A recent tabletop exercise hosted by the Space Information Sharing and Analysis Center (Space ISAC) outlined the pressing need to increase focus on security in cislunar space, the area surrounding the Earth’s atmosphere and extending to the Moon’s orbit.

Cislunar gains momentum

The concept of further advancement in cislunar space has been a topic of discussion for some time—and it only continues to gain momentum. A year-old paper by Col. Charles S. Galbreath, USSF (Ret.) argued for United States military presence in the cislunar environment, citing international rivalry as the “new race to the Moon.”

“In order to establish and protect a more transparent, collaborative and peaceful cislunar regime, the United States and its partners must ‘win the race,’” Galbreath wrote, highlighting need for advancement beyond LEO and GEO.

At an August intelligence conference, Gen. Michael Guetlein, Vice Chief of Space Operations for the U.S. Space Force, pointed out a resource constraint within the agency, stressing the need for expansion in presence and situational awareness in cislunar space.

The Space ISAC planning team looks to provide its members an opportunity to focus outside the typical scope of present space assets. “We’re progressing toward a time where we’re going to have semi-permanent habitations or possible commercial operations on the moon or an asteroid,” said Nick Reese, author of the November tabletop exercise held at the annual CyberSat summit.

Along with serving as a member of the Space ISAC, Reese is the Co-Founder of Frontier Foundry, Homeland Security Advisory Board Member at the George Washington University, and an Adjunct Assistant Professor at New York University.

Cyber exercise prepares for the unknown

“The thought was, ‘What would we do if there was an incident in cislunar space?’” he told Constellations in an interview. The hypothetical cybersecurity incident was set in 2035, with a mining facility on the surface of the moon and an orbital lab orbiting the moon.

“It was interesting because we pulled in a lot of elements that the space community is still trying to figure out, like investors and insurance and the press and multinational crews and companies, and how do these companies interface with governments? And with which governments?”

A key ingredient in each Space ISAC exercise is focus on commercial activity, explained Space ISAC Executive Director Erin Miller. Engagement with the Space ISAC Watch Center is also crucial for threat information sharing. “We also have geopolitical dynamics that would help us have to sort through hard questions about our dependency on this infrastructure,” Miller stated. At the heart of every exercise, beside identifying gaps in communication and response, is emphasizing the impact space resources have on the rest of the world. “It’s not just the people who are part of the space mission, it’s bigger than that,” she said. “It’s always bigger than that.”

Each exercise also includes the presence of a “government cell,” which is comprised of federal employee participants, operates outside of the exercise room and is available for “commercial” participants’ questions. “Typically, industry has to deal with their closest stakeholders first and they’re not always government, and they don’t have every contact in the U.S. government to call and get access to threat information,” Miller said.

The Space ISAC Watch Center offers just that through Memorandums of Understanding with a variety of government agencies. “Within our ‘Watch Center Cell’ [for tabletop exercises] we have [representatives] from the U.S., Australia, UK and Japan, and any commercial company that’s actively playing a role in monitoring and detecting threat information that wants to be part of that can be as well.”

Findings from the exercise offer attendees and members alike analyses on lessons learned. The greatest benefit, Reese said, is providing the community better guidance on incident response -- in this case specifically within cislunar space.

Space ISAC plans for the future

Looking ahead, the Space ISAC plans on continuing its tabletop exercises, but with more hands-on experience. “We’re going to start planning our next exercise, which will likely also be related to cislunar activity and really looking forward into the future,” she told Constellations.

The functional exercises will bring information sharing tools used by Watch Center analysts, along with other capabilities forecasted to become available in 2030 through 2040.

As far as future plans go, Miller also shared a new capability enabling any company within the space industry to submit their priority intelligence requirement to the Space ISAC. “The way that this changes the preparation for attacks against space systems is we have a day-to-day-assessment coming from industry. Every time a company onboards, every time an individual joins our member threat sharing platform, they’re able to share with us what their priority threat information would look like.”

As all attacks—whether against ground infrastructure or launch or user segment—require different types of technology to monitor and detect, the new capability will give the Space ISAC better understanding of the threat landscape. “As we move forward, we’ll be adding more tools to our toolkit in 2025 to allow the Watch Center to have more data feeds and visualizations.”

Additionally, Miller noted, the group is utilizing the follow-the-sun model. “All companies that join from Australia, the U.K., Japan or Europe are also helping us as a community by doing their own monitoring, detecting and sharing.”

Notably, the Space ISAC announced its designation of Australia as a Global Hub in November 2024.

Explore More:

Podcast: Cyber, Satellite Security and the Space ISAC Vulnerabilities Lab

In New Moonshot, Commercial Space Is Focused on Infrastructure

5 Takeaways from the 2024 Value of Space Summit for the Global Space Community