Contributed by Micki Boland, Cyber Security Expert and Evangelist, Check Point Software
In the summer of 1966, Gene Roddenberry and producers created the first draft of the opening narration for Star Trek, a new television series. For the opening premier on September 8th 1966, William Shatner narrated these famous words: “Space the final frontier. These are the voyages of the Starship enterprise, its five-year mission: to explore strange and new worlds, to seek out new life and new civilizations, to boldly go where no man has gone before.”
In April and May 1961 history was made in this new space frontier when the first humans went into space. First, Soviet cosmonaut Yuri A. Gagarin, followed by American astronaut Alan B. Shepard, and space as a frontier captured the imaginations of people around the globe. Never could we have imaged the advances in space and technologies supporting the space program and missions, which brought forth the Space Shuttle and the International Space Station (ISS), and Mars Rover.
Traditionally, space programs have been public sector funded, supported and highly protected from both intellectual property and cyber security perspectives by government agencies. Space exploration was an effort to learn about the race-to-space as much as it was a race to develop new space-related technologies that helped further the exploration of space, support the space program, and sometimes for commercialization for use on earth.
Today, there is once again a new space frontier involving the private sector in the heralding of the commercial space age and this presents a new frontier for cyber security in space. The goals of the commercial space age differ in that these private space enterprises are racing to develop technologies to be used in space, for space, and to “move” industries to space to “benefit” earth.
Key points: New frontier for cyber security in space
Cyber security needs to be an integral part of this commercial space age. This is the commercial space age involves the private sector in rapid growth mode. It also involves deep integration with public sector agencies, universities, and private sector aerospace partners. Let us take a quick look at the new commercial space players, what are they doing, and why this topic is so important.
Blue Origin, LLC, founded in 2000, is a privately funded aerospace company owned by Amazon.com founder Jeff Bezos. Blue Origin has made 15 space orbit flights, and its espoused mission is to establish industries in space and make space flight affordable and technologies reusable. In 2014, Blue Origin partnered United Launch Alliance (ULA), the nation’s premier space launch company to co-develop an American made BE-4 rocket engine. Blue Origin has been contracted to deliver NASA and global university “payloads,” including cryogenics labs, applied physics labs, and micro-gap cooler experiments. In 2018 the USAF signed a Launch Services Agreement (LSA) partnership in 2018 with Blue Origin for launch vehicle for national security space (NSS) missions.
SpaceX is a private aerospace company founded by Elon Musk in 2002. SpaceX was formed to provide human travel to space and to deliver payloads and to move cargo to and from the International Space Station (ISS). Reusability of spacecraft is key part of its the SpaceX mission. In 2019, SpaceX Dragon successfully docked with ISS. In 2020, NASA certified the SpaceX Falcon 9 for human transportation travel to and from ISS. The SpaceX Starlink initiative’s goal is to provide broadband internet across the globe by way of over 1,700 low earth orbit satellites and as of August 2021, has shipped 100,000 Starlink terminals to 14 countries.
Virgin Galactic is a publicly traded corporation founded in 2004 by Sir Richard Branson, founder of Virgin. Virgin Galactic goals: “Virgin Galactic is a vertically integrated aerospace company, pioneering human spaceflight for private individuals and researchers, as well as a manufacturer of advanced air and space vehicles.”
In May of 2021, Virgin Galactic completed its 27 acre Spaceport America in Las Cruces New Mexico. Virgin Galactic wants focus on human space flight and is flying researcher Kellie Gerardi with the International Institute for Astronautical Sciences (IIAS), on a dedicated research flight, to conduct experiments and test new healthcare technologies. The Federal Aviation Administration (FAA) updated Virgin Galactic existing commercial space transportation operator license to allow the spaceline to fly customers to space and in September 2021, it will fly its Unity 23 for a commercial space flight on behalf of the Italian Air Force. Virgin Galactic’s cash position on June 30th of 2021 was $552 million.
Comprehensive cyber security is needed in commercial space and aerospace companies with global impact and within their technologies that operate in firmament and among terra-firma environments. Traditional space and aerospace industry heavy hitters, such as public agency NASA, and publicly held Lockheed Martin, Raytheon, Boeing, Northrup Grumman, and General Dynamics, have been involved in building and running aerospace technologies for military and commercial use for decades and have well established sophisticated cyber security programs and expertise in supply chain integrity, and protecting software development for their programs. Case in point: Lockheed Martin F35 program has a highly protected 50-year global supply chain and is a global supplier for over 1,900 companies in the USA and nations acquiring the F35.
The new commercial space players & security
The new commercial space players are venturing into aerospace -with the exception of Virgin Galactic- have no former expertise in the aerospace industry. These players will be manufacturing and delivering services to government agencies. SpaceX is already supplying NASA. Made In Space Inc. just received a $75m contract to 3D print steel beams in space for use on NASA spacecraft. All of the commercial space players are manufacturing new rockets and launching them into near space, delivering payloads, and in the case of SpaceX, docking at the ISS.
Comprehensive cyber security is needed for these commercial space age players for the entire lifecycle of the supply and service delivery chain: on ground; in the cloud; satellites/satellite communications; GPS; ICS/SCADA and high tech manufacturing environments; IoT and devices. We also need tight integration with public and private systems, platforms, technologies, and networks. Paramount is protecting the integrity of the new aerospace ventures supply chain and entire software development lifecycle, an important component of the supply chain. This will be the target of nation-state sponsored cyber criminal groups and syndicated cyber criminal gangs and hackers as they go about conducting cyber warfare and cyber espionage, thieving intellectual property, and other forms of disruption and destruction.
Within space programs, cyber security has been involved in every step of the way to date and will continue to evolve with in this new frontier in commercial space era. Satellites and command and control systems for satellite systems now represent a huge attack surface. Thousands of satellites now orbiting above the earth -and with increasing deployment by these new aerospace companies- provide targets for nation states, cyber criminals, and hackers. This attack surface has potential to interrupt global communications. We have already seen attacks on satellites and command and control systems for GPS. In 2014, the USA attributed to China the cyber attack that interrupted National Oceanic and Atmospheric Administration (NOAA) satellite imagery data used for weather forecasting. Russia has already used GPS spoofing to obfuscate its deployed naval craft locations.
Actual human flights to space also presents a new target for cyber criminals and hackers. With the Virgin Galactic’s first human flight to space in July 2021, the aviation community is calling for prioritizing cyber security in the era of this changing space sector, warning that “cyber threats to spacecraft will only multiply as the sector attracts more money, attention and publicity.
The good news around cyber security
There is increasing pressure for the commercial space age to take cyber security seriously. Privately held SpaceX and Blue Origin appear to be building out cyber security programs. Virgin Galactic is recruiting cyber security experts and engineers for its SpacePort in NM.
Frameworks are being developed for this new commercial space age. NIST is developing cyber security framework Draft NISTIR 8270 for commercial satellites. On September 4th 2020, President Donald Trump issued Space Policy Directive-5 (SPD-5) requiring the United States of America’s government agencies to work with commercial companies, as consistent with the principles in the SPD, to further define best practices, to establish cyber security informed norms, and to promote improved cyber security behaviors throughout the nation’s industrial base for space systems. SP-5 establishes key cyber security principles to guide and serve as the foundation for America’s approach to the cyber protection of space systems, and the protection of space assets.
The Federal Aviation Administration helped create the Space Information Sharing Analysis Center (Space ISAC). S-ISAC purpose is to facilitate “collaboration across the global space industry to enhance the ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector.” S-ISAC is the clearinghouse for all space security and space asset-related threats for the space sector, both public and private, and an information provider regarding both public and private space related cyber security.
This new commercial space age is amazing and if one considers the innovation in space technology since the first walk on the moon, it is astounding and exciting. We do not want space to be the final frontier for hackers! This new commercial space age represents a new frontier for cyber security. We can boldly go forth where no man has gone before with the best cyber security frameworks, technologies, human talent, and processes, and continue to innovate within cyber security as commercial space innovates.
Sign up for the Cyber Talk newsletter here.