The most basic definition of cybersecurity is to take measures that protect a computer or computer system against unauthorized access or attack. Cybersecurity is important because government, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on satellites, computers, and other electronic devices. Data is transmitted via satellite-to-satellite and ground-to-space communications, traditional ground-based networking infrastructure, and the internet. The threats to exploiting the vulnerabilities within ground infrastructure and spacecraft are often overlooked in wider discussions about cyber threats to critical national infrastructure.
The space enterprise, ranging from spacecraft to mission operations centers, is often the target of cyberattacks. Despite the space industry’s technical sophistication, its cybersecurity efforts have lagged behind those of other high-technology sectors. Space systems have subscribed to the “security by obscurity” model for far too long. As evidenced by the prevalence of vulnerabilities and attack vectors that go unimpeded, space systems ranging from smallsats to billion-dollar satellites to complex rovers face substantial cybersecurity challenges and vulnerabilities.
Aerospace supports the development of space-centric cybersecurity standards utilizing defense-in-depth techniques for space systems to ensure their resiliency to cyber intrusions. The way forward and potential solutions will include increased cooperation across disciplines and will require a blend of policy and technical solutions. The best strategy moving forward is a threat-informed risk mitigation strategy to protect our critical space systems, which the Space Safety Institute will advance.
Risk management is a key component when architecting a secure space system or assessing its security gaps. Not all security controls can be implemented due to resources (or even technology) and schedules. When trying to establish which cybersecurity controls should be employed by a mission or set of missions, it should be a risk-based decision and not solely driven by compliance. Once threats or vulnerabilities are understood and prioritized, regardless of legacy or future deployment, mitigations can be deployed, or risks can be accepted. Aerospace has the capabilities to perform the necessary risk-based cyber analysis for each critical mission or capability. The Space Safety Institute will provide cyber assessments to include vulnerability assessments, red/blue teaming, threat modeling, mission resiliency modeling, and threat hunting, supported and enabled by space cyber laboratories and test ranges.
Standards and Best Practices
The U.S. National Space Policy states that unfettered access and freedom to operate in space is a vital national interest, and that it is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of critical U.S. infrastructure. The U.S. federal governance structure for general information technology (IT)-based cybersecurity has made strides in recent years with the maturation of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and Cybersecurity Framework (CSF).
The NIST cybersecurity maturity standards and guidelines help organizations to improve their cybersecurity measures and best practices, but these are not directly applicable to the space domain, especially the spacecraft. NIST guidance has some applicability on the ground segment, and while efforts have been made to mold these frameworks for space systems, uniformity is lacking, and updated standards and guidelines for space are likely warranted. The Space Safety Institute will focus on best practices and engagement with a range of government and commercial entities to ensure common baselines.
Research and Development
Aerospace, through the Space Safety Institute, provides a range of research and development initiatives, including cloud security research; defensive cyber operations for space and ground to identify anomalies using machine learning and artificial intelligence; red/blue team training and testing; the development of a mobile Cyber Forensic Toolkit for rapid deployment, non-invasive packet capture, and analytic capabilities; and non-invasive cyber assessments (pen testing space and ground assets).
In addition, to support cyber assessment strategies and capabilities for critical space missions, the Space Safety Institute will provide access to a range of Cyber Labs. Physical and virtual resources are shared across the Aerospace enterprise to promote better collaboration and enhance capabilities. The Cyber Labs represent the entire space architecture, to include space and ground segments, and provide proven prototypes and proofs of concepts that have been demonstrated in live mission environments, enabling Aerospace to constantly evolve and adapt to current and future threats to our space assets.
Infrastructure, Tools, and Data
The Space Safety Institute will leverage Aerospace’s Cyber Security Subdivision (CSS), which employs virtualization and managed networking to enable rapid setup of a variety of test infrastructures, tailorable to customer environments and needs. Spacecraft telemetry simulators enable realistic test scenarios.
CSS utilizes diverse lab resources to create innovative solutions for our space enterprise and other critical DoD infrastructures by:
- Producing high-quality technical analysis, deliverables, strategies, and technical insertions on a consistent basis for all our customers, increasing the cyber maturity of programs
- Developing innovative cyber techniques and prototypes across the spacecraft and ground enterprise level using our expansive laboratory capabilities and large demonstration portfolio
The Space Safety Institute will offer access to cybersecurity implementation capabilities through CSS, including:
- Gap analysis of space and ground architectures, identifying issues with:
- Insider threat
- Computer network defense and incident response
- Network design and segmentation
- Encryption deployments
- Endpoint protection
- Ground Software analysis
- Industrial Control security
- Spacecraft software analysis
- Supply chain and Software Bill of Materials analysis using graphical databases
- Defensive cyber operations for ground and space
- Cyber assessments and penetration testing of critical infrastructures and space systems to include Advanced Persistent Threat emulation and mitigation
- Red/Blue team exercises of space missions
- Software testing and analysis
- Mission resiliency modeling
- Computer network defense
- Packet capture analysis
- Traffic modeling
- Threat hunting
- Digital forensics
- Requirements mapping
- Next Generation defense-in-depth strategies for both space and ground support systems
- Prototype development to improve Technology Readiness Levels (TRL) of new technologies
- Atomic AROW – Automated penetration testing tool using threat-based tactics, techniques, and procedures
- Mobile cyber forensic toolkit
- Defensive Cyber Operations for ICS
- Binary Analysis – performing software assurance without having access to source code
- Immortal Snail – alerts customers to new vulnerabilities that may impact their deployments by fingerprinting their networks and systems and autonomously mapping vulnerability application
Policy and Strategy
Historically, spacecraft have been considered relatively safe from cyber intrusions; however, recent emerging threats bring spacecraft into play as a direct target by an adversary. Space-centric cybersecurity standards and governance, combined with defense-in-depth techniques for space systems, will help ensure space systems are resilient to cyber intrusions. The Space Safety Institute will pave the way forward with a variety of solutions, including increased cooperation across disciplines to establish cybersecurity best practices and norms of behavior through a blend of policy, governance/oversight, and technical solutions.
- Paper: Defending Spacecraft in the Cyber Domain (Nov 2019)
- Video: DefCon 2020: Exploiting Spacecraft (Aug 2020)
- The Space Policy Show: E23 - Defending the Space Enterprise in the Cyber Domain (with Lori Gordon, Ryan Speelman, and John Felker) (July 2020)
- Paper: Establishing Space Cybersecurity Policy, Standards, and Risk Management Practices (Oct 2020)
- Paper: Quantum Key Distribution in Space (July 2020)