The Science page of The Hindu on May 4, 2026 carries a detailed analytical piece examining how modern conflict in orbital space has moved beyond the physical destruction of satellites to encompass a far more insidious and legally ambiguous theatre of cyber operations. The author draws on the 2022 Viasat KA-SAT cyber-attack that crippled communications across Europe in the initial hours of Russia’s invasion of Ukraine, as well as instances of GPS spoofing that have misdirected civilian aircraft and maritime vessels, to argue that the next major conflict will begin in silence, with jammed signals, corrupted coordinates, and compromised ground station systems.
This issue is timely for several reasons beyond the immediate examples. India is rapidly expanding its space programme, with the Indian Space Research Organisation pursuing the Gaganyaan crewed mission, the commercial satellite launch market growing through the Indian National Space Promotion and Authorisation Centre framework, and private sector entrants such as GalaxEye, which successfully launched the world’s first OptoSAR satellite aboard a SpaceX Falcon 9 on May 4, 2026 itself. The CERT-In and Space Industry Association India Guidelines of 2026, referenced in the article, represent India’s first systematic attempt to embed cybersecurity into space system design, but the author argues that an enforcement gap remains.
💡 Get AI-powered exam prep on your phone!
Background: The Architecture of Space Vulnerability
Space systems comprise three segments: the space segment consisting of the satellite itself, the ground segment including control stations and uplink facilities, and the link segment covering the radio frequency communications between the two. Each segment presents distinct cyber attack surfaces. The satellite’s onboard computer can be targeted through software vulnerabilities. Ground stations can be infiltrated through conventional network intrusion techniques. Signal links can be jammed, spoofed, or intercepted.
Five Important Key Points
- The 2022 Viasat KA-SAT cyber-attack, which preceded Russia’s kinetic invasion of Ukraine by hours, demonstrated that space-enabled cyber operations can sever critical communications infrastructure across entire continents without any physical destruction of space assets, establishing orbital cyber attack as a primary first-strike tool in modern hybrid warfare.
- The principle of distinction under international humanitarian law, which requires warring parties to distinguish between civilian and military targets, is being systematically eroded by the dual-use nature of modern satellites, which simultaneously support civilian navigation, commercial communications, and military targeting and intelligence functions.
- Under existing United Nations Charter Article 2(4), which prohibits the use of force in international relations, there is no clear legal consensus on whether a cyber operation that functionally destroys a satellite’s operational capability by bricking it constitutes a use of force equivalent to a kinetic strike.
- India’s 2026 CERT-In and SIA-India Guidelines introduced a secure-by-design doctrine that embeds cybersecurity requirements into every stage of the satellite lifecycle from design and launch to decommissioning, but the guidelines currently lack enforcement mechanisms and India is expanding its orbital presence faster than its real-time cyberattack detection capability.
- Commercial satellite constellations such as Starlink that provide space-as-a-service for military kill-chains create what the author terms the Starlink Precedent, where the civilian-military distinction effectively collapses and an entire commercial network may constitute a legitimate grey-zone target under international humanitarian law.
Legal Ambiguity and the Attribution Problem
The most significant governance challenge in space cybersecurity is the attribution gap. Under the International Law Commission’s Articles on the Responsibility of States for Internationally Wrongful Acts, state responsibility for a cyber operation requires attribution to the state with a high degree of evidentiary certainty. In practice, sophisticated state actors route cyber operations through proxy infrastructure, use spoofed identities, and exploit commercial cloud services in third countries to obscure the origin of attacks. Establishing the required evidentiary standard often takes months or years, during which the attacked state cannot invoke the right of self-defence under Article 51 of the UN Charter.
This asymmetry fundamentally favours aggressors. A state that can cause the functional equivalent of a kinetic strike against satellite infrastructure while maintaining plausible deniability for the duration of a conflict enjoys enormous strategic advantage. The existing international legal framework, built around visible, physical proof of state action, has not yet evolved mechanisms for dealing with invisible digital aggression in the orbital domain.
India’s Institutional Response and Gaps
The establishment of the Indian National Space Promotion and Authorisation Centre in 2020 created a regulatory framework for India’s growing commercial space sector, but its mandate is primarily focused on licensing and safety rather than cybersecurity. The Defence Space Agency, created in 2019 under the Integrated Defence Staff, is tasked with developing India’s military space capabilities, but coordination between civilian space cybersecurity requirements and military space doctrine remains an area requiring institutional strengthening.
India’s cyber governance architecture more broadly, centred on CERT-In under the Ministry of Electronics and Information Technology, has expanded its sectoral mandate through the 2022 CERT-In Directions and the 2026 sectoral guidelines. However, space systems present unique challenges because they span multiple jurisdictions, involve private commercial operators, and require coordination across the Ministry of Space, the Ministry of Defence, and the Ministry of Electronics and Information Technology simultaneously.
Way Forward
India must urgently develop a comprehensive National Space Cybersecurity Policy that establishes mandatory secure-by-design standards enforceable through the licensing conditions of IN-SPACe, creates a Space Cyber Incident Response Mechanism with defined timelines and inter-ministerial coordination protocols, and establishes a real-time satellite anomaly detection capability that can distinguish between technical failures and cyber intrusions. India should also engage actively in the development of international norms for cyber operations in outer space through the UN Group of Governmental Experts process and the Open-Ended Working Group on security of and in the use of information and communications technologies. Bilaterally, India should consider cyber defence cooperation agreements with space-capable nations including France, Japan, and Australia within the Quad framework.
Relevance for UPSC and SSC Examinations
This topic falls under UPSC GS-III covering Science and Technology and Internal Security, specifically space technology, cybersecurity, and challenges to internal security through communications networks. It also touches GS-II under International Relations regarding multilateral norms and treaty frameworks. Key terms aspirants must remember include dual-use satellites, CERT-In, IN-SPACe, Defence Space Agency, Article 2(4) UN Charter, attribution gap, principle of distinction, Outer Space Treaty 1967, the Starlink Precedent, GPS spoofing, and the secure-by-design doctrine. For SSC, this covers Science and Technology and Current Affairs.