Satellites: Space is the place

As nearly one billion people worldwide tuned in to the final of the Fifa World Cup in July, few viewers would have been thanking satellite technology for being able to watch the spectacle in real-time.

Yet it was thanks to satellites that so many networks could beam the game live –
demonstrating the importance of this technology to global communication.

The football World Cup is just one example of how satellites play a role in everyday life. They are also used for telecommunication, GPS, collecting weather information and government surveillance.

Indeed, more than 50 countries operate one satellite and, according to data from the Satellite Industry Association in June 2013, global satellite industry revenues in 2012 were $189.5bn (£117.3bn).

With an increasing reliance on satellites, however, comes increased risk. A July article published by Lloyd’s of London identified cyber attacks on satellites as an issue that is creeping into the conscience of insurers.

While these attacks are deemed to be carried out for the same reasons as other cyber crimes – financial gains or political motivations – the impact of an attack on a satellite can have major consequences due to the technology increasingly being used to link global communication networks.

The London market is the key provider of satellite insurance capacity. Seradata head of space content David Todd estimates there are around 30 main underwriters with the capacity to cover satellite risk, which is typically between $20m and $30m – but there are major insurers that could underwrite much larger capacities, including Swiss Re, Munich Re and Catlin, he says.

New entrants
However, Beazley satellite underwriter Denis Bensoussan does not rule out new players entering the sector. “As the satellite industry continues to expand and there is a growing, if heterogeneous, demand for specialist covers, it is likely new insurers will start to take interest in this area,” he says.

And there is certainly room for new entrants. Despite the number of standard space underwriters currently in the market, cyber coverage for satellites is generally not included in traditional space insurance policies, leaving a gap for those insurers keen to work the cyber angle.

Indeed, Thierry Colliot, aviation underwriting and space head at Allianz Global Corporate and Specialty France, says cyber protection is not built into the majority of cases at AGCS.

“As a space insurer [cyber] is not really a concern because we do not insure it – it is excluded from our contract,” he says. “There is [another] specific line of business providing cyber coverage [including] financial protection.”

One reason for cyber cover not being included in current policies could be due to cyber hacking of satellites being a less pertinent threat than other risks associated with satellite operation.

Bensoussan considers cyber attacks as a remote possibility when compared with technical failures or space environment-induced failures. This has impacted their status among the insurance community, making cyber threats something of an unknown quantity.

“Historically, cyber threats to satellites have tended to go unreported, or their impact has been hidden or downplayed, so the severity of the risk is hard to fully assess,” he says.

“But as the previous ‘wall of silence’ starts to crumble – and the hacking or jamming hardware or software becomes more [commonplace] – the financial impact of a cyber attack is now emerging, and it is fast becoming a risk that satellite operators need to mitigate against, in addition to more recognised satellite risks.”

AIG Europe, Middle East and Africa cyber products head Jamie Bouloux  sees the resources required to carry out a cyber attack on a satellite as a factor in why these events are not more widespread.

He gives the example of people stealing free satellites or hackers putting satellites owned by specific countries into ‘safe mode’. “Where we have seen that happen – actually putting a satellite into safe mode – requires a lot of resources, therefore, it would be hard for an independent hacker to do it. Usually it would be state-sponsored or a very well-funded criminal entity that would have the capability of shutting down a satellite or handicapping a satellite.”

Geopolitical motives
Geopolitical motives are likely the main reason behind a cyber hacking event, rather than financial motives, according to Todd.

“With the refreezing of the Cold War with Russia, the rise of China and its territorial ambitions – and with Islamic extremism on the march – cyber attacks become much more likely,” he explains. “However, the risk of satellite technical failure and launch failures will, in times of peace, usually heavily outweigh the risk of cyber attacks.”

A hacking incident before the satellite has launched is also remote – but cannot be ruled out, Todd adds. “Cyber attacks actually damaging the satellite during the design and construction phase are unlikely but the intellectual property might be at risk from such an attack. Theoretically, the design could be altered to deliberately make it faulty,” he suggests, adding that other pre-orbit risks are low.

“These do get paid out sometimes, usually when the satellites get dropped or damaged in testing or in transit. Most of this is covered as a cargo class insurance risk rather than a space one.”

Incorporating cyber risks
However, some insurers are looking at ways of incorporating cyber risks into space policies. Bouloux says the insurer is considering how cyber coverage fits within space insurance policies. At AIG, the space team covers the launch of satellites within its policies.

“[Our space team] covers the integrity of the satellite’s physical capability to be able to deliver service. The question has come up as to where does cyber fall within the insurance satellite providers are currently [covered by],” Bouloux explains.

Bensoussan adds that insurance options for cyber attacks on satellites are beginning to be discussed at industry gatherings.

“Satellite operators and insurers have started to identify satellite vulnerability to signal jamming and cyber attacks, which had tended previously to go unreported,” he says. “These emerging risks create opportunities and challenges for specialist satellite insurers, who now have the task of developing solutions that address gaps for these exposures in existing covers.”

“[Although] when we talk about a client’s traditional ‘cyber crime’ we have the infrastructure exclusions on these policies to help protect our portfolio from widespread systemic exposure,” he explains.

“Where we have tried to get creative and where we have been asked to look at opportunities and solutions is around the physical hardware itself. We are not covering the physical element of a satellite but what happens if there is an attack on the ground station, which would mean [a policyholder] was unable to relay signals to [third parties]?”

Colliot, meanwhile, predicts an opportunity for a combined space and cyber policy in the future. “We could imagine that we as a space underwriter [could] work with other lines of business in order to set up some kind of combined protection mixing space liability plus cyber protection together,” he says.

Both Bouloux and Todd see that the kind of cover required for satellite cyber crime also depends on whether the act is deemed an act of war or terror.

Todd says: “Cyber attacks are not covered under current satellite risk insurance policies. They usually have an exclusion for terrorism, war or intentional interference, [and] companies in other fields would be able to buy war risk insurance to cover such a gap. But to my knowledge, there is no current war risk policy available for space risks.”

However, commentators were divided as to whether an industry-wide solution is the answer to covering cyber attacks on satellites.

For Bensoussan, this is unlikely to be a viable option. “A single market-wide solution will not be realistic or sustainable for cyber risks, due to the multiplicity and variety of interests and exposures. Specialist insurers who have the expertise both in space and cyber risks will be best equipped to deal with these new exposures,” he says.

The question also remains as to who would be liable for a large-scale satellite attack. Bouloux questions what would happen if a commercial satellite or military satellite was taken offline and whether liability would fall to the public or private sector.

“If an entire fleet was affected by a cyber attack what would the fallout be – and is that measurable? The answer is probably not, if we are talking about [commercial] satellites. Therefore, the question is whether the private sector would be able to provide enough indemnity to make sure that whoever the liability fell back to was protected in that instance,” he says.

Questions of liability
Alongside questions of liability, another challenge for insurers operating in this area is the limited historical data they have to work with.

This means it is hard to assess the nature and severity of the threat, Bensoussan explains. “Insurers need to be prepared to enter unknown territory when writing space cyber risks, because criminal, business and political interests could be at play,” he says.

For Todd, challenges also come from technical, managerial and marketing pressures placed on underwriters. New satellite technology and launchers might be unreliable and brokers and operators could put pressure on underwriters to accept their assurances about the technology, he says.

“Insurers sometimes have to take risks on knowing what the ‘technical rate’ should be set for a risk [yet they may have] to accept premium rates well below this due to market conditions, or have to accept the relaxation of wording conditions making  losses more likely.”

Despite these challenges, it is clear this emerging risk will create future opportunity for the insurance sector. As the world’s reliance on satellites continues to increase, so too will the satellite operators’ reliance on insurance.

This article was published in the 18 September edition of Post magazine.