Prepared by the CyberWire (Friday, March 3, 2017)—Patching, buggy software, inadvertent (and in some case deliberate) interference with space assets, rapidly maturing operational concepts for cyber warfare, and some indications of the likely cybersecurity direction of commercial space enterprises highlight this month's news.
Patching across IT and OT
NASA's Inspector General in early February released an audit report on industrial control system security within the space agency. NASA sensibly commissioned the study because of the extent to which operational technology has evolved away from manual systems toward increasingly comprehensive automation. The report makes interesting reading, particularly in its strong object lessons about two often remarked issues: first, the degree to which cybersecurity reflects the IT culture in which it emerged as a discipline (and which can lead its practitioners to overlook some of the operating technology issues they must now address) and second, the importance of verifying that patches won't have unintended consequences before they're applied in production environments. Among the findings was this: application of a security patch to software used to control a large engineering oven caused a reboot that stopped the oven's monitoring equipment from running. This effectively disabled both temperature control systems and "impeded alarm activation," causing a fire that burned undetected for three-and-a-half hours.
GPS security and availability
Concerns about disruption of navigation systems—GPS prominently among them—persist. Spirent warns that such systems—GPS, GLONASS, Galileo, and BeiDou—should expect to see more jamming and spoofing in the relatively near future. Their assessment is based largely on a priori possibility, and the fact that Spirent's GPS interference detectors have observed more than 15,000 incidents since they were deployed in 2015. Many of those have been inadvertent, but there have for some time been criminal gangs who've worked on GPS jamming and spoofing, and nation-states certainly have such capability.
Loss of GPS is a significant risk to aerospace operations: on February 22, SpaceX postponed delivery of 2500 kilos of supplies to the International Space Station because its Dragon cargo capsule experienced a problem with its GPS.
Israel Aerospace Industries (IAI) is offering an anti-jamming system for GPS. Called "ADA," the system is now deployed by the Israeli air force and has been approved for export.
In the US, the Air Force has awarded Boeing a five-year contract to support GPS IIA and IIF satellites currently in orbit.
Cyber security for the USAF ICBM force
The US Air Force is preparing to award two contracts for modernizing its deterrent force from the legacy Minuteman system to the new Ground-Based Strategic Deterrent (GBSD). Northrop Grumman, Lockheed Martin, and Boeing are competing for the work. Northrop Grumman emphasizes that its proposal will contain a heavy component of cyber resiliency for the new force. Awards are expected in September of this year.
Cyber war and space war
The current Chief of Staff of the US Air Force expects to be preoccupied with space threats during his tenure. Although a younger domain than space, cyber probably sees a more fully developed US offensive capability than does space proper. Should US space assets come under attack—and cyberattack is one likely form in which such a threat could arrive—US policymakers see it as unlikely they would retaliate with a kinetic attack against the adversary's spacecraft. Rather, cyber retaliation or kinetic operations against enemy ground stations are regarded as far more likely. The probable adversaries most interested in challenging US ability to exploit space are seen as China, Russia, and North Korea.
Admiral Rogers, Director NSA and Commander, US Cyber Command, is interested in pushing a full spectrum of cyber capabilities down to the tactical level. All three Service Departments—Army, Navy, and Air Force—are working along these lines as well. As they do so, they're evolving tactical doctrine and integrating cyber operations into collective training exercises.
When space goes commercial, how will commerce secure itself?
Elon Musk's SpaceX, mentioned above in connection with the delayed Dragon resupply of the International Space Station, is probably as good a bellwether as any for the likely form commercial spaceflight will assume in the near future. Branden Spikes, who's worked as Musk's CIO for several years, tells Business Insider that Musk was concerned about building cybersecurity into SpaceX from the time of its founding. As Spikes put it, "In fact, on day one of creating the network at SpaceX, he's like, 'Don't let them hack us.'" He goes on to say that getting board-level attention for cybersecurity issues has never been a problem for him at SpaceX.
There was a major merger announced in the commercial space sector at the end of February: Intelsat SA and OneWeb Ltd. announced a "conditional combination agreement" lubricated by an infusion of $1.7 billion from OneWeb backer Softbank. The combined company is seen as a play in the increasingly lucrative broadband market: demand for affordable broadband is surging. It need hardly be pointed out that mergers bring with them heightened cyber risk. And all of that broadband capacity will also have to be secured somehow, by someone.
Today's edition of the CyberWire reports events affecting China, Israel, the Democratic Peoples Republic of Korea, Russia, and the United States.
Industrial Control System Security Within NASA's Critical and Supporting Infrastructure(NASA Office of Inspector General, Office of Audits) In keeping with the evolution of technology, NASA has increasingly moved away from isolated, manually controlled operational technology (OT) systems to an environment in which physical processes are controlled with sophisticated and interconnected information technology (IT) equipment. As more devices become “smart” through wireless connectivity, OT systems that once required hands-on manipulation such as adjusting a valve or flipping a switch can now be controlled remotely.
SoftBank-backed OneWeb to merge with Intelsat(Reuters) OneWeb Ltd, a U.S. satellite startup backed by Japan's SoftBank Group Corp, and debt-laden satellite operator Intelsat SA agreed to merge in a share-for-share deal on Tuesday.
Intelsat's stock soars on report of OneWeb merger(SpaceNews) Intelsat's stock rose 25 percent Monday following a report from Britain's Sky News that the global satellite fleet operator is in advanced talks over a merger with the well-capitalized startup OneWeb.
U.S. Air Force Awards $875 Million for Cryptography and Information Assurance(SIGNAL Magazine) General Dynamics Mission Systems, Scottsdale, Arizona (FA8307-17-D-0006); Harris Corp., Rochester, New York (FA8307-17-D-0007); L-3 Systems Corp., Camden, New Jersey (FA8307-17-D-0008); Leidos Inc., Columbia, Maryland (FA8307-17-D-0009); Raytheon, El Segundo, California (FA8307-17-D-0010); Sypris Electronics LLC, Tampa, Florida (FA8307-17-D-0011); and ViaSat Inc., Carlsbad, California (FA8307-17-D-0012) have been awarded a combined not-to-exceed $875 million indefinite-delivery/indefinite-quantity contract.
Colorado Springs' growing cyber industry takes center stage(Colorado Springs Gazette) The growth of the cybersecurity industry in Colorado Springs was in the spotlight at the Rocky Mountain Cyberspace Symposium as generals and Colorado Gov. John Hickenlooper touted the burgeoning field in the Pikes Peak region.
IAI Debuts GPS Anti-Jamming System(Defense News) The laptop computer-sized system is based on the firm’s multichannel Controlled Reception Pattern Antenna technology designed to render avionics systems immune to direct electronic attack from GPS jammers or other methods of interference.
Information Warfare: HVIs Wanted Dead Or Alive(Strategy Page) The U.S. Air Force recently revealed that during 2016 its component of U.S. Cyber Command (USCYBERCOM) conducted 4,000 Cyber War operations to obtain useful information (often about location) on more than 100,000 targets.
Security, Modularity Drive Navy Cyber(SIGNAL Magazine) Cleaner, more modular software that can be updated with less fuss tops the U.S. Navy’s wish list as it girds its fleet for warfighting in cyberspace.
NSA head Rogers pushes to loosen reins on cyberweapons(TheHill) Adm. Michael Rogers — both head of the National Security Agency (NSA) and Cyber Command — is pushing for widespread changes to the U.S.'s treatment of cyber weaponry, including contracting private sector firms to develop arms.
Assessing US capabilities in cyberspace(Fifth Domain | Cyber) Among the proposals and directives outlined in the three drafts are four cyber reviews, including a full-scale assessment of the nation’s capabilities in cyberspace.
Cybersecurity Must Take Front and Center National Attention, Experts Say(SIGNAL Magazine) Cybersecurity can no longer be viewed as a technology-only problem and segmented into stovepipes where the U.S. Defense Department carries out one set of tasks; the civilian government another; and industry does its own thing, said Adm. Michael Rogers, USN, director of the NSA and commander of U.S. Cyber Command.
The Coming War in Space(US News and World Report) The Joint Chiefs briefed President Donald Trump on space, as officials consider how to keep it benign amid Russia and China’s ambitions.
Battle Staffs Need More Cyber Training, Leaders Say(GovTechWorks) Military cyber operations capabilities are developing faster than planners and commanders can use them on the battlefield. This reality prompted a fresh look at classification and training to ensure battle staffs know how and when to employ cyber effects.
Mattis mulls consolidation in IT, cyber(FCW) In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.