Cyber space is not Outer Space and cyber activities are different to space activities. But where are the dividing lines? Space law applies to cyber activities when they are space activities. This leads to the question how we define space activities in the meaning of the Outer Space Treaty. With increasingly refined space applications, including satellite communication, remote sensing and navigation and networked environments that span from the Earth into Outer Space, space activities need to be defined more precisely. The other term that needs to be defined are cyber activities. They depend on network connectivity and this is the possible connecting point with space activities. However, in a computer networked environment, not every signal that traverses through Outer Space becomes a space activity. Based on the definition of both, space and cyber activities, this article attempts to delineate their intersection for a practicable understanding about when a cyber activity is a space activity. Following this approach, additional terms and concepts in connection with unauthorized cyber activities need to be more precisely distinguished, including jamming, spoofing, interference and attack. More precise definitions are key to the understanding of the concepts and the linkage between cyber and space activities.

The linkages between the two domains of outer space and cyberspace are deepening with the commercialization of outer space and the deployment of an increasing number of satellites delivering communications, navigation, and military services. However, the vulnerabilities stemming from this relationship are yet to be addressed in a comprehensive manner. While there is no policy that specifically addresses this interface, International Space Law can deal with the problems arising in this regard. Article VI of the Outer Space Treaty deals with ‘international responsibility’. However, this relationship was not considered when the treaty was drafted back in the 1960s. Cyber-attacks may affect the space assets by interfering with (a) ‘flight control’ and (b) ‘payload control’. While with regard to the former scenario, the launching state may be held responsible for activities that cause damage to the surface of the Earth, in relation to the latter, the provisions of the Outer Space Treaty and the Liability Convention cannot really be invoked. The aim of this research paper is essentially fourfold: (1) provide a background to the interface of the outer space and cyberspace, especially in view of the rise in commercialization; (2) discuss how cyber-attacks affecting space assets may be dealt with under the Outer Space Treaty and the Liability Convention; (3) explore the challenges as regards determination of responsibility in the context of life cycles of the space assets and multiple parties and finally, (4) provide the concluding remarks and suggestions.

The paper analyses existing models for recovery of damage, inflicted to space objects, and addresses major challenges, related to cyber damage: the issue of attribution, procedural issues of cyber damage recovery, possibility to recover space damage, inflicted during an armed conflict. A proposal is made to consider cyber damage as direct damage under space law liability regime and evaluate resulting increase of space debris (damage to space environment) for the purposes of compensation amount. Within responsibility for violation of space law obligations cyber damage may be recovered as the result of violation of control over space objects or as harmful interference with space activities. Violation of due diligence obligation to protect space objects (as cyber threats became more vivid) and use of force by cyber means are basis for cyber damage recovery under general international law. Damage to space objects, inflicted during an armed conflict, is recoverable for violation of principles of distinction, proportionality and precautions in attack.

Jamming and spoofing can pose significant threats to space-based assets and the services provided by them. Global navigation satellite systems (GNSS) are specifically vulnerable in this respect, considering the very low power of their signals and services. Numerous incidents of GNSS jamming and spoofing have already been reported. Cases of jamming are often not intentional and regularly have only short-term and geographically limited impacts. However, there are also intentional cases of jamming and spoofing is intentional by default. Due to their importance for military operations, for critical national infrastructure and key economic sectors, GNSS constitute primary targets of intentional jamming and spoofing. The paper analyses remedies in response to jamming and spoofing under international law as well as aspects of national law in relation to jamming and spoofing of GNSS signals.

Outer Space Treaty Article VI imposes State responsibility for the outer space activities of non-governmental entities subject to its jurisdiction. The intersection of outer space and cyberspace presents the issue of when a cyberspace activity constitutes a space activity for purposes of Article VI. The answer is fairly direct when a cyber activity is performed or engaged in by a satellite or other space object situated in space. The answer is not as clear when terrestrial cyber activity is deployed that has an effect in outer space. This paper will explore when and under what circumstances terrestrial cyber activity of non-governmental actors can be deemed to be a space activity which evokes State responsibility under Article VI. This necessitates examining what constitutes a “space activity” for purposes of Article VI. Since the Outer Space Treaty does not define the term “space activity,” the issue exists as to whether the term “space activity” is subject to definition by domestic legislation or whether it is subject to international definition. Although Article VI uses the mandatory term “shall,” it is unclear if State responsibility is strictly applied without any exception or if factors such as the actor’s intent or lack of intent, and/or the State’s exercise or lack of exercise of supervision or due diligence are relevant in determining whether a State has complied with its Article VI’s supervisory responsibility for terrestrial cyber activity of natural or juridical persons subject to its jurisdiction. Lastly, the paper will briefly explore whether a State can sufficiently supervise the terrestrial cyber activities of its nongovernmental actors which may constitute a space activity.