The ever-increasing prevalence and complexity of cyberthreats to space systems underscores the need for rapid response capabilities that can address potential threats faster to ensure resiliency across the domain. To this end, The Aerospace Corporation is advancing integrated cybersecurity functions for on-orbit spacecraft, enabling the use of onboard machine learning and signatures to detect and respond to unusual command sequences and other anomalies in a much-reduced timeframe.
At present, defensive cyber operations for space rely on telemetry to downlink information from spacecraft to ground operations for data processing, resulting in turnaround time. Bringing this functionality onboard the spacecraft not only reduces the turnaround time for cyber-anomaly detection and response, it also increases options for threat mitigation.
“Until now, we’ve had to wait to conduct cyber operations based on what comes back from the satellite, because there’s currently nothing on-board these vehicles to do so,” said Sky Troyer, Senior Project Leader of Space Cyber Integration. “Incorporating cyber operation response on the space vehicle itself is a new and innovative way to increase space system resilience.”
This novel approach to anomaly detection is a potential game-changer, bringing space capabilities one step closer to a future of more autonomous cyberthreat response mechanisms that are integrated into spacecraft architectures.
Using a CubeSat prototype, Aerospace presented a demonstration of on-orbit spacecraft cyber defense at DEF CON 29, a yearly event dedicated to expanding cyber protection knowledge and skillsets for hackers, IT professionals and government agencies. The event also provides opportunities for participants from the public and private sectors to present technical concepts and innovations for providing reliable and secured operations.
The presentation also included a ‘Capture-the-Flag’ (CTF) activity, in which audience members addressed a series of challenges to find a flag hidden on an engineering model of a payload that Aerospace is launching on its own Slingshot spacecraft in early 2022. One of the challenges required participants to find indications that an adversary had compromised spacecraft flight software, and track the adversary through logged cyber defense payload commands.
“If an attacker is operating quickly, defense systems need to operate quickly. If your space system is attacked and it takes you half an hour to get an alert from the spacecraft, then another half hour to evaluate it, and then another hour or two to respond, then your attacker has a lot of time to inflict serious damage,” said Nick Cohen, Senior Project Leader in the Cyber Defense Solutions department. “Having AI and autonomous response capability onboard gives the system the ability to react instantaneously, or near-instantaneously to shut down that attack.”
In addition to demonstrating the successful application of onboard sensor mechanisms, analytics and artificial intelligence, Aerospace’s presentation underscored the benefits of defensive cyber operations to the space enterprise. And while spacecraft cybersecurity appears to be at an inflection point, some traditional components of spacecraft cyberthreat assessment such as on-ground operations are more likely to evolve in lieu of being eliminated.
“I think spacecraft will become increasingly autonomous because cyber events can happen so quickly, but I also believe there will always be an on-ground component to spacecraft cyber defense,” said Cohen. “One of the advantages of increasing spacecraft cyber defense autonomy is that it can provide operators on the ground with more detailed and nuanced information into what’s happening on the vehicle, which can really enhance security over what they have available to them now.”