The purpose of this project was to identify cyber threats that currently exist within the Australian space sector, shed light on the policy and legal protection available to operators of the space infrastructure in case of cyber incidents, and recommend a set of security controls falling within both the technical and policy dimensions. It did so by enhancing and exploiting a space cyber reference architecture developed by CyberOps through the definition of 10 initial use cases of space cyber threats that exist in satellite missions.

These use cases were then used to analyse the policy and legal tools that may apply in case of different types of attacks, conducted by different types of threat actors on different parts of the attack surface. The underlying purpose was to inform specialists about the policy and legal frameworks in which they operate when developing the controls to mitigate the threat vectors. Each use case provided in the report was created in order to highlight potential policy, legal, technical, governance, and behavioural gaps in the Australian space ecosystem. None of the use cases was meant to target or implicate a specific company or country; they simply consist of scenarios that provide an accurate representation of the applicable legal framework based on different threat actors, types of attacks, and consequences.