Aerospace experts were recognized with one of the highest honors at the world’s largest hacking conference. Hosted in Las Vegas, Nevada earlier this month, DEF CON 31 welcomed the broader hacker community as well as a growing ecosystem of cybersecurity professionals, government customers, security researchers, mainstream news outlets and other service providers.
An Aerospace team comprised members from the Cybersecurity and Advanced Platforms Subdivision (CAPS) finished in first place out of 108 teams in a three-day Capture the Flag (CTF) competition focused on hacking Industrial Control System (ICS) devices. Considered one of the most challenging CTFs, the Aerospace team was awarded the coveted “Black Badge” in recognition of their overall elite skills and outstanding contribution to the security community.
“Aerospace demonstrated that it has the technical personnel with the experience and knowledge on ICS cybersecurity – winning the CTF and delivering direct customer support are all examples of how we have expanded our capabilities in this area over the last few years,” said Sky Troyer, Associate Principal Director of CAPS. “Congratulations to the team. They are in elite status now within the DEF CON community.”
The team comprised Randi Tinney, Charlie Tucker, and Peter Herman from the Cyber Assessments and Research Department (CARD) and Henry Reed of the Cyber Defense Solutions Department (CDSD). Additional support was also provided by two former Aerospace employees, contributing to the success of the team.
What a weekend it's been! Amazing partipation for RED ALERT ICS CTF at @defcon 31 with a total of 108 Teams!— Red Alert ICS CTF (@icsctf) August 17, 2023
Congratulations to all the winners our CTF!
1. ScreamingFist : 2000 points
2. tesuji : 1700 points
3. Golden_Life_Gang : 1500 points#DEFCON31 #DEFCON #RedAlertICSCTF pic.twitter.com/TJVvSQPxPh
In addition to this accomplishment, Aerospace’s cyber expertise was well represented throughout the conference. Winston Li and Ari Bender-Long in Defense Cyber Operations along with Nick Cohen in CAPS won the White House Office of the National Cyber Director badge challenge.
As previously highlighted, Aerospace developed the Moonlighter cyber test platform in partnership with Space Systems Command (SSC) and Air Force Research Laboratory (AFRL) for the Hack-A-Sat 4 challenge. The CubeSat was delivered to low-Earth orbit in June, facilitating the world's first CTF exercise in space. Aerospace’s presentation on the Space Attack Research and Tactic Analysis (SPARTA) matrix was also well received at the Aerospace Village.
Capture the Flag: More Than a Game
While ostensibly structured like a “game,” a CTF challenge involves fairly high-level competition and skills for complex problem-solving to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs. In the case of the Red Alert ICS CTF, teams were tasked with breaking through several layers of security in a virtual supervisory control and data acquisition (SCADA) environment and eventually take over complete control of the system. The contest housed actual ICS devices from various vendors on a testbed showcasing different sectors of critical infrastructure.
We're thrilled for Red Alert ICS CTF at @defcon 31 to be declared a Black Badge event! Our winners Team ScreamingFist was awarded the Black Badge, the highest honour bestowed by DEFCON!— Red Alert ICS CTF (@icsctf) August 17, 2023
Thanks to everyone at @defcon for the honour! :)#DEFCON31 #DEFCON #RedAlertICSCTF pic.twitter.com/ktG42TwxnI
ICS systems are critical to the nation’s infrastructure and space domain because they’re used to control industrial processes such as manufacturing, product handling, production, and distribution. In fact, Aerospace is providing direct support to government customers for resilient solutions against cyber issues in this area.
Moonlighter: First CTF in Space
Hack-A-Sat is an annual space security challenge jointly hosted by the Air Force Research Laboratory and Space Force to raise awareness of space cyber security issues, educate the public, and bring the space and cyber communities together. Aerospace has supported the competition since its inaugural year in 2020, and this year, delivered a gamechanger in Moonlighter for the challenge. During the event, some of the best hackers in the world pointed the vehicle to take pictures, exploited the GPS receiver, and executed a timing side-channel attack on the CPU.
Cybersecurity testing for space has usually occurred in the lab or in a simulation activity on the ground. Applying cyber defense theories and approaches in the actual space domain has been restricted by the limited availability of suitable already-existing vehicles in that environment. Understanding the value that a real in-space system could provide regarding this gap, teams from across Aerospace came together to design, develop, and build Moonlighter.
“To have a vehicle where we can try out these technologies, and try out different tactics, techniques, and procedures that have been developed during the years in a live environment is an incredible perspective,” said Aerospace’s Aaron Myrick, in an interview with Payload. “It’s never good enough to do it in a sim environment.”
Cybersecurity matrices serve as robust resources of collective knowledge that have benefited many security professionals to better understand Tactic, Techniques, and Procedures (TTP). Having identified a gap to address challenges emerging in the space environment, Aerospace developed SPARTA as a resource to ensure the space-cyber community is empowered to continually educate engineers and system defenders so they can overcome the unique cyber-threats they face in the domain.
At DEF CON, Aerospace’s Brandon Bailey delivered a presentation on SPARTA, which can be found here, demonstrating best practices for extracting TTPs from reports and building various attack chains using the matrix. SPARTA can be used to build attack chains to drive baseline countermeasures and security controls for the spacecraft.
“We see SPARTA’s utilization across the community increasing and SPARTA TTPs will evolve over time as new information becomes available through security researchers (i.e., Hack-a-Sats), and space-cyber threat intelligence is shared across the community,” said Bailey, Senior Project Leader in CARD. The TTPs are a means to educate on the defenses needed and SPARTA provides countermeasures against tactics and their supporting techniques. One of SPARTA’s primary goals is ensuring engineers are informed on the countermeasures available to aid in TTP/threat mitigation. From a hacker community perspective SPARTA provide resources to educate the community as well as a mechanism to communicate their research to better position the space industry against adversary aggression."