Driving Cyber Resilience for Space-Based Missions
by Sean Papso
The United States is reliant on space-based capabilities. In-orbit platforms, payloads, and other satellites form a virtual exoskeleton for our nation’s critical infrastructure. Communications, transportation, trade, financial services, weather monitoring, and critical defense systems all depend on our expansive network of satellite constellations and other space-based assets. Historically, the vulnerability of these resources has often been overlooked in wider discussions of cyber threats to our critical infrastructure. However, similar to any digitally networked system, these assets are highly vulnerable to cyber-attacks.
Cyber risks for space-based assets take many forms. While one attack might involve the jamming, spoofing, or hacking of communications and navigation systems, another may target critical control systems or specific mission payloads, shutting down satellites, altering their orbits, or permanently damaging assets through deliberate exposure to harmful radiation. Moreover, cyber attacks of space-based assets often have widespread collateral effects. For instance, the US National Oceanographic and Atmospheric Administration (NOAA) Satellite Data Information System was taken offline in September 2014 after a serious hacking incident, denying high volumes of data to worldwide weather forecasting agencies for 48 hours.
From a national defense standpoint, Invictus recognizes the impact is even greater. For instance, a cyber attack on a critical DoD asset has the potential to undermine the integrity of a strategic weapons system, driving destabilization of a deterrence strategy to dissuade an adversary, or an attack on an asset may cast doubt on collected intelligence and increase the risk of misperception during a time-sensitive military crisis.
Traditionally, cyber protection of space assets is based upon a hardened ground segment combined with encrypted communications relays to and from the spacecraft. In orbit, the assumption is made that the encrypted streams ensure appropriate levels of cyber security across onboard systems and controls. Often, few additional cyber defenses are integrated. As a result, if an actor is able to gain access to the ground segment or insert malware into an onboard component, there are inadequate preventative measures to prevent direct, full-control of the asset.
In response, US policy has recently pivoted from enhancing the basic “survivability” of an asset (active/passive defense measures) to driving the “resilience” of space-based missions. Resilience incorporates traditional approaches to survivability with the operational aspect, enabling the ability for a mission to endure the loss of one or more nodes, assets, or ground system elements.
Invictus understands cyber resilience can only be achieved by addressing the catalyst of our vulnerabilities. A tradeoff must be performed for each mission to understand whether increasing the survivability of a single asset, or approaching a mission through the proliferation of smaller, more agile assets increases the guarantee of mission success. This tradeoff must further be in alignment with Risk Management Framework (RMF) to ensure policy and standards are met. As experts in Cyber governance for the Intelligence Community, Invictus is growing our capability to apply RMF to non-traditional IT systems and operational assets, such as aircraft, ships, space systems and other platforms. Our team understands cyber resiliency and stands ready to address the challenge of “defending the gates” from orbit.