architecture and security by design. Our findings reveal that experts favour Model-Based Systems Engineering (MBSE) and Agile methodologies, highlighting their synergy in developing flexible and resilient systems. The study also underscores the tension between principles-based standards, which offer flexibility but can lead to inconsistent implementation, and compliance-based approaches, which provide clear measures but may struggle to adapt to evolving threats. Additionally, the research recognises significant barriers to achieving cyber resilience, including insider threats, the complexity of testing and validation, and budget constraints. Effective stakeholder engagement and innovative funding models are crucial for fostering a culture of cybersecurity awareness and investment in necessary technologies. This study highlights the need for a comprehensive cyber resilience framework that integrates diverse engineering methodologies and proactive security measures, ensuring the resilience of space infrastructure against emerging cyber threats.

1. Introduction

Contemporary modern society heavily depends on space infrastructure [1,2]. The European Commission states the following: “Space infrastructure is critical infrastructure on which services essential to the smooth running of our societies and economies and our citizens’ security depend. It must be protected, and that protection is a major issue for the EU, which goes far beyond the individual interests of the satellite owners.” [3]. The essential functions provided by space services are challenging to replace, highlighting their significance to society. Thus, the logical, physical, geographical, and cyber aspects of space infrastructure form a complex system of systems, making it vulnerable to cascading and escalating failures that can greatly amplify the impact of any damage [2].
Space infrastructure faces unique challenges due to its extreme size, power, and weight (SWaP) constraints. It must be cost-effective to launch, and once there, it is the ultimate unrecoverable remote system. Furthermore, in a cyberwar, space assets are susceptible to cyber-attacks like most predominantly digitised critical infrastructure [4]. According to The Oxford Dictionary, cyberwar is defined as “the use of computer technology to disrupt the activities of a state or organisation, especially the deliberate attacking of information systems for strategic or military purposes.” and “cyberwar is asymmetric, which means it benefits lesser military powers as much as military goliaths” [5]. The military use of space systems after the launch of Sputnik in 1957 [6] created new challenges and threats for space infrastructure due to its complex and unique multi-layer architecture and isolation [7]. The military potential of space systems was immediately recognised after the first satellite launch [6], turning space into a new potential war front. One contemporary example of such a potential threat is the launch of a Russian satellite that may serve as a weapon capable of inspecting and attacking other satellites in low Earth orbit [8].
Therefore, the advances in new technologies and battlespaces have evolved from the old “offensive–defensive” paradigm [9]. As a result, cyberwar now takes place in a modern networked space with almost no rules of engagement, or at least not widely accepted, making it challenging to identify the enemy (threat actors) and often obscure motives [10,11].
This study examines the engineering challenges of integrating cyber resilience into space systems design. It focuses on the technical and organisational requirements necessary for creating a robust framework. The need for such a framework emerged directly from qualitative interviews with experts from the space domain, including engineers, cybersecurity specialists, project managers, and testers. These participants are also the stakeholders directly impacted by the findings, influencing their work in developing and securing space systems. Furthermore, the research identifies vital themes related to engineering practices, cybersecurity awareness, and the barriers to implementing cyber resilience in space projects. The insights gathered from these experts lay the foundation for developing a framework that addresses both technical and organisational demands, ensuring space systems remain resilient against cyber threats.

1.1. Vulnerabilities and Cyber-Attacks in Space Infrastructure

Space assets are complex remote systems to engineer [12]. It is crucial to employ multidisciplinary legal and technical solutions due to space mission challenges and cross-border infrastructure with complex components of computing, communication, upgrades, and hardening requirements [13,14]. Furthermore, outer space assets such as satellites or other flying objects have unique threats from orbital debris (both natural and artificial) and space weather [14].
Typically, space infrastructure is divided into three main segments with a range of potential attack surfaces [15]:
  • Space Equipment (SE) placed in space, such as a satellite, launch vehicle, rover, or flying object like ingenuity;
  • Ground Stations (GSs) that directly support space activities;
  • Launch Providers (LPs) deliver the space equipment into orbit.
The new space infrastructure, such as programmable satellites and ground station as a service [16], produces new opportunities for both cyber-attacks and cyber-defence. New satellites have onboard computers and networked hardware with connectivity for remote analytics, configuration, and upgrades. In addition, ground stations and communication links contain vulnerabilities that lead each segment to cyber and physical threats from four distinct attacks and weapons known as anti-satellite (ASAT). The Centre for Strategic and International Studies uses the following classification [17]:
  • Kinetic Physical: These weapons target and destroy space-based space infrastructure, causing space debris. The ground-to-space missile (direct-ascent) is an example of a kinetic physical weapon.
  • Non-Kinetic Physical: As the name suggests, these ASATs use electromagnetic pulses or microwaves to interrupt adversary space assets.
  • Electronic: Signal jamming and spoofing examples of electronic weapons.
  • Cyber: Data interception, corruption, man-in-middle attacks, control takeover, and code injection are some examples of cyber ASATs.
It is well understood that space infrastructure is under sophisticated anti-satellite attacks, and adversaries are increasingly developing modern ASAT weapons [18]. Recently, China, India, Russia, and the USA have demonstrated their capabilities with kinetic weapons designed to destroy satellites in low Earth orbit [8]. These weapons create large debris fields, threatening other satellites and polluting the space domain beyond recovery. In contrast, the impact of cyber-attacks and the resilience of space infrastructure is not well understood [19].
Space infrastructure shares significant similarities with submarine cable systems [20]. Both are critical remote systems and have a strategic impact on society’s digital infrastructure. Like space assets, submarine cable systems are essential for global connectivity, yet their significance remains underappreciated by the general public. This lack of awareness makes them attractive targets for hackers and state actors seeking to exploit vulnerabilities. The necessity to secure these critical infrastructure components underscores the need for robust and adaptive technological solutions to defend against emerging cyber threats [21]. Therefore, similar to undersea cables, the space segment confronts unique threats and risks due to their remoteness, SWaP (Size, Weight, and Power) limitations, and upgrade challenges. These factors demand satellite designers, ground station operators, and launch providers to proactively anticipate and mitigate such threats and risks [22,23].
Despite the apparent risks and potential impact across multiple jurisdictions, space cybersecurity and cyber resilience are poorly regulated, and governance is difficult [22]. The current landscape of space cybersecurity presents several critical challenges, from the need for more standards and regulatory frameworks to a complex supply chain, reliance on off-the-shelf commercial and open-source technology, and a limited, highly specialised workforce. Additionally, there is a significant gap in the engineering methodologies tailored explicitly for cyber resilience in space systems. The absence of comprehensive and standardised engineering practices hinders the development of resilient space infrastructure [24], creating new opportunities for researchers.

1.2. Challenges in Achieving Cyber Resilience for Space Infrastructure

The challenges associated with ensuring cyber resilience in space systems are distinct from those in other critical infrastructure contexts, which is primarily due to the unique operational constraints, environmental factors, and the critical nature of space-based assets [25]. While the concept of cyber resilience applies broadly to any system that relies on cyber resources, space systems face several unique factors that significantly differentiate them from terrestrial counterparts [14].

1.2.1. Isolation and Limited Physical Access

Space systems operate in an environment that is physically remote and largely inaccessible once launched [14]. This contrasts with terrestrial systems, which can undergo regular maintenance, upgrades, and security enhancements. Once a satellite or other space asset is deployed, it must function without direct physical intervention for its entire operational lifespan [1]. This places a greater emphasis on designing for resilience from the outset, as there are fewer opportunities to address vulnerabilities post-deployment. Unlike terrestrial systems, where maintenance can mitigate vulnerabilities as they emerge, space systems must pre-emptively account for a wide range of potential threats and environmental factors during the design and development phases [7,26].

1.2.2. SWaP Constraints and Legacy Systems

Space assets are highly constrained by size, weight, and power (SWaP) limitations, which impose significant design trade-offs [27,28]. For instance, terrestrial systems often incorporate robust hardware security modules, redundant communication channels, and other resource-intensive security mechanisms [29]. In contrast, the physical constraints of space systems necessitate lighter, lower-power solutions that may not provide the same level of resilience [30]. As a result, space systems often employ legacy technology that is more susceptible to modern cyber threats, as these systems cannot be easily upgraded or replaced [1]. This persistence of legacy systems, coupled with the inability to modify or upgrade hardware after launch, significantly increases the difficulty of maintaining cyber resilience over time. Unlike terrestrial systems, where software patches and hardware refresh cycles are frequent, space systems must rely on pre-launch resilience measures to mitigate future threats [30].

1.2.3. Cascading Failure Risk and Systemic Vulnerabilities

Space systems operate as part of a broader system of systems, where the failure of a single asset can result in cascading disruptions across multiple sectors [13]. For example, the failure of a satellite can impact telecommunications, navigation, and defence systems simultaneously, amplifying the consequences of a cyber-attack [13]. This interconnectedness differentiates space systems from other infrastructures where the effects of failure may be more contained. As a result, space system designers must incorporate measures to withstand and recover from attacks that could disrupt not only the asset itself but also critical downstream services [15]. This complexity demands a comprehensive approach to cyber resilience that addresses the broader implications of space system vulnerabilities [31].

1.2.4. Unique Cyber Threats in the Space Domain

While both terrestrial and space systems face common cyber threats such as data breaches, malware, and denial-of-service attacks, space systems are exposed to additional, domain-specific threats [15]. For instance, adversaries may deploy signal jamming, spoofing, or anti-satellite (ASAT) weapons to disrupt communications or disable space assets [15]. Furthermore, the remote nature of space assets makes them especially vulnerable to sophisticated cyber-physical attacks that target control systems or communication links. The introduction of state actors into space-based warfare further complicates the threat landscape, as space assets are increasingly seen as strategic targets [32]. This distinguishes space systems from other critical infrastructures where cyber resilience is primarily concerned with protecting against network breaches and data loss rather than physical disablement through cyber means [31,33].

1.3. Motivation of Present Study

Space engineering faces unique difficulties due to its complex, interconnected nature, coupled with rapidly evolving cyber threats due to continuous innovation and limited situational awareness [33,34]. Despite the growing significance of this topic, we found limited research conducted on the challenges faced by space system designers in incorporating cyber resilience decisions into their engineering processes.
The results of this study highlight several key differentiators in the development of cyber resilience for space systems compared to other critical infrastructures. These unique challenges stem from the specific operational environment, engineering constraints, and strategic importance of space-based assets. Understanding these differences is essential for the development of effective cyber resilience frameworks tailored to the space sector. Therefore, this study aims to provide a comprehensive understanding of the challenges and limitations faced by space designers in engineering cyber resilience for space systems.
We conducted interviews with industry professionals from Australia, the USA, and the UK. We aimed to focus on their understanding of cyber resilience concepts, the engineering frameworks they employ, the challenges they encounter, and their perspectives on a novel framework that could help incorporate cyber resilience into the design and development phases. The interview questions were intended to assess gaps in the current engineering processes and suggest a new novel framework for future study.

2. Literature Review

The engineering of large-scale, complex systems such as spacecraft or other cyber-physical systems (CPS) demands sophisticated decision making and coordination across all roles and stages of the engineering life cycle [13]. Operating in hostile environments, space systems are critical to national security, communications, and infrastructure, making them particularly vulnerable to advanced cyber threats due to their reliance on cyber resources [14].
A key responsibility of engineers in space systems is to integrate and validate resilience from the earliest stages of design [31]. Therefore, developing strategies to ensure the system can withstand, recover, and adapt to potential cyber threats or failures is essential [35,36]. The National Institute of Standards and Technology (NIST) defines cyber resilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources” [37].
Cyber resilience ensures system recovery by integrating cyber infrastructure’s interconnected hardware, software, and sensing components. It serves as a bridge between maintaining system operations and ensuring mission execution. Björck et al. [38] define cyber resilience as “the ability to continuously deliver the intended outcome despite adverse cyber events”. This means an information system can return to an operational state during and after degradation, whether caused by a deliberate cyber-attack or a natural disaster. The critical distinction between the two is the ability to model natural failures versus cyber-attack unpredictability [38]. Therefore, addressing safety and security design from the beginning of the system development cycle and throughout its phases is essential and advantageous. Hence, the discipline of systems engineering (SE) was introduced to manage and unite multidisciplinary engineering teams [39]. SE aims to optimally understand and gather customer requirements early in the development life cycle and document these requirements in a universal modelling language [40].
Cybersecurity and cyber resilience challenges for space systems are not unique to the space industry but are compounded by several factors. Space systems often serve as single points of failure for various industry sectors. The problem becomes more significant with the need for comprehensive cybersecurity standards and regulations for space [41], complex supply chains and prolonged system life cycles frequently employing commercial off-the-shelf technology [31]. Furthermore, a highly specialised workforce is required for the space sector [42], which is challenging to produce with limited resources. Therefore, these factors collectively make the cybersecurity of space systems a unique challenge and mainly an attractive target for state and non-state actors. Addressing these challenges requires a joint effort to develop robust cybersecurity measures tailored to the space infrastructure’s specific needs and vulnerabilities [41].
The space industry has undergone significant transformation due to the rapid advancement of digital technologies and the increasing integration of cyber-physical systems (CPSs). Although these changes offer significant opportunities for innovation and growth, they also introduce a new set of cybersecurity challenges not previously encountered in traditionally isolated and analogue space systems. The once-held belief that the sophistication of space technology alone would provide sufficient protection against cyber threats has been shattered, as evidenced by the lack of special cybersecurity measures in early satellite constellations like Iridium, which provided services to the Pentagon [43]. Space infrastructure is vulnerable to a wide range of cyber threats that were never anticipated during their initial design phases [44]. The advent of digital technologies has significantly expanded the attack surface of space systems. In contrast, the increased vulnerability is further compounded by the fact that space systems are now more interconnected than ever before with the introduction of concepts such as the Internet of Space Things (IoST) and the commercialisation of space [45]. As a result, the cybersecurity risks for space systems have become more complex and diverse, requiring a comprehensive and proactive approach to address them effectively. Inadequate cybersecurity engineering measures in space systems can have severe consequences, as these systems most often support critical infrastructure and services essential to our modern society. The disruption or compromise of these systems could lead to significant economic losses, social unrest, and even loss of life [46]. Furthermore, increasing reliance on space-based assets for military and defence purposes makes them an attractive target for nation-state actors and other malicious entities seeking to gain strategic advantages [41].
In engineering terminology, space infrastructure is a prime example of a complex system of systems (SoS). They are characterised by integrating multiple heterogeneous systems, often spanning different generations of technology [47]. Engineering complexity typically arises from the necessity of combining space-based elements, such as satellites and spacecraft, with terrestrial ground stations and, finally, control centres. This intertwined connectivity forms a tightly coupled network of systems that must work together seamlessly to deliver critical services [45]. Furthermore, this complexity makes space infrastructure more vulnerable to cascading and escalating failures. A disruption in one component can quickly propagate throughout the entire system, amplifying the impact of the initial damage [46].
One of the most crucial aspects of space infrastructure is the unique characteristics of its physical space environment. Engineering safe and secure space infrastructure is complex and further compounded by the unique traits that impose severe constraints on space systems’ design, deployment, and operation [44]. Critics argue that some constraints, such as harsh radiation environments, extreme temperature, and limited power and bandwidth, make it difficult to implement traditional cybersecurity measures such as encryption, authentication, and intrusion detection [48]. Therefore, the long lifetimes of many space assets, often measured in decades, can result in the persistence of legacy systems and protocols that are vulnerable to modern cyber threats, making cyber resilience a significant challenge [49]. To effectively address these challenges, a holistic approach to space cybersecurity is required, encompassing both technical and organisational measures.
As academics pointed out, from a technical standpoint, this may involve incorporating security-by-design principles into the development of space systems, ensuring that cybersecurity considerations are integrated throughout the life cycle of the system [14,41]. This includes implementing robust encryption and authentication mechanisms and deploying advanced monitoring and detection capabilities to identify and respond to potential threats in real time [45]. However, effective space cybersecurity from an organisational perspective requires close collaboration and information sharing among all stakeholders from the development, operation, and use of space infrastructure [47]. This includes government agencies, commercial operators, academic institutions, and international organisations. They must work together to establish common standards, best practices, and incident response procedures to ensure the resilience and continuity of space-based services in the face of ever-evolving cyber threats for space [49]. Academics claim that limited situational awareness and attribution capabilities in space further complicate cyber defence. Detecting and responding to attacks can be difficult due to the remote, unattended nature of space assets and the challenges of collecting and sharing threat intelligence [32,50]. As Georgescu et al. [51] highlight, law and governance in the space environment present significant challenges due to the absence of clear jurisdictional boundaries that typically inform critical national infrastructure processes on Earth. This jurisdictional ambiguity in space resembles the complexities associated with “transcontinental infrastructure” projects, such as oil and gas pipelines. A prime example is China’s Belt and Road Initiative (BRI) [52], which illustrates the parallels between space infrastructure protection and complex cross-border critical projects.
The primary challenge in anticipating cyber-attacks on space systems is the need for comprehensive datasets documenting historical incidents [53]. The information about most attacks is not readily available in the public domain, with scattered media reports needing more detailed information, making it difficult to understand and characterise the nature and scope of the threat [14]. To address this ”missing-data problem,” researchers have proposed frameworks that extrapolate missing data to derive attack technique kill chains, providing valuable insights into the increasing sophistication of cyber-attacks against space systems [54]. Furthermore, the need for standardised taxonomies and knowledge-sharing frameworks within the space cybersecurity community has been identified as a barrier to practical threat intelligence and incident response [49]. Efforts to develop standardised ontologies and promote collaboration among stakeholders are crucial in building a more resilient and secure space infrastructure [47].
The rapid growth in the space industry is experiencing the fastest innovation to market, with a record number of private and public organisations involved in space exploration and satellite technology, such as NASA and SpaceX [55]. Previous studies have argued that this growth comes with new challenges in securing the supply chain for space infrastructure [56]. Past studies have shown that space projects involve a vast network of suppliers, manufacturers, and service providers from multiple countries, making the supply chain challenging to monitor and control [57]. Academics examined that the complexity increases the risk of cyber threats such as malware, ransomware, data breaches, and theft of IP, which can compromise the security and reliability of space systems [56].
Another aspect academics emphasise is the measurement and improvement of cybersecurity for space infrastructure [58]. Research shows that the fundamental challenge is the need for comprehensive frameworks and standards for assessing the cybersecurity of space systems [58]. We also note that existing regulations often fail to cover the entire production value chain of space assets, from ground stations to satellites, and the global nature of the space industry also complicates efforts to harmonise cybersecurity practices across jurisdictions [58,59]. Jacobs points out that effective cybersecurity measurement demands collaboration between diverse stakeholders such as government agencies, private companies, and international partners [58]. This fosters trust and information sharing across these groups, which is essential for developing a shared understanding of threats and coordinating responses. Abu-Bonsra suggests public–private partnerships can be crucial in developing tailored regulations compatible with existing cyber regimes [60].
The proliferation of commercial off-the-shelf (COTS) components and the trend toward small satellites pose additional challenges. Vessels et al. voiced concerns that these systems often lack the cybersecurity features of custom hardware and may contain vulnerabilities that can be exploited by adversaries [61,62]. Therefore, academics acknowledge that identifying and mitigating these weaknesses requires a proactive, mission-focused approach to testing and secure system design [62,63]. Several scholars have noted the deficits in existing regulations that often fail to cover the entire production value chain from ground stations to satellites. They have highlighted the need for comprehensive frameworks and standards for assessing and ensuring the cybersecurity of space systems across the entire life cycle [61,64]. Developing and enforcing harmonised cybersecurity practices across jurisdictions is essential for protecting the global space infrastructure [61].
The systems-of-systems nature of most critical space infrastructure consists of numerous components and communication links that can introduce vulnerabilities [65,66]. Academics argue that to achieve resilience, a holistic approach that addresses the entire system life cycle and all domains of practice is required [65,66]. Therefore, existing cybersecurity frameworks, primarily focused on a single organisation, may not adequately cover space assets’ complete production value chain [58]. The challenge is the rapid evolution of cyber threats in the space domain. Adversaries are developing sophisticated attack capabilities to target space systems, such as anti-satellite weapons, jamming, and cyber-attacks. Space infrastructure must be engineered to withstand and adapt to these threats, but traditional risk management approaches may need to catch up with the dynamic threat landscape.
The space “weaponisation” and “militarisation” is a primary concern for today’s lawmakers [67]. Multiple scholars have raised their concerns that “At this point, there are no agencies that restrict the use of satellites, and there is no overarching governing body that monitors the specific use of satellites. Even if one did exist, there are no mechanisms for enforcing any treaties/standards/governance.” [41]. Therefore, from an international governance perspective, efforts to enhance space security have been ongoing. The UN has adopted several resolutions on the “prevention of an arms race in outer space” and also presented a draft document headed “Treaty on the Prevention of the Placement of Weapons in Outer Space, the Threat or Use of Force Against Outer Space Objects (PPWT)”. Interestingly, the PPWT was developed by Russia and China [68].
In general, the PPWT focuses on the following three obligations:
  • No weapons to be carried in orbit either on satellites or space stations;
  • No threat against any other outer space assets;
  • Not to encourage other states/organisations to engage in prohibited activities.
The EU likewise published a draft voluntary Code of Conduct for Outer Space Activities in 2008, which covers the freedom of access to space, security and integrity of space objects [68]. In addition, the White House released a Space Policy Directive (SPD5) entitled “Cyber Security Principals for Space Systems” that establishes a broad set of guidelines for space companies in developing their cyber protection approaches [69]. These guidelines include the following:
  • Protect critical space vehicle functions from unauthorised access;
  • Implement physical security for command, control, and telemetry systems;
  • Defend against communications jamming and spoofing;
  • Secure ground systems using National Institute of Standards and Technology (NIST)-aligned cybersecurity best practices;
  • Maintain cybersecurity hygiene and intrusion detection for system elements;
  • Manage supply chain risks by tracking products and sourcing from trusted suppliers.
Recently, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) has also been revising the Tallinn Manual and has invited experts worldwide to review legal and policy challenges related to cyber war [70]. Therefore, these international efforts underscore the importance of a unified approach to maintaining the security and stability of space infrastructure amidst global challenges.

3. Methods

The study employs interviews. The interview questions were developed following a comprehensive review of domain literature on cyber resilience in space infrastructures [71] as well as established engineering frameworks and standards [72,73,74]. Specifically, the questions were formulated to address challenges highlighted in previous studies on space cybersecurity, including engineering difficulties, regulatory gaps, communication attacks, and issues related to security awareness and culture [41,75,76,77]. This approach ensured that the inquiry was coherently aligned with the concept under investigation. Participants were asked a series of questions to provide expert feedback based on their subjective judgment and perception of the challenges they faced in their engineering projects. The input interviews focused on gathering technical input, and the study used thematic analysis to identify, analyse, and report patterns or themes within data. A theme is an attribute, descriptor, element, and concept within qualitative research. It is an implicit topic that organises recurring ideas, enabling researchers to address the study question effectively [78]. This approach organises and describes the data set in rich detail and often advances beyond simple description to interpret diverse aspects of the research topic [79]. Through thematic analysis, we gained more profound insights into the underlying meanings and implications of the data, which provided a comprehensive understanding of the research subject [78].

3.1. Participants

The study employed specific inclusion criteria for participants. Our target was thirty experts from the space systems design domain, holding key roles such as space systems engineers, mission designers, or cybersecurity experts involved in space projects. Participants were also expected to have practical experience working on real space projects, as their insights were essential for understanding the challenges and complexities in designing cyber-resilient space infrastructure. Additionally, participants’ roles required knowledge of cybersecurity in space systems design. Notably, the participants are also stakeholders in this research outcome, as the findings directly impact their work in developing and securing space systems. Therefore, their involvement ensured that the study not only captured expert insights but also addressed the practical needs and concerns of those responsible for implementing the recommendations. The vital inclusion criteria were as follows:
  • Participants must be from the space engineering domain, holding roles such as project or program managers, systems engineers, mission designers, testers, or cybersecurity experts.
  • Participants must have practical experience working on complex projects, as their hands-on knowledge is crucial to understanding the challenges and intricacies of designing cyber-resilient infrastructure.
Table 1 presents a summary of the final participants.
The study ensured all participants received an emailed version of the Participant Information Statement and Consent Form (PISCF). Participants who chose to participate were required to provide their consent through one of the following methods:
  • They could return the consent form via email after affixing an e-signature.
  • Alternatively, participants could confirm their consent by replying to the email, indicating that they had read the participant information statement and agreed to participate in the research. For instance, the study advised participants to copy and paste the consent declaration into their reply email.
Throughout the interview, the researcher clearly explained the study’s purpose, scope, and potential implications, emphasising the research’s focus on cyber resilience in space systems design. Furthermore, participants were asked for their verbal agreement with the PISCF at the beginning of the interview.

3.2. Measures

An interview guide was developed following a comprehensive literature review. Our study concentrated on five focus areas: Engineering Methodologies and Practices, Cybersecurity and Resilience Awareness, Challenges and Barriers, Standards, Regulations and Architectural Aspects, and Framework Development and Implementation (Table 2).
The participants were asked fifteen predefined questions with a final open-ended question that allowed participants to provide further thoughts and feedback. During the interviews, further notes on additional information that the participants shared were noted, which were deemed essential but needed to be more directly captured by the interview questions. This approach ensured that the study collected comprehensive data on the critical topics of interest while also allowing for the collection of supplementary insights that could enrich the understanding of the subject matter.
The mind map in Figure 1 outlines key deductive codes related to Space Design in the context of cybersecurity and resilience. It highlights critical aspects such as Ground Station Security, Design Principles for Cyber Resilience, and Framework Requirements. It also identifies gaps in knowledge and implementation barriers and emphasises the need for effective Training and Resources to support resilience.

3.3. Procedure

The Human Ethics Committee of The University of New South Wales approved the research under the code iRECS4839 (Figure 2). The research team comprised a chief investigator, two co-investigators, and a research student. The chief investigator supervised the data collection and analysis, and the research student was responsible for interviews, transcription and thematic analysis. The research involved interviews and did not include procedures or activities that could record identifiable information about individuals, organisations, vulnerable populations, or the research team. The interviews were voluntary, and participants could elect to be interviewed online or in person. The team carefully selected the location for in-person interviews based on the participants’ preferences, considering convenience and comfort. The team prioritised familiar and safe venues and ensured that the chosen location adhered to ethical standards to safeguard the interviewer’s and participant’s well-being and safety throughout the interview. The interview was recorded with consent and transcribed using Microsoft Word [80]. Microsoft Teams audio calls were made for online interviews with an auto transcription feature enabled [81].

3.4. Data Analytics

We followed a step-by-step process for creating and refining the codebook, as Ando et al. [82] outlined. Our approach involved the following stages:
  • Data immersion and familiarisation;
  • Initial code generation;
  • Theme identification;
  • Theme review and refinement;
  • Theme definition and nomenclature;
  • Report compilation and presentation.
This iterative process was a collaborative effort. We compared our codes with those generated by AtlasTI [83,84] to validate the emerging themes. Additionally, we used inter-rater reliability metrics to ensure consistency and accuracy [85]. Finally, all codes were human verified (Table 3). Throughout the analysis, we maintained a reflexive approach, continuously acknowledging and addressing any biases and preconceptions that could influence the results. Furthermore, we used Python’s Natural Language Processing (NLP) library spaCy, employing its pre-trained model “en core web” to validate our qualitative coding through systematic and reproducible methods [86]. spaCy is a powerful and efficient natural language processing library in Python that researchers have used for qualitative coding and validation tasks due to its wide range of features such as tokenisation, part-of-speech tagging, dependency parsing, and named entity recognition [87]. Data analysed by a recent study compared human coding to NLP algorithms and found that using a merit-based fusion of BERT, XLM-RoBERTa, and custom LSTM models achieved an F1-score of 0.852, outperforming individual models and existing methods [88]. Another research study argued that partnering an NLP model with a qualitative researcher (NLP+) can significantly reduce time and costs while yielding results aligned with traditional qualitative methods [89].
Our data collection, coding, and analysis approach was thorough and recursive. We used humans and machines to streamline and validate our approach. We identified the point of saturation, which is defined as the stage in the research process where no novel properties or dimensions emerged from the coding procedure [82]. This cyclical methodology allowed for a thorough data exploration, ensuring that all relevant themes and concepts were captured and examined until no further insights could be generated. Furthermore, this rigorous and systematic approach gave us confidence in the comprehensiveness and robustness of our findings [82].
Figure 3 visualises the interview themes with bubble size indicating the frequency of themes within each category. The data are categorised into five distinct interview themes, which were each represented by a coloured row. Within each row, bubbles correspond to specific participants’ themes with numbers reflecting their frequency in the dataset. Larger bubbles denote issues that were discussed and coded more frequently.

4. Results and Findings

In the paper, we report on the findings related to experts (participants) from the space domain, their understanding of cyber resilience and the challenges they face during space engineering projects. We interviewed twenty-three experts, and the number of participants reflected our goal as qualitative researchers to build a convincing analytical narrative based on ‘experience, complexity and detail’ rather than on statistical logic [90]. As defined in our inclusion criteria, each participant had, on average, over fifteen years of industry experience, specifically working on space-related projects. The interviews produced transcripts totalling over 11,000 words each, resulting in a comprehensive dataset of more than 300,000 words. We meticulously coded each interview transcript with a standardised coding process, ensuring consistency and accuracy across the dataset [91].
We created indicative codes, compared them with the deductive codes, and immediately identified new themes throughout the interviews. Our approach from the start was to refine individual concepts and codes into themes [92]; therefore, our results are reported in each focus area in such a matter.

4.1. Engineering Methodologies and Practices

The interview focused on three critical areas of cyber resilience in space engineering. Firstly, we inquired about the most effective engineering methodologies employed by the participants for designing, developing, and deploying critical systems—this question aimed to gather insights into the best practices and approaches used in the industry. Secondly, we explored how cybersecurity and resilience considerations are incorporated into the engineering design process. This line of questioning sought to understand the extent to which these crucial aspects are integrated into the design phase. Lastly, we asked participants about specific design principles or practices that they believe can enhance cyber resilience in systems engineering. By addressing these three areas, we aimed to gain a comprehensive understanding of cyber resilience in space systems design and identify potential strategies for improvement.
As we thematically analysed the results (Figure 3), it became apparent that experts overwhelmingly preferred MBSE and Agile engineering approaches. The expert found Model-Based Systems Engineering (MBSE) the most reliable engineering approach for cyber resilience. They expressed the synergies between Model-Based Systems Engineering (MBSE) and Agile methodologies, which, combined, offer a powerful approach for developing complex systems with enhanced flexibility [26,93,94]. MBSE provides a structured, model-centric framework for capturing system requirements, behaviour, and architecture [95], whereas Agile practices enable iterative development, rapid adaptation to change, and continuous feedback. The experts highlighted the need to integrate these two approaches for a dynamic and responsive development process that leverages both benefits. This synergy can create high-quality, customer-centric systems that evolve and adapt to changing needs [94].
According to a systems engineer interviewed for this study “Model-Based Systems Engineering (MBSE), Concurrent Engineering, and Rapid Prototyping are all effective methodologies for the development of space systems. However, MBSE, in particular, stands out due to its comprehensive system modelling capabilities, which are especially critical given the complexity of my work and the high cost of errors in space missions”.
Another central theme during the interviews was “Principles-Based Standards vs. Compliance and Late Security Incorporation”. The ”Principles-Based Standards” offer a flexible approach to cybersecurity and cyber resilience by focusing on the desired outcomes rather than strict compliance adherence [96]. The experts stressed the flexibility of the “Principles-Based Standards” with a warning that it can lead to inconsistent implementation and potential security gaps if not properly guided. However, compliance-based approaches provide clear checkboxes but may also foster a false sense of security, and support is needed to adapt to growing threats in the space domain.
The need for increased stress on cyberworthiness [97] during the initial engineering stages was also recognised as a theme. Experts emphasised the need to integrate security measures from the outset rather than as an afterthought. Furthermore, embracing zero-trust architecture (ZTA) and security by design principles were presented as essential strategies for achieving cyber resilience in complex space engineering projects. The two approaches ultimately advocate for a “never trust, always verify” [98] mindset throughout the design and development phases to ensure overall security posture and resilience against cyber threats [99].
The further themes were “Cyber Consideration Frequency and Cybersecurity Inclusion,” where experts highlighted the need for proactive inclusion of security measures throughout the engineering process, which is critical for developing resilient systems. They also highlighted embedding cybersecurity into the end-to-end engineering process, which, in return, can foster a culture of security awareness and build systems.

4.2. Cybersecurity and Resilience Awareness

“Slightly familiar. Absolutely a gap in our current setup.”—Systems Architect, interview participant
This interview section focused on understanding the awareness and integration of cybersecurity and resilience within space projects. Two main themes emerged: “External Threats and DDoS Concerns [100], Backdoor Vulnerabilities” and ”External Threats and Cyber Resilience Gaps”. We asked questions related to participants’ “familiarity with the concept of cybersecurity and resilience”, “understanding of critical cyber vulnerabilities and risks specific to the industry”, and “ current level of cybersecurity and resilience in ground stations used for operations”. Our thematic analysis revealed a severe concern regarding DDoS attacks, which can disrupt mission-critical operations by overwhelming system resources. Participants underscored the necessity of robust defence mechanisms to mitigate such threats, highlighting strategies like network redundancy, advanced threat detection systems, and response protocols to ensure system resilience against DDoS incidents [101].
Our discussion on backdoor vulnerabilities highlighted the substantial risks posed by unauthorised access points that can be exploited to infiltrate systems. The experts underscored the importance of rigorous access controls, continuous monitoring, and thorough security audits to detect and eliminate potential backdoors. If not addressed promptly, these vulnerabilities can compromise the entire system, leading to data breaches and operational disruptions. When exploring cyber resilience gaps, it became evident that external threats and the dynamic nature of the cyber threat landscape necessitate the continuous adaptation and improvement of security measures. Participants pointed out that existing cybersecurity frameworks often fall short in addressing the rapidly evolving threats, leading to potential gaps in resilience. They advocated for a more proactive approach, incorporating continuous risk assessment and adaptive security measures to bridge these gaps effectively.
The additional themes identified during our analysis were the lack of understanding of cybersecurity and how to achieve it (“Familiarity with Cybersecurity”), which has been reported to be an afterthought that needs to be addressed by providing comprehensive training.
The inductive code frequency in Figure 4 illustrates the prevalence of various themes identified in the dataset related to cybersecurity resilience in space systems design. Each bar represents a specific question (Q1 to Q15) with the length reflecting the frequency of codes linked to that issue.

4.3. Challenges and Barriers

We further explored the challenges and barriers faced in ensuring cyber resilience in space engineering while concentrating on “Insider Threats and Cyber Resilience Gaps” and “Testing and Validation Challenges and Complexity Management Issues.” These areas are critical for understanding the limitations and risks inherent in the current approaches to cyber resilience within the space sector. Insider threats represent a significant challenge to the cybersecurity and resilience of space systems [102]. Unlike external threats, insiders have legitimate access to the system and can exploit their knowledge and privileges to cause harm. Such threat is a concern in space systems, where the complexity and criticality of operations mean that any malicious action can have far-reaching consequences. Therefore, the intricacies of space missions with high trust placed in personnel can create a unique environment where insider threats can be particularly devastating [103]. Addressing these threats requires a multi-faceted approach that includes robust access controls, continuous monitoring, and a culture of security awareness.
The participants highlighted the lack of comprehensive insider threat management strategies, which were raised to further exacerbate the gaps in cyber resilience. Typically, organisations concentrate their efforts on perimeter defences, neglecting the need for internal surveillance and anomaly detection [104]. Effective insider threat management in space systems should incorporate advanced techniques such as behavioural analytics, which can identify unusual patterns of activity that may indicate malicious intent.
The theme that caught our attention was the testing and validating of cyber resilience in space systems. Space systems have numerous interdependent components, each with its vulnerabilities [105]. Our analysis showed that experts raised concerns about the significance of thorough and continuous testing to ensure the systems can withstand cyber attacks.
“The complexity of the end-to-end system, involving multiple parties, is a primary challenge to integrating cyber resilience. Additionally, change management and testing, with high rates of change, pose difficulties. The speed of detection and response to threats is critical, balancing response methods with vulnerabilities and understanding trade-offs, including the risk of over-protecting systems to the point of impeding legitimate access.”—Lead Engineer, interview participant
Complexity management was noted as another crucial issue. The interconnected nature of space systems means that a vulnerability in one component can have cascading effects on the entire system [105]. Therefore, managing such complexity requires a holistic approach that considers the interactions between different components and the potential for emergent vulnerabilities. Techniques such as Model-Based Systems Engineering (MBSE) were indicated to be the preferred engineering approach, which can be instrumental in managing complexity by providing a comprehensive, model-driven framework for system design and analysis [63].
The additional emergent theme was the need for stakeholders’ understanding and alignment regarding the importance and prioritisation of cybersecurity measures in engineering projects. Our analysis showed that this difficulty requires effective communication and collaboration among stakeholders to foster a shared understanding of the critical role of cybersecurity and resilience in each project’s success. The budget limitations to invest in the latest technologies and training were also raised as concerns.

4.4. Standards, Regulations, and Architectural Aspects

The two important themes that emerged were “Principles-Based Standards and Compliance Hindrance” and “Standards Benefits Recognition and Frameworks Local Adjustments.” These themes highlight the intricate balance between the flexibility provided by principles-based standards and the rigid structure of compliance-based approaches and how the benefits of a cybersecurity and cyber resilience engineering framework can be achieved by providing adjustments based on project requirements. Our investigation showed that the experts understood that principles-based standards offer a flexible framework for cybersecurity and resilience by focusing on desired outcomes rather than prescriptive compliance measures. They also significantly understood how security strategies must be tailored based on threats and not compliance. The experts presented their displeasure with the “checklist” approach to current security measures within their organisations. They expressed the urgency around critical changes in maintaining and measuring cybersecurity and resilience. However, despite such views, they recognised the benefits of standards and their criticality for enhancing cyber resilience in space systems. One expert said, “Standards provide a common framework and language for cybersecurity, facilitating collaboration and information sharing among us engineers and our stakeholders”.
“Moving to a principles and risk-based approach has helped to unlock some of that stuffiness. If standards are risk-based and principles-based rather than compliance-based, then that’s a good thing.”—Cybersecurity Lead Engineer, interview participant
The further themes, “Compliance vs Timelines Balance,” identifies how engineers feared delays during cybersecurity compliance, and “Monitoring Importance, Holistic Security” highlighted that the experts deemed it essential to utilise advanced AI technologies for advanced data monitoring to ensure security at all project design, development, and deployment stages.

4.5. Framework Development and Implementation

This part of our interview focused on what the new cyber resilience engineering framework should include so that experts can find it helpful in overcoming their current cyber security and resilience challenges. We also focused on how to measure the success or failure of implementing such a framework to incorporate cyber resilience decisions at an early stage of project design and development.
“The cyber resilience framework must be flexible, adaptable, and integrated early into the engineering processes. It is essential from the outset, not as an afterthought, to avoid costly redesigns and rework later in the project. The framework should be fundamental to engineering processes, considering cyber security issues from the beginning. The framework needs to stay up to date with rapid changes in systems and technology, which requires the involvement of skilled professionals continuously assessing and addressing potential vulnerabilities and risks.”—Cyber GRC Engineer, interview participant
The experts agreed that drawing upon various engineering methodologies that have proven successful in the field is essential to achieving a practical cyber resilience framework. They highlighted the significance of Model-Based Systems Engineering (MBSE) and Agile methodologies as the most effective approaches for designing, developing, and deploying critical space systems. Experts also often referred to “security by design” as one of the core values of the new framework, which would ensure that security is embedded throughout the system’s life cycle rather than being an afterthought.
Additional themes, such as “Defence in Depth Approach” and “Measure Attacks For Validation”, also emerged as critical factors in designing a new framework. One expert said, “If the success rate of cyber-attacks goes down, or our services stay operational during such an attack, then I would consider the framework a win”.

5. Discussions

Our study’s findings highlight several critical areas within cyber resilience in space engineering that warrant further investigation. Our interviews with experts from the space industry provide a thorough snapshot of current practices and challenges. However, these insights underline the complexities and evolving nature of cyber resilience in space systems and point to significant implications for future research and practical applications.
Incorporating cybersecurity and resilience considerations into the engineering design process emerged as a critical theme. Our findings indicate a strong consensus among experts on embedding security measures from the earliest stages of system design. Future research should explore the development of specific framework and guidelines that facilitate the practical implementation of principles known as security by design alongside zero-trust architecture. Additionally, investigating the effectiveness of these approaches in real-world scenarios will provide valuable insights into their applicability and impact.
The mind map in Figure 5 outlines new indicative codes from the interviews. Key concerns include controls application, firewall resilience, physical security, and the zero-trust model. Organisational and technical challenges, such as technical skill shortages, cross-departmental collaboration, and life-cycle adaptability, are also highlighted. Furthermore, the codes further emphasise the importance of design framework flexibility, late security incorporation, and agile flexibility to improve resilience in space systems design. Therefore, the insights provide fresh perspectives for addressing cybersecurity challenges.
Our study also highlights the ongoing debate between principles-based standards and compliance-based approaches. While principles-based standards offer flexibility and focus on desired outcomes, they can lead to consistent implementation with proper guidance. Future research is needed to develop hybrid models that combine the strengths of both approaches, ensuring robust and adaptable cybersecurity practices.
The challenges posed by insider threats and the complexities of testing and validating cyber resilience were prominent in our discussions. Insider threats, due to the legitimate access and deep knowledge insiders possess, represent a significant risk. Advanced detection techniques, such as behavioural analytics, were identified as necessary for effective mitigation. Future research should focus on developing and refining these techniques and exploring how they can be integrated into existing security frameworks. Moreover, the intricate nature of space systems, with their numerous interdependent components, calls for continuous and rigorous testing. Research efforts should aim to create comprehensive testing protocols that can effectively assess the resilience of these complex systems.
We spotlight the ongoing debate between principles-based standards and compliance-based approaches. Although principles-based standards offer flexibility and focus on outcomes, they can lead to consistent implementation with proper guidance. Contrarily, although compliance-based approaches provide clear, rigid measures, they may need to be sufficiently adaptive to evolving threats. Our finding underscores the need for a balanced approach that leverages the strengths of both methods to maintain robust cybersecurity.
Another critical area highlighted by our study is the need for improved stakeholder understanding and alignment regarding cybersecurity. Effective communication and collaboration among all stakeholders are essential for prioritising and implementing cyber resilience measures. Additionally, addressing budget constraints through innovative funding models and resource allocation strategies will enable organisations to invest in the necessary technologies and training.
Future research should investigate strategies for enhancing stakeholder engagement and fostering a culture of cybersecurity awareness within organisations. Improving stakeholder understanding and alignment regarding cybersecurity measures is vital. Therefore, innovative funding models and resource allocation strategies should be explored to enable organisations to invest in the necessary technologies and workforce in-house and online training.

6. Conclusions

This study demonstrates that experts in the space domain exhibit a nuanced understanding of cyber resilience and face particular challenges in their engineering projects. Through interviews with professionals from diverse roles, we identified several key themes that inform the current state of cyber resilience in space design.
First, our findings indicate that a substantial preference among experts incorporating cybersecurity and resilience considerations throughout the engineering design process emerged as a critical theme. Almost all participants emphasised the importance of embedding security measures from the earliest stages of system design, advocating for principles such as zero-trust architecture and security by design. These approaches ensure that security is integral to the system life cycle, enhancing overall resilience and reducing vulnerabilities. Second, there is also a preference for Model-Based Systems Engineering (MBSE) and Agile methodologies. These approaches are viewed as synergistic, providing a robust framework for developing complex systems with enhanced flexibility and adaptability.
A noteworthy point of discussion was the tension between principles-based standards and compliance-based approaches. While principles-based standards offer flexibility and focus on desired outcomes, they can lead to inconsistent implementation if not properly guided. Contrarily, compliance-based approaches were identified to provide clear, prescriptive measures but may need help to adapt to growing threats. The participants underscored the need for a balanced approach that leverages the strengths of both methods to maintain robust cybersecurity.
The study furthermore highlighted the participants’ understanding of challenges posed by insider threats and the complexities of testing and validating cyber resilience in space systems. The complexity of space systems, with their numerous interdependent components, demands continuous and rigorous testing to ensure resilience against cyber-attacks. Similarly, the participants pointed out the need for improved stakeholder understanding, effective communication and alignment regarding the importance of cybersecurity measures. Additionally, budget constraints were identified as a significant barrier to investing in the latest technologies and staff training necessary for robust cybersecurity.
In conclusion, our findings underscore the critical importance of integrating diverse engineering methodologies and proactive cybersecurity measures to enhance the resilience of space systems. The insights provided by the experts highlight the necessity for a comprehensive and integrated engineering approach that addresses the unique challenges inherent in space design due to their size, location, and complicated technology. Moving forward, we advocate for further research in developing a novel cyber resilience framework that leverages proven methodologies and incorporates security by design principles. In future work, we intend to develop the proposed framework and employ the face validity method [106,107,108], a crucial practice within research methodology, particularly in the context of validating frameworks and methodologies.

Author Contributions

Conceptualisation, S.S. and K.J.; Methodology, S.S. and K.J.; Software, S.S.; Investigation, S.S.; Formal analysis, S.S. and J.P.; Writing—original draft preparation, S.S.; Writing—review and editing, S.S., L.Q., F.D., J.P. and K.J.; Visualisation, S.S.; Supervision, K.J., L.Q. and F.D. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The data supporting this study are confidential and protected by agreements with space designers and UNSW ethics guidelines. Therefore, it is not publicly available in raw form. However, to ensure transparency and collaboration, researchers can contact the corresponding author to access derived or aggregated data. Permission will be granted following the legal process set by the UNSW ethics committee and the space designers.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Gheorghe, A.V.; Georgescu, A.; Bucovețchi, O.; Lazăr, M.; Scarlat, C. New Dimensions for a Challenging Security Environment: Growing Exposure to Critical Space Infrastructure Disruption Risk. Int. J. Disaster Risk Sci. 2018, 9, 555–560. [Google Scholar] [CrossRef]
  2. Georgescu, A.; Bucovetchi, O.; Tatar, U. Space systems as critical infrastructures. FAIMA Bus. Manag. J. 2018, 6, 24–34. [Google Scholar]
  3. Commission, E. Proposal for a Regulation of the European Parliament and of the Council: Establishing a Union Resettlement Framework and Amending Regulation (EU) No 516/2014 of the European Parliament and the Council, COM(2016) 705 final, 2016. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52016PC0468 (accessed on 10 October 2024).
  4. Adamy, D.L. EW 105: Space Electronic Warfare; Artech House: Norwood, MA, USA, 2021. [Google Scholar]
  5. Stevenson, A. Oxford Dictionary of English; Oxford University Press: Oxford, UK, 2010. [Google Scholar]
  6. İnce, F. Military Importance of Space and Space Security; Transnational Press: London, UK, 2024. [Google Scholar]
  7. Varadharajan, V.; Suri, N. Security challenges when space merges with cyberspace. Space Policy 2024, 67, 101600. [Google Scholar] [CrossRef]
  8. Jazeera, A. Russia Launches Space Weapon in Path of US Satellite: Pentagon, May 22, 2024. Available online: https://www.aljazeera.com/news/2024/5/22/russia-launches-space-weapon-in-path-of-us-satellite-pentagon (accessed on 10 October 2024).
  9. Brenner, S.W. At light speed: Attribution and response to cybercrime/terrorism/warfare. J. Crim. L. Criminol. 2006, 97, 379. [Google Scholar]
  10. Lehto, M.; Neittaanmäki, P. Cyber Security: Critical Infrastructure Protection; Springer Nature: Berlin/Heidelberg, Germany, 2022; Volume 56. [Google Scholar]
  11. Wheeler, T. In cyberwar, there are no rules. Foreign Policy 2018, 34–41. [Google Scholar]
  12. Hirshorn, S.R.; Voss, L.D.; Bromley, L.K. Nasa Systems Engineering Handbook; Technical Report; NASA: Washington, DC, USA, 2017.
  13. Wertz, J.R.; Everett, D.F.; Puschell, J.J. Space Mission Engineering: The New SMAD; Microcosm Press: Hawthorne, CA, USA, 2011. [Google Scholar]
  14. Georgescu, A.; Gheorghe, A.V.; Piso, M.I.; Katina, P.F. Critical Space Infrastructures: Risk, Resilience and Complexity; Springer: Berlin/Heidelberg, Germany, 2019; Volume 36. [Google Scholar]
  15. Schrogl, K.U.; Hays, P.L.; Robinson, J.; Moura, D.; Giannopapa, C. Space as a Critical Infrastructure, Handbook of Space Security; Springer: Berlin/Heidelberg, Germany, 2015. [Google Scholar]
  16. Hughes, K.; di Pasquale, P.; Babuscia, A.; Fesq, L. On-demand command and control of asteria with cloud-based ground station services. In Proceedings of the 2021 IEEE Aerospace Conference (50100), Big Sky, MT, USA, 6–13 March 2021; IEEE: New York, NY, USA, 2021; pp. 1–15. [Google Scholar]
  17. Way, T. Counterspace Weapons 101—Aerospace Security. Available online: https://aerospace.csis.org/aerospace101/counterspace-weapons-101 (accessed on 1 September 2021).
  18. Burch, R. Resilient Space Systems Design: An Introduction; CRC Press: Boca Raton, FL, USA, 2019. [Google Scholar]
  19. Egeli, S. Space-to-Space Warfare and Proximity Operations: The Impact on Nuclear Command, Control, and Communications and Strategic Stability. J. Peace Nucl. Disarm. 2021, 4, 116–140. [Google Scholar] [CrossRef]
  20. Burnett, D.R.; Beckman, R.; Davenport, T.M. Submarine Cables: The Handbook of Law and Policy; Martinus Nijhoff Publishers: Leiden, The Netherlands, 2013. [Google Scholar]
  21. Aarne, H. Undersea optical cable network and cyber threats. In Proceedings of the European Conference on Information Warfare and Security, ECCWS, Coimbra, Portugal, 4–5 July 2019; pp. 650–659. [Google Scholar]
  22. Usman, M.; Qaraqe, M.; Asghar, M.R.; Shafique Ansari, I. Mitigating distributed denial of service attacks in satellite networks. Trans. Emerg. Telecommun. Technol. 2020, 31, e3936. [Google Scholar] [CrossRef]
  23. Slann, P.A. Anticipating uncertainty: The security of European critical outer space infrastructures. Space Policy 2016, 35, 6–14. [Google Scholar] [CrossRef]
  24. Shahzad, S.; Joiner, K.; Deane, F.; Qiao, L. Taming the Confluence of Space Systems and Cybersecurity. In Cybersecurity for Decision Makers; CRC Press: Boca Raton, FL, USA, 2023; pp. 147–167. [Google Scholar]
  25. Baylon, C. Challenges at the intersection of cyber security and space security. Int. Secur. 2014. [Google Scholar]
  26. Ciampa, P.D.; La Rocca, G.; Nagel, B. A mbse approach to mdao systems for the development of complex products. In Proceedings of the AIAA Aviation 2020 Forum, Virtual Event, 15–19 June 2020; p. 3150. [Google Scholar]
  27. Yost, B.; Weston, S. State-of-the-Art Small Spacecraft Technology; Technical report; Ames Research Center, Moffett Field: California, CA, USA, 2024.
  28. Sandau, R.; Brieß, K.; D’Errico, M. Small satellites for global coverage: Potential and limits. ISPRS J. Photogramm. Remote Sens. 2010, 65, 492–504. [Google Scholar] [CrossRef]
  29. Bankey, V.; Upadhyay, P.K.; Costa, D.B.d. Physical layer security in hybrid satellite-terrestrial relay networks. Phys. Layer Secur. 2021, 1–28. [Google Scholar]
  30. Han, S.; Li, J.; Meng, W.; Guizani, M.; Sun, S. Challenges of physical layer security in a satellite-terrestrial network. IEEE Netw. 2022, 36, 98–104. [Google Scholar] [CrossRef]
  31. Shahzad, S.; Qiao, L. Need for a cyber resilience framework for critical space infrastructure. In Proceedings of the International Conference on Cyber Warfare and Security, Albany, NY, USA, 17–18 March 2022; Volume 17, pp. 404–412. [Google Scholar]
  32. Boschetti, N.; Smethurst, C.; Epiphaniou, G.; Maple, C.; Sigholm, J.; Falco, G. Ground station as a service reference architectures and cyber security attack tree analysis. In Proceedings of the 2023 IEEE Aerospace Conference, Big Sky, MT, USA, 4–11 March 2023; pp. 1–12. [Google Scholar]
  33. Rieger, C.; Kolias, C.; Ivans, R.C.; Eggers, S. Trade-off analysis of operational technologies to advance cyber resilience through automated and autonomous response to threats. In Proceedings of the 2022 Resilience Week (RWS), National Harbor, MD, USA, 26–29 September 2022; pp. 1–8. [Google Scholar]
  34. Herget, M.; Saadatmand, F.S.; Bor, M.; Alonso, I.G.; Stefanov, T.; Akesson, B.; Pimentel, A.D. Design space exploration for distributed cyber-physical systems: State-of-the-art, challenges, and directions. In Proceedings of the 2022 25th Euromicro Conference on Digital System Design (DSD), Maspalomas, Spain, 31 August–2 September 2022; pp. 632–640. [Google Scholar]
  35. Khorrami, F.; Krishnamurthy, P.; Karri, R. Cybersecurity for control systems: A process-aware perspective. IEEE Des. Test 2016, 33, 75–83. [Google Scholar] [CrossRef]
  36. Wooderson, P.; Ward, D. Cybersecurity Testing and Validation; Technical report; SAE International: Warrendale, PA, USA, 2017. [Google Scholar]
  37. Glossary, N. Definition of cyber resiliency. Available online: https://csrc.nist.gov/glossary/term/cyber_resiliency (accessed on 25 May 2024).
  38. Björck, F.; Henkel, M.; Stirna, J.; Zdravkovic, J. Cyber resilience–fundamentals for a definition. In New Contributions in Information Systems and Technologies; Springer: Berlin/Heidelberg, Germany, 2015; pp. 311–316. [Google Scholar]
  39. Sadraey, M.H. Aircraft Design: A Systems Engineering Approach; John Wiley & Sons: Hoboken, NJ, USA, 2012. [Google Scholar]
  40. Nejib, P.; Beyer, D.; Yakabovicz, E. Systems security engineering: What every system engineer needs to know. In Proceedings of the INCOSE International Symposium; Wiley Online Library: Hoboken, NJ, USA, 2017; Volume 27, pp. 434–445. [Google Scholar]
  41. Falco, G. The vacuum of space cyber security. In Proceedings of the 2018 AIAA SPACE and Astronautics Forum and Exposition, Orlando, FL, USA, 17–19 September 2018; p. 5275. [Google Scholar]
  42. McGrath, E.; Ardis, M.; Lowes, S.; Lam, S.; Jurado, C. Research on building education and workforce capacity in systems engineering. In Proceedings of the Workshop Report, Systems Engineering Research Center, Arlington, TX, USA, 31 October 2011. [Google Scholar]
  43. O’Connor, S.E. Managing the Cyber-Related Risks to Space Activities. In Risk Management in Outer Space Activities: An Australian and New Zealand Perspective; Springer: Berlin/Heidelberg, Germany, 2022; pp. 151–175. [Google Scholar]
  44. Yaacoub, J.P.; Noura, H.; Salman, O.; Chehab, A. Security analysis of drones systems: Attacks, limitations, and recommendations. Internet Things 2020, 11, 100218. [Google Scholar] [CrossRef]
  45. Maple, C.; Bradbury, M.; Yuan, H.; Farrell, M.; Dixon, C.; Fisher, M.; Atmaca, U.I. Security-minded verification of space systems. In Proceedings of the 2020 IEEE Aerospace Conference, Big Sky, MT, USA, 7–14 March 2020; pp. 1–13. [Google Scholar]
  46. Livingstone, D.; Lewis, P. Space, the Final Frontier for Cybersecurity? Chatham House: London, UK; The Royal Institute of International Affairs: London, UK, 2016. [Google Scholar]
  47. Jakhu, R.S.; Pelton, J.N.; Nyampong, Y.O.M. Space Mining and Its Regulation; Springer: Berlin/Heidelberg, Germany, 2017; Volume 106. [Google Scholar]
  48. Hutchins, R. Cyber Defense of Space Assets; Tufts School of Engineering: Medford, MA, USA, 2016; pp. 1–18. [Google Scholar]
  49. Shackelford, S.J.; Fort, T.L.; Charoen, D. Sustainable cybersecurity: Applying lessons from the green movement to managing Cyber Attacks. U. Ill. L. Rev. 2016, 2016, 1995. [Google Scholar] [CrossRef]
  50. Zhang, P.; Chen, N.; Shen, S.; Yu, S.; Kumar, N.; Hsu, C.H. AI-enabled space-air-ground integrated networks: Management and optimization. IEEE Netw. 2023, 38, 186–192. [Google Scholar] [CrossRef]
  51. Georgescu, A.; Botezatu, U.E.; Arseni, S.; Barbu, A.; Boiangiu, L. Deliberate threats to critical space infrastructure—ASAT and the strategic context. Sci. Bull. Nav. Acad. 2015, 18, 419–427. [Google Scholar]
  52. Hussain, E. CPEC: Governance and security challenges—Implications for the Belt and Road Initiative. Chin. Political Sci. Rev. 2019, 4, 135–147. [Google Scholar] [CrossRef]
  53. Pavur, J.; Martinovic, I. Sok: Building a launchpad for impactful satellite cyber-security research. arXiv 2020, arXiv:2010.10872. [Google Scholar]
  54. Van der Watt, R.; Slay, J. Modification of the Lockheed Martin Cyber Kill Chain (LMCKC) for cyber security breaches concerning Low Earth Orbit (LEO) Satellites. In Proceedings of the 16th International Conference on Cyber Warfare and Security, Online, 25–26 February 2021; pp. 473–476. [Google Scholar]
  55. Seedhouse, E. SpaceX: Making Commercial Spaceflight a Reality; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2013. [Google Scholar]
  56. Bikos, A.N.; Kumar, S.A. Enhancing space security utilizing the blockchain: Current status and future directions. In Proceedings of the 2022 IEEE International Conference on Wireless for Space and Extreme Environments (WiSEE), Winnipeg, MB, Canada, 12–14 October 2022; pp. 77–82. [Google Scholar]
  57. Cinar, B. Supply Chain Cybersecurity: Risks, Challenges, and Strategies for a Globalized World. J. Eng. Res. Rep. 2023, 25, 196–210. [Google Scholar] [CrossRef]
  58. Jacobs, B. A Comparative Study of EU and US Regulatory Approaches to Cybersecurity in Space. Air Space Law 2023, 48, 477–492. [Google Scholar] [CrossRef]
  59. Martin, A.S. Outer space, the final frontier of cyberspace: Regulating cybersecurity issues in two interwoven domains. Astropolitics 2023, 21, 1–22. [Google Scholar] [CrossRef]
  60. Abu-Bonsra, N.A. Summary Report of the International Institute of Air and Space Law’s (IIASL) International Air Law Conference on Aviation Cybersecurity, Leiden, Netherlands on 11th of May 2023. Air Space Law 2023, 48. [Google Scholar] [CrossRef]
  61. Vessels, L.; Heffner, K.; Johnson, D. Cybersecurity risk assessment for space systems. In Proceedings of the 2019 IEEE Space Computing Conference (SCC), Pasadena, CA, USA, 30 July–1 August 2019; pp. 11–19. [Google Scholar]
  62. Lane, D.; Leon, E.; Solio, D.; Cunningham, D.; Obukhov, D.; Tacliad, F.C. High-Assurance Cyber Space Systems for Small Satellite Mission Integrity. 2017. Available online: https://digitalcommons.usu.edu/smallsat/2017/all2017/95/ (accessed on 10 October 2024).
  63. Kirshner, M. Model-Based Systems Engineering Cybersecurity for Space Systems. Aerospace 2023, 10, 116. [Google Scholar] [CrossRef]
  64. Visner, S.S. Development of Cybersecurity Norms for Space Systems. In ASCEND 2021; The MITRE Corporation: McLean, VA, USA, 2021; p. 4050. [Google Scholar]
  65. Bodeau, D.; Brtis, J.; Graubart, R.; Salwen, J. Resiliency techniques for systems-of-systems extending and applying the Cyber Resiliency Engineering Framework to the space domain. In Proceedings of the 2014 7th International Symposium on Resilient Control Systems (ISRCS), Denver, Colorado, USA, 19-21 August 2014; pp. 1–6. [Google Scholar]
  66. Januário, F.; Cardoso, A.; Gil, P. Resilience enhancement through a multi-agent approach over cyber-physical systems. In Proceedings of the 2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE), Bali, Indonesia, 24–26 July 2018; pp. 231–236. [Google Scholar]
  67. Freeland, S.; Gruttner, E. The laws of war in outer space. In Handbook of Space Security: Policies, Applications and Programs; Springer: Berlin/Heidelberg, Germany, 2020; pp. 73–93. [Google Scholar]
  68. Martinez, P. The UN COPUOS Guidelines for the Long-Term Sustainability of Outer Space Activities. J. Space Saf. Eng. 2021, 8, 98–107. [Google Scholar] [CrossRef]
  69. Policy, N.S. National Space Policy Directive5. Cybersecur. Princ. Space Syst. 2020. [Google Scholar]
  70. Schmitt, M.N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations; Cambridge University Press: Cambridge, UK, 2017. [Google Scholar]
  71. NC, K.D. Creativity in the design process: Co-evolution of problem-solution. Des. Stud. 2001, 22, 13. [Google Scholar]
  72. DiMase, D.; Collier, Z.A.; Heffner, K.; Linkov, I. Systems engineering framework for cyber physical security and resilience. Environ. Syst. Decis. 2015, 35, 291–300. [Google Scholar] [CrossRef]
  73. Bodeau, D.; Graubart, R.; Picciotto, J.; McQuaid, R. Cyber Resiliency Engineering Framework; MTR110237; MITRECorporation: Bedford, MA, USA, 2011. [Google Scholar]
  74. Andreas, A.; Abdelmajid, K. A semantic model-based security engineering framework for cyber-physical systems. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December 2020–1 January 2021. [Google Scholar]
  75. Falco, G. Cybersecurity principles for space systems. J. Aerosp. Inf. Syst. 2019, 16, 61–70. [Google Scholar] [CrossRef]
  76. Manulis, M.; Bridges, C.P.; Harrison, R.; Sekar, V.; Davis, A. Cyber security in new space: Analysis of threats, key enabling technologies and challenges. Int. J. Inf. Secur. 2021, 20, 287–311. [Google Scholar] [CrossRef]
  77. Tedeschi, P.; Sciancalepore, S.; Di Pietro, R. Satellite-based communications security: A survey of threats, solutions, and research challenges. Comput. Netw. 2022, 216, 109246. [Google Scholar] [CrossRef]
  78. Braun, V.; Clarke, V. Using thematic analysis in psychology. Qual. Res. Psychol. 2006, 3, 77–101. [Google Scholar] [CrossRef]
  79. Vaismoradi, M.; Jones, J.; Turunen, H.; Snelgrove, S. Theme Development in Qualitative Content Analysis and Thematic Analysis; Sciedu Press: Richmond Hill, ON, Canada, 2016. [Google Scholar]
  80. Hirai, A.; Kovalyova, A. Speech-to-Text Applications’ Accuracy in English Language Learners’ Speech Transcription; University of Hawaii National Foreign Language Resource Center: Honolulu, HI, USA, 2024. [Google Scholar]
  81. Frey, T.K.; Bloch, B.S. Using Microsoft Teams to Facilitate Asynchronous Online Focus Groups. Int. J. Qual. Methods 2023, 22, 16094069231211251. [Google Scholar] [CrossRef]
  82. Ando, H.; Cousins, R.; Young, C. Achieving saturation in thematic analysis: Development and refinement of a codebook. Compr. Psychol. 2014, 3, 03-CP. [Google Scholar] [CrossRef]
  83. DeCuir-Gunby, J.T.; Marshall, P.L.; McCulloch, A.W. Developing and using a codebook for the analysis of interview data: An example from a professional development research project. Field Methods 2011, 23, 136–155. [Google Scholar] [CrossRef]
  84. Christou, P.A. Thematic Analysis through Artificial Intelligence (AI). Qual. Rep. 2024, 29, 560–576. [Google Scholar] [CrossRef]
  85. Measuring Inter-Coder Agreement: Why Cohen’s Kappa is Not a Good Choice. Available online: https://atlasti.com/research-hub/measuring-inter-coder-agreement-why-cohen-s-kappa-is-not-a-good-choice (accessed on 30 September 2024).
  86. Vasiliev, Y. Natural Language Processing with Python and spaCy: A Practical Introduction; No Starch Press: San Francisco, CA, USA, 2020. [Google Scholar]
  87. Honnibal, M.; Montani, I. spaCy 2: Natural language understanding with Bloom embeddings, convolutional neural networks and incremental parsing. Appear 2017, 7, 411–420. [Google Scholar]
  88. Ahmad, K.; Ayub, M.A.; Ahmad, K.; Khan, J.; Ahmad, N.; Al-Fuqaha, A. Merit-based fusion of nlp techniques for instant feedback on water quality from twitter text. arXiv 2022, arXiv:2202.04462. [Google Scholar]
  89. Parker, R.D.; Mancini, K.; Abram, M.D. Natural language processing enhanced qualitative methods: An opportunity to improve health outcomes. Int. J. Qual. Methods 2023, 22, 16094069231214144. [Google Scholar] [CrossRef]
  90. Baker, S.E.; Edwards, R. How Many Qualitative Interviews is Enough. 2012. Available online: http://eprints.ncrm.ac.uk/2273/ (accessed on 7 November 2016).
  91. Moral, C.; de Antonio, A.; Ferre, X.; Lara, G. A coding system for qualitative studies of the information-seeking process in computer science research. Inf. Res. Int. Electron. J. 2015, 20, n4. [Google Scholar]
  92. Rubin, H.J.; Rubin, I.S. Qualitative Interviewing: The Art of Hearing Data; Sage: Newcastle upon Tyne, UK, 2011. [Google Scholar]
  93. Boggero, L.; Ciampa, P.D.; Nagel, B. An MBSE architectural framework for the agile definition of complex system architectures. In Proceedings of the AIAA Aviation 2022 Forum, Chicago, IL, USA, 27 June–1 July 2022; p. 3720. [Google Scholar]
  94. Papke, B.L.; Wang, G.; Kratzke, R.; Schreiber, C. Implementing MBSE–an enterprise approach to an enterprise problem. In Proceedings of the INCOSE International Symposium, Vienna, Austria, 12 October–12 November 2020; Wiley Online Library: New York, NY, USA, 2020; Volume 30, pp. 1550–1567. [Google Scholar]
  95. Henderson, K.; Salado, A. Value and benefits of model-based systems engineering (MBSE): Evidence from the literature. Syst. Eng. 2021, 24, 51–66. [Google Scholar] [CrossRef]
  96. Brett, M. A principles-led approach to information assurance and governance in local government. Cyber Secur. A Peer-Rev. J. 2022, 5, 361–377. [Google Scholar] [CrossRef]
  97. Fowler, S.; Sitnikova, E. Toward a framework for assessing the cyber-worthiness of complex mission critical systems. In Proceedings of the 2019 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia, 12–14 November 2019; pp. 1–6. [Google Scholar]
  98. Buck, C.; Olenberger, C.; Schweizer, A.; Völter, F.; Eymann, T. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Comput. Secur. 2021, 110, 102436. [Google Scholar] [CrossRef]
  99. Shaked, A.; Tabansky, L.; Reich, Y. Incorporating systems thinking into a cyber resilience maturity model. IEEE Eng. Manag. Rev. 2020, 49, 110–115. [Google Scholar] [CrossRef]
  100. Shaaban, A.R.; Abdelwaness, E.; Hussein, M. TCP and HTTP Flood DDOS Attack Analysis and Detection for space ground Network. In Proceedings of the 2019 IEEE International Conference on Vehicular Electronics and Safety (ICVES), Cairo, Egypt, 4–6 September 2019; pp. 1–6. [Google Scholar]
  101. Shaaban, A.R.; Abdelwanees, E.; Hussein, M. Distributed Denial of Service Attacks Analysis, Detection, and Mitigation for the Space Control Ground Network: DDoS attacks analysis, detection and mitigation. Proc. Pak. Acad. Sci. A Phys. Comput. Sci. 2020, 57, 97–108. [Google Scholar]
  102. Hunker, J.; Probst, C.W. Insiders and Insider Threats-An Overview of Definitions and Mitigation Techniques. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 2011, 2, 4–27. [Google Scholar]
  103. Bureau, F.I.P. Unintentional insider threats: A foundational study. Softw. Eng. Inst. Tech. Rep. 2013. [Google Scholar]
  104. Sarkar, K.R. Assessing insider threats to information security using technical, behavioural and organisational measures. Inf. Secur. Tech. Rep. 2010, 15, 112–133. [Google Scholar] [CrossRef]
  105. Fortescue, P.; Swinerd, G.; Stark, J. Spacecraft Systems Engineering; John Wiley & Sons: Hoboken, NJ, USA, 2011. [Google Scholar]
  106. Brod, M.; Tesler, L.E.; Christensen, T.L. Qualitative research and content validity: Developing best practices based on science and experience. Qual. Life Res. 2009, 18, 1263–1278. [Google Scholar] [CrossRef]
  107. Arpaci, I.; Sevinc, K. Development of the cybersecurity scale (CS-S): Evidence of validity and reliability. Inf. Dev. 2022, 38, 218–226. [Google Scholar] [CrossRef]
  108. Zwilling, M.; Klien, G.; Lesjak, D.; Wiechetek, Ł.; Cetin, F.; Basim, H.N. Cyber security awareness, knowledge and behavior: A comparative study. J. Comput. Inf. Syst. 2022, 62, 82–97. [Google Scholar] [CrossRef]
Systems 12 00434 g001
Figure 1. Deductive codes of interview questions.
Figure 1. Deductive codes of interview questions.
Systems 12 00434 g001
Systems 12 00434 g002
Figure 2. Flow chart of the research procedure.
Figure 2. Flow chart of the research procedure.
Systems 12 00434 g002
Systems 12 00434 g003
Figure 3. Major themes from thematic analysis of interview data.
Figure 3. Major themes from thematic analysis of interview data.
Systems 12 00434 g003
Systems 12 00434 g004
Figure 4. Inductive code frequency.
Figure 4. Inductive code frequency.
Systems 12 00434 g004
Systems 12 00434 g005
Figure 5. New themes found in inductive codes.
Figure 5. New themes found in inductive codes.
Systems 12 00434 g005
Table 1. Summary of roles, participant count, sector, and average experience in space-related cybersecurity and engineering projects.
Table 1. Summary of roles, participant count, sector, and average experience in space-related cybersecurity and engineering projects.
RoleNo. of ParticipantsSectorAverage Experience (Years)
Lead Engineers4Defence Industry, Aerospace, Consulting18+
Architects3Defence Industry, Aerospace, Consulting20+
Testers2Defence Industry, Aerospace12+
Aerospace Engineers4Aerospace10+
Cybersecurity Experts4Defence Industry, Aerospace, Consulting15+
Cyber Governance4Aerospace, Consulting14+
Technical Project Managers2Defence Industry, Aerospace20+
Systems Engineers4Government Agency20+
DevSecOps Engineers2Government Agency10+
Space Lawyer1Consulting15+
Table 2. Five focus areas for interview analysis.
Table 2. Five focus areas for interview analysis.
NoThemeQuestion
Q1Engineering Methodologies and PracticesEffective engineering methodologies for designing, developing, and deploying critical systems
Q2Engineering Methodologies and PracticesIncorporation of cybersecurity and resilience considerations into the engineering design process
Q3Engineering Methodologies and PracticesDesign principles and practices to enhance cyber resilience in systems engineering
Q4Cybersecurity and Resilience AwarenessFamiliarity with the concept of cybersecurity and resilience in the context of systems engineering
Q5Cybersecurity and Resilience AwarenessUnderstanding of critical cyber vulnerabilities and risks specific to the industry
Q6Cybersecurity and Resilience AwarenessCurrent level of cybersecurity and resilience in ground stations used for operations
Q7Challenges and BarriersMain challenges to integrating cyber resilience into system design
Q8Challenges and BarriersSignificant challenges faced when ensuring the cyber resilience of complex systems
Q9Challenges and BarriersPotential challenges or barriers that might arise during the implementation of the cyber resilience engineering framework
Q10Standards, Regulations, and Architectural AspectsImpact of international and domestic standards and regulations on cybersecurity and resilience
Q11Standards, Regulations, and Architectural AspectsCrucial system-level architectural aspects for achieving cyber resilience in systems engineering
Q12Framework Development and ImplementationSpecific requirements or features expected in a new engineering framework for incorporating cyber resilience
Q13Framework Development and ImplementationIntegration of the cyber resilience framework into engineering processes and its flexibility and adaptability
Q14Framework Development and ImplementationMetrics or indicators for assessing the effectiveness of the framework in enhancing cyber resilience
Q15Framework Development and ImplementationEffective training formats and resources for promoting the incorporation of the framework into projects
Table 3. Summary of data analysis stages.
Table 3. Summary of data analysis stages.
StageDescription
InterviewInvitations were sent by the chief investigator. Participants chose to meet either face-to-face or via Microsoft Teams.
TranscriptionInterviews were automatically transcribed using Microsoft Teams. Transcripts were reviewed and checked for accuracy against the recordings.
CodingInductive coding was applied to each data item, ensuring equal attention throughout the process.
VerificationCodes were validated by comparing AtlasTI’s AI-generated codes [83,84] with spaCy libraries [86] and verified by human experts. Inductive codes were also cross-checked with deductive codes to identify new insights.
Thematic AnalysisThemes were identified, collated, and cross-referenced with each other and the original data set [79].
AnalysisThe final analysis ensured validity and reliability using rigorous methodological approaches.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Shahzad, S.; Joiner, K.; Qiao, L.; Deane, F.; Plested, J. Cyber Resilience Limitations in Space Systems Design Process: Insights from Space Designers. Systems 2024, 12, 434. https://doi.org/10.3390/systems12100434

AMA Style

Shahzad S, Joiner K, Qiao L, Deane F, Plested J. Cyber Resilience Limitations in Space Systems Design Process: Insights from Space Designers. Systems. 2024; 12(10):434. https://doi.org/10.3390/systems12100434

Chicago/Turabian Style

Shahzad, Syed, Keith Joiner, Li Qiao, Felicity Deane, and Jo Plested. 2024. "Cyber Resilience Limitations in Space Systems Design Process: Insights from Space Designers" Systems 12, no. 10: 434. https://doi.org/10.3390/systems12100434

APA Style

Shahzad, S., Joiner, K., Qiao, L., Deane, F., & Plested, J. (2024). Cyber Resilience Limitations in Space Systems Design Process: Insights from Space Designers. Systems, 12(10), 434. https://doi.org/10.3390/systems12100434

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop