Other Services hand roles, missions, spacecraft, and units over to Space Force.
Space Force as an opportunity for acquisition reform.
Cyberespionage directed against defense and aerospace companies.
"Every company is a space company."
Michael Collins, rest in peace.
Other Services hand roles, missions, spacecraft, and sometimes units to Space Force.
A decision is expected shortly on which US Navy and Army units will transition to Space Force, C4ISRNet reports. In some cases they'll bring their missions with them. The Army's plans have yet to be announced, but some of the Navy's are now a matter of public knowledge. The Navy's Mobile User Objective System (MUOS), a constellation of five UHF narrowband communications satellites that had been managed by the Naval Information Warfare Systems Command's space program office. More than MUOS will go to Space Force. In total the Navy intends to hand thirteen satellites over to Space Force, Military.com writes. That transfer, however, stops at science and technology: the Navy is very clear that it intends to retain the space research programs and capabilities of the Naval Research Laboratory.
The Air Force has acknowledged the ways in which missions have shifted in its new mission statement. Since 2008 the US Air Force's mission statement had been, "Fly, fight and win... in air, space and cyberspace." Space and cyberspace have now disappeared from the mission statement, which is now, "To fly, fight, and win...airpower anytime, anwhere." Military.com quotes an Air Force background release as explaining, "The Air Force can now focus solely on Airpower and maintain a sustained focus on core air domain missions." The shift in mission statement will have an effect on Air Force doctrine as well. Air Force Magazine notes that the Service's new capstone doctrine manual, Air Force Doctrine Publication 1, issued April 22nd, concentrates on the air domain, leaving space to Space Force.
Space Force is expected to grow from 2400 active-duty members to some 6400 by the end of this calendar year. There will also be a reserve component numbering about 1600, which will be contributed mostly by the Air Force's 310th Space Wing. An essay in the Air Force Times argues that the reservists themselves should have a major say in the design of their component. The regulars often miss details that are obvious to the reservists.
Space Force as an opportunity for acquisition reform.
Among the hopes for Space Force are that it will bring with it a new acquisition system, more agile and more ready to accomodate emerging technologies than the familiar, requirements-bound Defense acquisition system that many have seen as better suited to avoiding litigation than fostering innovation. The existing system isn't without its virtues, but it has for decades been criticized as sclerotic and sometimes wasteful. An op-ed in Breaking Defense sees Space Force as a chance for a new beginning, but cautions that the window for a new approach won't remain open indefinitely.
Cyberespionage directed against defense and aerospace companies.
April saw widespread alarm over Chinese and Russian cyberespionage. US Federal agencies figure prominently among the targets, but so do companies in the Defense Industrial Base, and aerospace firms outside theUS. Some of the challenges, Information Security reports, will be addressed by US Space Command's new cybersecurity center, intended to forge a closer link between Space Command and its sister combatant command, US Cyber Command.
Operations connected with China.
Researchers at Kaspersky early in April outlined a campaign by APT10 directed against Japanese industrial targets. APT10 is the Chinese government advanced persistent threat also known as Red Apollo, MenuPass, Potassium, and Stone Panda. The goal is apparently industrial espionage. The campaign is a long-running one that's been active, generally, at least since March of 2019. The most recent surge in activity came in January. "The actor leveraged vulnerabilities in Pulse Connect Secure in order to hijack VPN sessions," Kaspersky said, "or took advantage of system credentials that were stolen in previous operations." The Hacker News explains, "The infection chain leverages a multi-stage attack process, with the initial intrusion happening via abuse of SSL-VPN by exploiting unpatched vulnerabilities or stolen credentials.
An earlier and ongoing, state-directed cyber incident afflicting US systems, of course, is China's operation against vulnerable instances of Microsoft Exchange Server. It's continuing to give Washington fits, the Washington Post writes. Much of the Microsoft activity in April's Patch Tuesday, an unusually busy one, surrounded Exchange. Redmond addressed a large number of vulnerabilities (one-hundred-eight bugs in total across its several products, including, as BleepingComputer points out, five zero days). NSA, which CBS News and others credit with disclosing some of the zero days to Microsoft, is urging all organizations to apply the patches as soon as possible.
CISA, the US Cybersecurity and Infrastructure Security Agency, has also updated its Emergency Directive 21-02 to require that the Federal agencies it oversees immediately apply the Microsoft Exchange Server patches immediately. CISA directs the dot gov world to:
First, deploy Microsoft updates to all their on-premises Exchange servers by midnight tomorrow. If for some reason an agency can't update a server by the deadline, it must immediately remove that server from its networks.
Second, apply and maintain technical and management controls to ensure that any "newly provisioned or previously disconnected endpoints are updated before connecting to agency networks."
Third, report completion by noon Friday. CISA has provided a template for all agencies to use when rendering their reports.
And, fourth and finally, immediately report any incidents or indications of compromise that appear during the update.
There's also significant cyberespionage directed against widely used virtual private networks (VPNs). Pulse Secure, whose VPN is commonly used in Government and the defense sector, is addressing vulnerabilities in the Pulse Connect Secure VPN publicly reported by FireEye's Mandiant unit. CISA, the US Cybersecurity and Infrastructure Security Agency, has issued an Alert on the vulnerabilities, providing technical details and urging organizations to apply the mitigations Pulse Secure has provided.
CISA says, "The cyber threat actor is using exploited devices located on residential IP space—including publicly facing Network Attached Storage (NAS) devices and small home business routers from multiple vendors—to proxy their connection to interact with the webshells they placed on these devices. These devices, which the threat actor is using to proxy the connection, correlate with the country of the victim and allow the actor activity to blend in with normal telework user activity." There's no clear evidence, yet, of lateral movement, but it remains a possibility.
Federal agencies are getting more than encouragement from CISA. The agency has issued Emergency Directive 21-03, requiring all organizations under its jurisdiction to "enumerate all instances of Pulse Connect Secure virtual and hardware appliances hosted by the agency or a third party on the agency's behalf," and then, by 5:00 PM EDT this Friday, to run the Pulse Connect Secure Integrity Tool on every such instance.
According to Reuters, exploitation of the secure email product, which heavily affects US, and European defense firms (Nikkei suggests Japanese firms are also affected), is being attributed to Chinese intelligence services. The Chinese government dismisses FireEye's attribution as "irresponsible and ill-intentioned," because Beijing "firmly opposes and cracks down on all forms of cyber attacks." CyberScoop reported that at least two dozen US agencies are known to run the VPN, but how many of those were compromised remains unclear. A number of those users are national laboratories involved with defense and national security work. CNN says that at least five Federal agencies appear to have been affected. This represents the third major software supply chain compromise that's come to light in 2021, the Voice of America notes.
In fairness to Beijing, not all the groups actively seeking to exploit Pulse Secure vulnerabilities are believed to be working on behalf of the Chinese government. CSO and others point out that several different threat actors have been working against Pulse Secure. In this respect the incident resembles the Microsoft Exchange Server exploitation, where criminal gangs jumped onto the vulnerabilities in the wake of a state-run campaign.
Operations connected with Russia.
The SolarWinds supply chain compromise is also long-running, and ongoing. The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Alert warning that it had found instances of the Supernova malware during a CISA incident response. The "affected entity" is addressing the attack, and CISA says its own engagement with this incident is continuing. (Supernova is the backdoor associated with the SolarWinds compromise.)
RiskIQ has a useful rundown of the SolarWinds incident to date. One of the things they note is the difficulty of attribution. The US Government, from the White House to CISA and NSA, has been pretty unambiguous in calling out Russia's SVR ("Cozy Bear," familiarly) as the actor behind the campaign, and those last two mentioned agencies published some of the malware used in the incident that they say they've traced to the Russian organs.
RiskIQ points out that the private sector has generally been more tentative in its attribution. It's not that the private sector thinks the Russian services innocent, but rather that the kinds of similarities in tactics, techniques, and procedures private sector analysts look for were in this case ambiguous. RiskIQ thinks this ambiguity was deliberate, and they agree with the US officials who attributed the campaign to the SVR. "Pattern avoidance was a tactic used in all aspects of the SolarWinds campaign," they say. The threat actors used different command-and-control IP addresses for each victim, and that in itself makes the correlation analysts like to use more difficult. The researchers found that Cozy Bear's infrastructure "was registered under varying names and at different times over several years to avoid establishing a traceable pattern." The SVR probably bought the domains from resellers or at auction.
Cozy Bear also hosted its campaign infrastructure, at least their first-stage infrastructure, entirely within the US. That's not only likely to lend an air of innocence to their traffic, but it also means that they may be more likely to escape the attentions of the US National Security Agency, whose remit is of course foreign intelligence and not domestic surveillance.
The second stage of the campaign was still mostly hosted in the US, but by the third stage Cozy Bear was largely working from overseas. The shifts were probably intended at least in part to avoid falling into the sort of pattern that would alert observers. The threat actor also had its first-stage implant "beacon to its command-and-control servers with random jitter after two weeks." The second stage used the familiar penetration testing tool Cobalt Strike, and the malware used in the third stage looking nothing like the tools used earlier in the campaign. Analysts who found one stage's malware would have found it difficult to follow the attack into other stages.
"Taken together," the RiskIQ researchers write, "the threat actors implemented their TTPs in this campaign to avoid resemblance to prior patterns associated with APT29 or any of the other known Russian APT groups. Researchers or products attuned to detecting known APT29 or other Russian APT activity would fail to recognize the campaign as it was happening. And they would have an equally hard time following the trail of the campaign once it was discovered." But they're confident that their own telemetry also points to APT28, the SVR, Cozy Bear herself.
The US FBI and CISA, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, have released a joint description of trends in SVR cyber activities, summarizing the current state of the Russian foreign intelligence service's operations against the US and allied networks it targets. They offer recommendations to organizations who may become targets:
"Auditing log files to identify attempts to access privileged certificates and creation of fake identify providers."
"Deploying software to identify suspicious behavior on systems, including the execution of encoded PowerShell."
"Deploying endpoint protection systems with the ability to monitor for behavioral indicators of compromise."
"Using available public resources to identify credential abuse within cloud environments."
"Configuring authentication mechanisms to confirm certain user activities on systems, including registering new devices."
The SolarWinds incident also raised concerns about the degree to which operational technology might have been compromised, either actually or potentially. NSA has taken note. The U.S. National Security Agency released a Cybersecurity Advisory covering ways of stopping malicious activity against connected operational technology - that is, OT - networks. The Agency gives as its motivation for the Advisory a recent shift in adversary attacks. Quote, "recent adversarial exploitation of IT management software and its supply chain has resulted in publicly documented impacts across the U.S. government and the Defense Industrial Base. Malicious cyberactivities directed at OT also continue to threaten these networks."
NSA advocates a rigorous, cost-risk-benefit analysis of any connectivity. At its highest level, the Advisory recommends a two-step process. First, determine whether the cost of connecting OT networks to IT network, and especially the cost of increased risk, is worth the benefits it might bring, such as greater efficiency, reduced labor costs and so on. This cost-versus-risk-versus-benefit analysis should take it as a guiding assumption, NSA says, that a standalone, unconnected, islanded OT system is safer from outside threats than one connected to an enterprise IT system with external connectivity, no matter how secure the outside connections are thought to be.
Second, should you decide in favor of connecting IT and OT networks, systematically improve the cybersecurity of those networks, with particular attention to managing, monitoring and baselining the systems.
"Every company is a space company now."
An essay in Quartz riffs on the familiar trope that every company is now an IT company, but the point it makes is that every company is now a space company. It's not simply a gimmick headline, either. The piece takes as its central piece of evidence the contents of ARKX, the ARK Space Exploration and Innovation Exchange Traded Fund (ETF). The ETF explains its investments as follows: "The Adviser defines 'Space Exploration' as leading, enabling, or benefitting from technologically enabled products and/or services that occur beyond the surface of the Earth." Its investments fall into four broad categories:
"Orbital Aerospace Companies are companies that launch, make, service, or operate platforms in the orbital space, including satellites and launch vehicles."
"Suborbital Aerospace Companies are companies that launch, make, service, or operate platforms in the suborbital space, but do not reach a velocity needed to remain in orbit around a planet."
"Enabling Technologies Companies are companies that develop technologies used by Space Exploration related companies for successful value-add aerospace operations. These operations include artificial intelligence, robotics, 3D printing, materials and energy storage."
"Aerospace Beneficiary Companies are companies whose operations stand to benefit from aerospace activities, including agriculture, internet access, global positioning system (GPS), construction, imaging, drones, air taxis and electric aviation vehicles."
It's the less than obvious holdings, as Quartz points out, that are interesting. These include John Deere, Netflix, NVidia, and Alibaba. Those holdings are evidence of how pervasive GPS technology has become, but also of how quickly telecommunications infrastructure is moving into orbit. (There are, of course, also obvious space companies, and Analytics Insight has an overview of several of those, picking SpaceX, Blue Origin, and Northrop Grumman as the pick of the litter.)
"Space development has reached an inflection point, transitioning from a phase of discovery to phases of security and commerce."
"Spacefaring countries and companies are harnessing new technologies to push new boundaries, uncovering value while simultaneously opening the door to chaos and competition."
"The United States and its allies and partners must take action over the next three decades to secure a future of security and prosperity."
In memoriam: Michael Collins.
One of the icons of space exploration's heroic era, Apollo XI's command module pilot, astronaut Michael Collins, passed away on April 28th, 2021, at the age of 90.
A West Point graduate born into an Army family, Collins entered the young Air Force upon graduation in 1952 and subsequently served as a fighter pilot and test pilot. He decided to apply for NASA's astronaut program during Project Mercury, and was accepted in 1963 as a member of the third astronaut cohort. His first spaceflight was aboard Geminia X, during which he made a spacewalk. Selected to pilot Apollo XI's command module Columbia, he and his crewmates, commander Neil Armstrong and lunar module pilot Buzz Aldrin, trained for six months before their launch on July 16th, 1969. The outlines of the flight are of course well-known.
In later years Collins most remembered the sight of earth from lunar orbit, saying on the occasion of the mission's fiftieth anniversary in 2019, "I more and more am attracted to my recollection, not of the moon, but of the Earth. Tiny, little Earth in its little black velvet background."
Air Force Times quotes him on the advances he saw in life, and those he looked forward to for future generations: "I am too old to fly to Mars, and I regret that. But I still think I have been very, very lucky. I was born in the days of biplanes and Buck Rogers, learned to fly in the early jets, and hit my peak when moon rockets came along. That's hard to beat."
So Michael Collins, rest in peace. (And he left one small legacy in earth orbit: a camera he accidentally dropped during Gemini X is still up there.)
Today's edition of the CyberWire reports events affecting .
US Agencies, Defense Companies Hacked Via VPNs(Breaking Defense) Threat actors are targeting one newly discovered and three previously known vulnerabilities in Pulse Connect Secure enterprise VPNs, according to a CISA emergency directive and alert, as well as blog posts by FireEye and Ivanti. "There is no indication the identified backdoors were introduced through a supply chain compromise of the company's network or software deployment process," FireEye noted.
Counterspace 2020: All (Pretty) Quiet On The ASAT Front(Breaking Defense) "From the evidence we have available, it sure looks like Russia is a bigger counterspace threat than China, which is contrary to a lot of the public discussion that focuses almost entirely on China," said SWF's Brian Weeden.
Space Force Eyes Buying Commercial Satellite ISR(Breaking Defense) "Comms, data relay, remote sensing, and even ISR and some other things -- [these] capabilities are increasingly available in the commercial market," Space Force deputy Lt. Gen. DT Thompson said today.
Virgin Orbit Wins HyperSat, QinetiQ Constellation Launch Contract(Via Satellite) Defense and security company QinetiQ and geospatial analytics firm HyperSat selected Virgin Orbit to launch a series of six hyperspectral satellites to Low-Earth Orbit (LEO) on its LauncherOne system. Virgin Orbit will launch the first of the six satellites no earlier than 2023. No timetable was given for the launch
Northrop sees focus as its friend in a crowded space landscape(Washington Technology) SpaceX's win (under protest) of the NASA moon lander highlighted how the overall space market has changed in both commercial and government segments, so Wall Street is wondering what Northrop Grumman and other defense companies make of it.
Huge Navy Exercise Helps Admirals Decide How to Remake Fleet(Breaking Defense) "We are going to do a live-fire offensive exercise," Rear Adm. Jim Aiken, Carrier Strike Group 3 commander told reporters Tuesday. "We are going to use the unmanned surface, unmanned air, and manned air and surface to provide a targeting solution."
Russia is going back to the moon this year(Space.com) Russia is revisiting its Soviet space heritage for a new series of missions that will take the nation back to the moon with five spacecraft to launch beginning this year.
DoD Space Threat Intel Not Good Enough(Breaking Defense) "While our adversaries have rapidly advanced a great spectrum of threats ... that are intended to defeat US space capabilities, we're only beginning to get our act together," said Jeff Gossel, senior intelligence engineer at the National Air and Space Intelligence Center (NASIC).
Space Force To Boost Threat Tracking(Breaking Defense) "I want to be able to identify what [the threat] is, I want to be able to attribute it to whomever is the adversary that's taken that shot, as an example, and then, I've got to be able to share that information," says Maj. Gen. Leah Lauderback, who heads the ISR Directorate.
Theater Commands OK SDA's Sat Plans: EXCLUSIVE(Breaking Defense) Military operators will be able (at least virtually) to ill be able to (at least virtually) "sit side-by-side, elbow-to-elbow with the SDA test team" as the various satellite "layers" are put through their paces.
Space Command to launch Joint Cyber Center(FedScoop) The unified combatant command overseeing the military's joint operations in space is working to stand up a Joint Cyber Center, its commander told senators Tuesday.
The path to a more resilient and robust GPS(C4ISRNET) To ensure GPS remains the gold-standard for PNT, Congress should continue investing in new satellites, a modern ground control, and eliminate restrictions on the commercial use of more resilient GPS receivers.
DNC Recommendations for Combating Online Disinformation(Democrats) Social media platforms have quickly become a major source of news for Americans. In a 2018 survey¹, over two-thirds of Americans reported getting at least some of their news from social media — including 43% of Americans from Facebook, 21% from YouTube, and 12% from Twitter. In this new media landscape, social media platforms are the first line of defense against digital disinformation.
Navy, Marines Push Plans To Transform How They Fight(Breaking Defense) Putting a variety of unmanned capabilities through their paces "in a Pacific warfighting scenario," Rear Adm. Robert Gaucher, Pacific Fleet's director of maritime headquarters, said in a statement, the exercise "will include maneuvering in contested space across all domains, targeting and fires, and intelligence, reconnaissance and surveillance."
NASA's Mars helicopter takes flight, 1st for another planet(Yahoo) NASA's experimental helicopter Ingenuity rose into the thin air above the dusty red surface of Mars on Monday, achieving the first powered flight by an aircraft on another planet. The triumph was hailed as a Wright Brothers moment. The mini 4-pound (1.8-kilogram) copter even carried a bit of wing fabric from the 1903 Wright Flyer, which made similar history at Kitty Hawk, North Carolina.
What focus areas are key to America's future space capabilities?(Defense News) Increased concentration on space is welcome. However, Pentagon decisions about future priorities, activities and investments should continue to sharpen its focus on the technologies and capabilities required to exploit new architectures and approaches in space.
USAF Releases New Airpower Doctrine(Air Force Magazine) The Air Force released a new doctrine that outlines the basic tenants of airpower, how and why the service fights, and reiterates USAF core values.
US Should Push New Space Treaty: Atlantic Council(Breaking Defense) "If everybody we talk to is the enemy, and there's a boogeyman behind every question and every opportunity, we're not going to go anywhere," retired Marine Corps Gen. Hoss Cartwright says. "We're frozen."
Fix Space Force Acquisition Now!(Breaking Defense) This is the first time in nearly 70 years where the Defense Department can craft a wholly new service with new pathways to buy and field equipment. At its core this means building a culture of risk acceptance and tolerance -- not avoidance.
Space Force is suddenly the go-to armed service(Washington Examiner) U.S. Space Force got a boost when thousands of March applications for transfer arrived from the Army, Navy, and Marine Corps, but other bureaucratic slowdowns may prevent it from keeping pace with adversaries, experts say.
President Biden Announces his Intent to Nominate Key Members for the Department of Defense(The White House) WASHINGTON – Today, President Joe Biden announced his intent to nominate Ronald Moultrie for Under Secretary of Defense for Intelligence & Security, Michael J. McCord for Under Secretary of Defense (Comptroller), and Michael Brown for Under Secretary of Defense for Acquisition & Sustainment. Ronald Moultrie, Nominee for Under Secretary of Defense for Intelligence & Security…
Biden Nominates Shyu To Lead Weapons Transformation(Breaking Defense) If confirmed, Shyu and Brown will come into the Pentagon in the midst of what civilian leaders promise is a major shift: divesting old, Cold War-era equipment for new generations of AI-enabled weapons, unmanned systems, and hypersonic missiles.
SecAF Nominee Kendall Expected To Deep Dive On Space Acquisition(Breaking Defense) Frank Kendall has a reputation as a tough nut — having wrestled to the ground any number of messy DoD programs when he led the Obama Pentagon's acquisition shop — including the troubled OCX operating system for GPS, and the aftermath of the Army's Future Combat System disaster. So maybe he is just what DoD needs in an Air Force Secretary as it struggles to sort out the tangled lines of budgetary and decision-making authority for the Air and Space Force, say a number of former DoD officials.
Court denies DOJ, Microsoft bid to dismiss protest of lucrative JEDI contract(Washington Business Journal) The Court of Federal Claims denied motions by the Department of Justice and Microsoft Corp. (NASDAQ: MSFT) to dismiss the Joint Enterprise Defense Initiative (JEDI) contract protest Wednesday, keeping the long-running dispute over the Pentagon's signature — and highly lucrative — cloud contract ongoing.