UPDATED 12:30 EST / OCTOBER 07 2020

SECURITY

Defense Department and NSA officials lead initiatives for US cybersecurity strategy

The process of combating threats in cyberspace is a multi-front war. Criminal organizations, nation states and even “lone wolf” hackers with too much time on their hands can launch attacks that have the potential to cause major economic damage or significant personal disruption.

In recognition of this harsh new cyberworld, the U.S. government issued a document called “National Cyber Strategy” in 2018. It was the first new cyber strategy document released by the federal government in 15 years, and it outlined a broad framework encompassing workforce development, supply chain management and properly securing government networks as critical steps in the nation’s defense.

“It calls for like-minded countries, industry, academia and civil society to support technology development, digital safety policy, advocacy and research,” said Arsenio “Bong” Gumahad II (pictured, left), director of the C4/ISR Division at the Office of the Under Secretary of Defense for Acquisition and Sustainment for the Department of Defense. “It’s truly a mindset and culture of enabling a mission to succeed in an assured and resilient fashion. Our role is to be the leader in developing not only the strategy, but the implementation plans to ensure full cybersecurity.”

Gumahad spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the Space & Cybersecurity Symposium. He was joined by Chris Henson (right), technical director of Space & Weapons Cybersecurity Solutions at the National Security Agency, and they discussed key elements for strategic cybersecurity success, protecting the space infrastructure, a need for closely monitoring the supply chain, private sector initiatives, and expanding the cyber talent pool. (* Disclosure below.)

Channeling data for defense

The DOD has defined its role in support of the National Cyber Strategy based on three key areas for success, according to Gumahad. These include developing the government’s approach in close partnership with the private sector and allies, prioritizing investments in resiliency, innovation and adaptive operations, and responding rapidly to leverage emerging technologies.

The integration of space into the framework for national defense has led the military to introduce a warfighting concept known as Joint All-Domain Command and Control, or JADC2. The vision behind JADC2 is having data channeled effectively across the five major defense platforms of land, sea, air, cybersecurity and space.

“Space is the newest war fighting domain, and cybersecurity is perhaps even more of a challenge in this domain than others,” Gumahad said. “The objective of JADC2 is to provide the war fighter access to decision-making information while providing mission assurance of the information and resilience of the underlying terrestrial air and space networks that support them. It is the framework under development to allow us to conduct integrated operations in the future.”

The National Cyber Strategy has since been recently expanded to include cybersecurity in space, a recognition that the growing constellations of satellites constitute critical infrastructure vulnerable to attack and in need of protection. Space Policy Directive 5, released by the U.S. government in early September, establishes a set of principles to protect space assets from cyberthreats.

“It’s starting really at the highest level of government,” Hanson said. “It recognizes all the factors of cybersecurity that need to come into play. Space will be that natural node, that natural next network in mesh involvement that we’ll have to protect.”

Zero trust and supply chain security

How will the government protect space assets? Much of the strategy appears to revolve around a number of key practices that have been embraced by the information security community in the past.

One of these involves the concept of zero-trust architecture. In August, the National Institute of Standards and Technology launched the final version of a zero-trust framework for implementation throughout the federal government.

“We’re looking at a zero-trust architecture, one of the NIST standards,” Hanson said. “It’s the idea that not just anybody should be able to have access to data or not just anybody should have access once they’re on the inside of the network. Zero-trust architecture is one approach where we can show some leadership and guidance.”

Another area of focus for the DOD involves supply chain security. Reliance on nations outside of the U.S. to provide critical space technologies poses its own risks.

This concern was outlined recently by Richard Weitz, director of the Center for Political-Military Analysis at the Hudson Institute. Weitz noted that the U.S. had reduced its reliance on Russian technologies for its space program and should consider doing the same for China as well.

“All of our industries that have these companies that are being purchased or there’s a large foreign investment into those, they can be suspect and we have to be very careful,” Hanson noted.

Support for private satellites

While collaboration with foreign businesses in the building of space systems will likely be approached with caution, military officials have been supportive of private initiatives in space by U.S. firms. The Starlink constellation is part of an ambitious program by SpaceX Corp. to launch 12,000 satellites into Earth’s orbit. And in July, the Federal Communications Commission cleared the way for Amazon Inc.’s Project Kuiper to launch over 3,200 satellites for its own constellation.

“The commercial world is pioneering high-rate production of small satellites in their efforts to deploy hundreds if not thousands of nodes,” Gumahad said. “We see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensor diversity and many more. We are currently exploring how to better integrate DoD activities involving small satellites under the small satellite coordinating activity.”

A major problem confronting the Department of Defense and private industry remains the lack of enough talented people to provide cybersecurity support for an expanding space infrastructure. A survey released late last year from ISC(2) found that the amount of people needed to close the skills gap exceeded 4 million professionals, which required a 62% increase in the U.S. workforce alone.

To help address this problem, schools such as California Polytechnic State University have implemented creative programs to generate interest in the cybersecurity field among middle and high school students. One “challenge” was to analyze causality when a fictional satellite crashes to Earth mid-launch.

“I was intrigued by the approach that Cal Poly was taking with middle school and high school kids,” Gumahad said. “Here you had a satellite that came down from space, and part of the challenge was to do forensic analysis on the debris, the remaining pieces of the satellite, to figure out what happened. I look forward to future events like that to get our young people intrigued and interested in this new field of space.”

For the complete four-day Space & Cybersecurity Symposium event lineup, click here(* Disclosure: TheCUBE is a paid media partner for the Space & Cybersecurity Symposium. California Polytechnic State University, the sponsor for theCUBE’s event coverage, has no editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU