US Space Force guards against cybersecurity threats miles above Earth
If space is indeed the “final frontier,” as narrated in the famous opening voiceover in “Star Trek,” it is also becoming the final line of defense against threats to technologies that have become essential for daily life.
From the use of GPS to navigate traffic congestion to fighting forest fires with heat sensors, orbiting satellites play a critical role in providing convenience and safety for countries around the globe. And as governments and private enterprises launch more satellites, the attack surface has expanded as well.
“Space is becoming congested and contested,” said Lt. Gen. John F. Thompson (pictured), commander of the Space and Missile Systems Center at the Los Angeles Air Force Base in California. “The cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cybersecurity into our space systems, both commercial and government, is a mandate.”
Thompson spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the Space & Cybersecurity Symposium. They discussed the vital role of GPS infrastructure, threats from nation states, the military’s adoption of a DevSecOps mindset, hiring goals and funding for startups with innovative ideas designed to protect the final frontier. (* Disclosure below.)
Trillions in GPS value
As a division of the U.S. Space Force, the Space and Missile Systems Center is responsible for acquiring and developing military space systems. This includes both orbiting satellites and ground communications systems for the U.S. Space Force, critical partners in the Department of Defense and the intelligence community, according to Thompson.
That charter involves a significant amount of critical infrastructure that includes essential GPS navigation services.
“We developed and currently sustain 31 satellite GPS constellations,” Thompson said. “Those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. If GPS went down, a Starbucks wouldn’t be able to handle your mobile order, Uber drivers wouldn’t be able to find you, and Domino’s certainly wouldn’t be able to get there in 30 minutes or less.”
The challenge confronting Thompson and his command is that the infrastructure of space is also vulnerable to cyberattack. As recently as August, security researchers were able to gain access to satellite networks using as little as $300 in off-the-shelf gear.
In addition, the U.S. government has observed actions by several nation states that pose a threat to space systems.
“We’ve seen a lot of action in recent months from certain countries, notably China and Russia, that have threatened the peaceful global commons of space,” Thompson noted. “Everyone should understand the Russians have been testing on-orbit anti-satellite capabilities. It’s very clear that China is developing anti-satellite programs, electronic jammers, directed energy weapons and, most relevant to today’s discussion, offensive cyber capabilities.”
These threats are designed to exploit vulnerabilities in satellites at a time when the number of systems being deployed is about to expand dramatically. In January, SpaceX became the operator of the largest active satellite constellation in the world, and the private company has plans to launch 42,000 more over the next decade.
The concern is that satellites and the ground stations that control them are run by software, and software can be hacked.
“Our satellites are really not hardware systems with a little software anymore in the commercial and defense sectors; they’re basically flying boxes full of software,” Thompson explained. “If it’s not cyber secure, if it doesn’t have cyber protections built into it or the ability to implement mitigations against cyber threats, then we’ve essentially fielded a shoe box in space.”
What Thompson is describing is a process known as “baking in,” infusing cybersecurity protection into software and hardware components right from the beginning, rather than attempting to bolt it on after the fact. The U.S. Space Force has taken steps to adjust its approach through a new program — Enterprise Ground Services — which will create a universal command and control architecture for modernizing software and bringing cybersecurity standards up to date.
For the SMSC, this requires a close partnership between the military and its contractors, as well as a DevSecOps mindset.
“We’ve moved way further towards working side by side with our system developers to strengthen cybersecurity from the very beginning,” Thompson said. “For new systems we’re desperately trying to implement across the Department of Defense and particularly in the space world, we’re using a DevSecOps methodology and practice to deliver software faster and with greater security. It’s not just widget assurance anymore; it’s mission assurance.”
People and funding
Reaching DevSecOps goals will take people with the right skill sets, and Thompson has a basic message to offer in this regard: The U.S. Space Force is hiring. Earlier this year, the organization produced a recruitment ad designed to attract new talent to its ranks. At full strength, the U.S. Space Force is projected to have 15,000 on staff.
“We need new generations of thinkers to apply cutting-edge theories of data mining, cyber behaviorism, and internet of things 2.0,” Thompson said. “Folks in this audience who have a passion about space and a passion for cybersecurity are just the kind of people we want to work with.”
In addition to hiring the talent needed to help program innovation, the U.S. Space Force is also opening its wallet to fund startup companies. The SMSC is the military’s largest purchaser of space technologies, with an annual budget of approximately $9 billion.
Last fall, selected businesses were invited to pitch ideas to a team of military officials and commercial investors in a competition for cash funding. A second “pitch day” is currently planned for next spring in Los Angeles.
“We held our first event last November in San Francisco where we awarded, over a two-day period, about $46 million to 30 different companies that had potentially game changing ideas,” Thompson said. “These were phase two small business innovative research efforts that we awarded with cash on the spot.”
As the newly appointed Secretary of the Air Force, Barbara Barrett told attendees at an event last year that “before your first cup of coffee in the morning, you’ve used space.” This dependence on a complex set of systems that are constantly orbiting the Earth has brought the need for cybersecurity protection into sharp focus.
“This value is not just military; it’s also economic,” Thompson said. “It’s not just American; it’s also a value for the entire world, particularly our allies, as we’ll depend upon space and space systems. It’s truly a remarkable time, and cybersecurity is a vital element of everything in our national security space goals.”
For the complete four-day Space & Cybersecurity Symposium event lineup, click here. (* Disclosure: TheCUBE is a paid media partner for the Space & Cybersecurity Symposium. California Polytechnic State University, the sponsor for theCUBE’s event coverage, has no editorial control over content on theCUBE or SiliconANGLE.)
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.