Monday, March 13, 2023

Satellite 2023 Conference: Cyber warfare on US space systems

The growth rate of new cyber threats and vulnerabilities in space will remain a weakness for the United States if the country continues down the same traditional path used today. That was the message kicking off an annual satellite conference in Washington, D.C., this week.

Monday’s keynote speaker Charles Beames, co-founder and chairman of the SmallSat Alliance and executive chairman of SpiderOak Mission Systems, said the U.S. must do better, “and we can.”

Beames said the U.S. must pivot toward a comprehensive cybersecurity plan immediately. The first step would be to implement a Zero Trust architecture (ZTA) across networks and at the data level where possible.

What is Zero Trust

Zero Trust was created based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be implicitly trusted. This implicit trust means that once on the network, users – including threat actors and malicious insiders – are free to move laterally and access or exfiltrate sensitive data due to a lack of granular security controls.

Zero Trust is a design philosophy that begins with a “trust no one” mindset and heavily secures individual data records, With Zero Trust, it wouldn’t matter if your router was corrupted, or satellite was corrupted, each “data packet” would be heavily secure in a ZTA network.

Attacking satellites

There has always been a concern about a space war breaking out where countries would attack and destroy satellites in orbit.

China, India, Russia, and the U.S. have all demonstrated the ability to shoot down satellites in Earth's orbit. But that’s not the biggest threat to space assets, Beames said.

“The big threat is actually cyber security,” he said. “It’s our most vulnerable thing.”

Beames continued, “A week does not go by without another [data] breach being mentioned in the press. Even though a lot of things are becoming declassified, there is still a mountain of things that they're not talking about publicity that scares the crap out of people. It’s a dire situation.”

He explained that computer networks are becoming integrated into networks of networks, and every time that happens the very thing that needs to be protected, what he calls “the data record,” is exposed to increasingly more attack surfaces. “And it’s only gonna get worse,” he added.

“If I sound like I’m being ridiculously over the top about this, I cannot exaggerate this enough. It’s a scary, scary situation,” Beames said.

The good news is that the government is addressing the issue. “We have to move to a Zero Trust network,” Beames said.

The government is writing rather broad guidelines for the Zero Trust network because they really want to encourage commercial solutions to the problem. They don’t want to pinpoint a specific solution yet.

Beamer made it clear this is not just a Department of Defense problem, an Air Force problem, or a Space Force problem. “It’s a problem for the nation,” he added.

Beames classified satellites as being just computers in orbit, that are handling data, collecting data, and transmitting data.

“The space war is really a cyber [war],” Beames said, “and space is the backbone of our warfighting capability. It is the fight of the 21st Century for the United States. It will decide whether we win or lose the space race.

“Every single thing that we do today relies on space systems.

“What we’re seeing over the weekend with Silicon Valley Bank is nothing compared to the devastation that could happen if GPS satellites were to be taken over through a cyber-attack. And it would not be difficult. Our economy could collapse.”

No comments: