Author: Vinicius Guedes Gonçalves de Oliveira
Guedes Gonçalves de Oliveira, Vinicius, 2025 Law, Policy, and the Digital Frontier: Examining the Cybersecurity of Australia’s Space Infrastructure, Flinders University, College of Business, Government and Law
Terms of Use: This electronic version is (or will be) made publicly available by Flinders University in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. You may use this material for uses permitted under the Copyright Act 1968. If you are the owner of any included third party copyright material and/or you believe that any material has been made available without permission of the copyright owner please contact copyright@flinders.edu.au with the details.
In the contemporary era, societies have become increasingly dependent on a range of space-based services and applications that underpin critical functions such as communication, commercial transactions, navigation, military surveillance, and emergency response. This growing reliance has accompanied a shift in the perception and development of space activities, marked by the emergence of the NewSpace paradigm. NewSpace is characterised by the increasing participation of private actors, the rise of commercial ventures, and the prioritisation of small, cost-effective satellite launches. In this new phase, outer space has evolved into a domain that is increasingly congested, contested, and competitive. Consequently, an important transverse issue is ensuring the security, safety, and sustainability of space activities. This thesis focuses on the dimension of space security, with particular attention to deliberate cyber interference actions perpetrated by unauthorised actors targeting space infrastructure, specifically those that fall below the threshold of open conflict, which comprise the majority of cyber incidents.
Based on multiple characteristics of cyberattacks, including the increasing integration of sophisticated information technologies into space systems, the relatively low cost and potential high impact of cyber operations, the challenge of attribution due to plausible deniability and stealth, as well as the inherent difficulties in effective regulation, this thesis identifies cyberattacks as the most probable form of attack against space infrastructures. It outlines the principal modalities and features of such attacks and argues that the unique technical, operational, environmental, and regulatory challenges inherent to the space sector necessitate the development of a dedicated cybersecurity framework. In contrast, a generic cybersecurity approach would be insufficient for ensuring adequate protection.
The thesis proceeds to examine the international legal framework around space cybersecurity, focusing on the sources of international law as per Article 38 of the Statute of the International Court of Justice, and broader soft law mechanisms, such as United Nations resolutions and expert manuals. It also explores the Australian legal and policy framework, evaluating regulatory, strategic, and governance structures. The research reveals that there is no clearly defined international or domestic regulatory framework for cyber operations targeting space cybersecurity, and that space and cybersecurity are most often dealt with in separate silos. Through an assessment of insights gathered from Australian space sector stakeholders, the research reveals that cybersecurity mechanisms within the Australian regulatory framework are considered immature, ambiguous, and inadequate for providing a high level of protection when applied to the space sector.
In conclusion, the thesis identifies that Australia lacks a cohesive and dedicated regime for governing the cybersecurity of its space infrastructure. Existing provisions are fragmented, inconsistently applied, and unclear in scope, with no central authority dedicated to this domain. Moreover, given the absence of substantive international provisions concerning space cybersecurity, there is limited normative content to incorporate into Australia’s domestic space cybersecurity frameworks. As a result, the research recommends that Australia develop a tailored cybersecurity framework for the space sector, clarify existing applicable security mechanisms, enhance engagement in international norm-building, promote awareness campaigns among domestic stakeholders, and advance sovereign space capabilities underpinned by robust security standards.
Keywords: Space cybersecurity, space law, space policy, Australian space sector, Australia, cyberattack, cyber threat, space infrastructure
Subject: Law thesis
Thesis type: Doctor of Philosophy
Completed: 2025
School: College of Business, Government and Law
Supervisor: Rodrigo Praino