It is critical to ensure that robust security principles are present for traditional designs and new constellations and to apply defense-in-depth (DiD) principles throughout the space enterprise. The Aerospace Corporation’s work is strengthened by our extensive knowledge base of space systems and research. Leveraging this depth and breadth in understanding space and ground systems, we continue to evolve our research as the threat environment becomes more complex.
Aerospace continues to innovate in particularly challenging or distinct areas in determining risk and exposure of discovered vulnerabilities, analyzing mission customer software using static and dynamic analysis, assessing the impact of Industrial Control Systems and Operational Technology on mission, and ensuring assessments are threat-informed, to include use of real attacker tactics, techniques, and procedures in simulation.
Aerospace’s Cybersecurity Subdivision (CSS) has a robust assessment and testing approach for ground systems and networks to test cyber resiliency using threat-informed tactics, techniques, and procedures that focus on all segments of the space architecture. Ground software is a fruitful attack vector for adversaries, and robust technical analysis techniques are needed to flush out weaknesses and vulnerabilities. CSS assesses spacecraft design against credible threats and adheres to spacecraft DiD principles, which include intrusion detection and prevention systems deployed on the ground and on the space vehicle, supply chain risk management, binary and source code analysis, root of trust, and trusted boot.
CSS has various cyber research labs across the Aerospace enterprise. Virtualization and managed networking enable the rapid setup of a variety of test infrastructures tailorable to our customers’ unique environments and needs. Our labs have the capability to emulate all segments of the space architecture, including front end processors, spacecraft telemetry simulators, and flat sats to enable realistic test scenarios. In addition, CSS has a full cyber range which can emulate various attack scenarios and demonstrate both offensive and defensive space cyber capabilities.
Space Cyber Software, Tools, and Continuous Integration and Pipeline Security
Aerospace performs code analysis and testing, using static and dynamic analysis techniques against custom mission software and various toolsets (commercial tools, open-source tools, and internally developed Aerospace tools). These techniques discover not only non-compliances and exploitable versions of products but also harder-to-find vulnerabilities, such as issues with higher order functions or control flow. Aerospace performs technical analysis for U.S. government customers across five technical disciplines: static code analysis, binary analysis, origin analysis/software component analysis, vulnerability analysis, and dynamic analysis/fuzzing.
The DevOps culture has proven its value in Internet-based commercial development through quickly iterating capabilities and by adapting to changing environments in ways that U.S. government acquisition has not yet achieved. Aerospace has developed a framework that can help organizations implement DevSecOps effectively and in conformance with compliance standards.
Aerospace’s Cyber Assessments and Research Department (CARD) is a cyber-focused department that develops forward-thinking cyber assessment strategies, capabilities and prototypes for our customers’ critical space missions. CARD has proven prototypes and proof of concepts that have been demonstrated in live mission environments.
One example is the Atomic Automated Red-Team Operations Workbench (AROW), which enables repeatable automation leveraging a library of known Tactics, Techniques, and Procedures (TTPs) as well as custom, mission-specific TTPs based on threat modeling and/or specific advanced persistent threat (APT) emulation. This tool has been deployed during active cyber assessments to enhance the quality of remote assessments.
Case Study: Hack-A-Sat
In the spring of 2020, more than 6,000 competitors from all over the world gathered virtually and self-organized into more than 2,000 teams for a Hack-A-Sat event commissioned by Dr. Will Roper, then assistant secretary of the U.S. Air Force for acquisition, technology and logistics. Hackers competed in a series of challenges to hack satellites, with eight teams reaching the final phase of the competition at the DEF CON 28 Hacking Conference, where they spent two days working through five challenges with several rewards at stake, including a $100,000 prize purse and the chance to have a solution uploaded to an actual, operational satellite and have it take a picture of the moon.
The Aerospace Corporation was intimately involved with multiple aspects of this state-of-the-art event and was pleased to advance the state of cybersecurity research for space systems at the Aerospace Village during DEF CON 28. In addition to the Hack-a-Sat challenge, Aerospace also presented cybersecurity research on addressing command link intrusion cyberattacks as well as denial-of-service attacks against spacecraft using high-fidelity space system simulators.