The Poor Cybersecurity of US Space Assets

Good policy paper (summary here) on the threats, current state, and potential policy solutions for the poor security of US space systems.

Posted on July 30, 2018 at 12:08 PM • 17 Comments

Comments

TatütataJuly 30, 2018 2:59 PM

I browsed through the document, alas I didn't see anything beyond a lot of management speak.

e.g.:

Space Asset Organizations should: • Apply existing cybersecurity standards and best practices to space assets and where necessary, develop new, tailored standards for unique components of space assets;

What an insight!

Later, about GPS:

This is a technique known as jamming.

No sh*t, Sherlock.

Yaaaaaaawn.

I considered inserting an appropriate childish Dilbert cartoon, or run the text through Dissociated Press, but it ain't worth it.

I think I was kind of expecting decibels, system margins, orbits, and suchlike. To my defense, I always had occupations where carrying a half-dozen pens in your shirt pocket didn't look out of norm.

Mr. PoppycockJuly 30, 2018 3:42 PM

It all makes sense now:

Ash Carter
Director, Belfer Center for Science and International Affairs, Harvard Kennedy School
Belfer Professor of Technology and Global Affairs
Member of the Board
Former United States Secretary of Defense (2015-2017)

WeatherJuly 30, 2018 5:40 PM

They are different they need (radiation) protection so I technically system do not apply, but have you seen a computer that was 3mm, mm that could access that, maybe 7f80 can look good, no no weapon but if deiognoise can open the channel, will look for a place at rest weather you can take sunburn. The database is long gone, maybe you need a craft knife

Bauke Jan DoumaJuly 30, 2018 6:14 PM

Seeing the headline, I thought this was an article about the The Poor of the US.

Bauke Jan DoumaJuly 30, 2018 6:22 PM

Dedicated to @Tatütata

Last week, I saw the ISS come over every 90-odd minutes.
Very nice. I felt connected.
I was thinking to get out my pen laser, but didn't bother.
Its battery would be dead anyhow, probably.
Pondering, I suppose air gapping ain't what it used to be.

WeatherJuly 30, 2018 6:42 PM

Did you get the army base that we downloaded the field manual from, I should have saved hmx, petn c4, hmtd, ap, tnt, or do you want me to tell you how to throw a humvee out of a plane

wiredogJuly 31, 2018 6:29 AM

Looks like word salad day in the comments section here. So:
Space is big
Space is dark
It's hard to find
A place to park

wumpusJuly 31, 2018 9:51 AM

Clicks link, see pile of corporate-bureaucratic speak begging for a budget to do nothing with.

Reality check:
In 2014 independent hackers located ISEE-3 and established contact. This was not an attempt of hostile takeover, as the system had been lost for decades. As far as I know, location and establishing contact was successful, but the system was to far damaged/decayed to fire a rocket and establish a working orientation (sensors weren't pointed in the right direction, possibly also a high gain antenna not pointed anywhere).

I'd expect that spacecraft launched since 1987 use *some* sort of encryption on the control lines, but any computer operation in space is vastly more expensive than on Earth (thank the Van Allen Belts for cheap computing) as you often need to run obsolete chips built on sapphire or reprogram slow and expensive (but modern) FPGAs each time a section is destroyed by cosmic rays.

And of course, this leads to the "how do you force an encryption reset after the encryption system fails"? In general this type of thing can at best make an attack obvious to anyone listening on the line, not really lock them out (making your attacks obvious to an organization capable of flinging things into space is not recommended).

Still, it isn't clear how many spacecraft NASA has out there, and how many of them can be taken over by smart and potentially hostile ham radio operators.

Googling "space hacks" includes other claims, that someone flipped a single bit on Voyager 2 (presumably on core memory, flipping dram bits (pre-ECC) should be pretty common on NASA computers, it happens enough on Earth), but that seems like an enormous effort with little to show for it. I really have to wonder just how many examples of unmaintained 40 year old core memory are still being used, and if they ever flip bits on their own.

Of course hacking the spacecraft themselves typically requires specialized radios to even make a connection. One hacker (or hacker group) compromised the twitter feed of NASA's Kepler project and posted porn on it. I suspect that avoiding any politically embarrassing events would be top priority for a so called "space force", especially if such events are certain to be all over the gutter press.

albertJuly 31, 2018 11:37 AM

I suspect that computer security for space systems is no better than that of ground and air systems. Perhaps a little better than civilian infrastructure systems.

And now we have Congress lobbying for 'offensive' cyber-'defense' from the MIL/IC.

An all out attack on the GPS satellites would be considered an act of war, and responded to accordingly.

I'd hate to see WWIII start on that basis.

Technology giveth, and technology taketh away.

. .. . .. --- ....

PeaceHeadJuly 31, 2018 1:28 PM

Does anybody here think that Weaponization of Space is a good idea now?
I sure don't. Weaponization of space is a very bad idea for both technical and geopolitical stability and financial and safety/survival/sanity reasons.

Now that we know people are trying to do it anyhow, please let's consider what kind of persona and organization wants to destabilize geopolitics, financial systems, and safety/survival/sanity.

I'm not blaming any nations, either.

Q: Who lost WWII but was promoted into NASA????
A: NAZI's (via Operation PAPERCLIP)

Enough leading the witness from me, draw your own conclusions.
Peace be with ya.

P.S.-Don't try to sign up with protonmail. They are experiencing technical difficulties.
Just get a disposable email instead or something like what hushmail used to be.

And of course, there are always chatrooms if you don't mind hangin with the botnets (*joking*).
Do NOT hang with the botnets!

vas pupJuly 31, 2018 3:09 PM

@peacehead:

"Q: Who lost WWII but was promoted into NASA????
A: NAZI's (via Operation PAPERCLIP)"

Unfortunately for allies, Nazi Germany engineering , medicine, chemistry folks - the list is very long - was very advanced. Paperclip brought not only rocket man Von Brawn and his team of rocket guys, but also acquired specialists in the fields listed above as well even some of those 'specialists' conduct inhumane experiments on POWs and on people including kids in concentration camps. By the way, President was kept uninformed (he was actually lied to)on that even President openly demanded those who were war criminals should NOT be brought in by paper clip program, but final decision was made not by President.
I guess the most valuable asset allies got from defeated Reich was brain power of it engineering and science.

Politics and morality are not necessary going together. Those who always required you to be moral often the biggest sinners - just observation.

echoAugust 1, 2018 12:58 AM

@albert @vas pup

I suspect gung-ho attitudes are frustrated by sensible treaties. Sane rules put in place before the middle of a conflict scenario and heated tempers and agendas is why we have rule books in the first place. Ditto fantasist politicians behaving like toddlers because they want to break out of the EU playpen. Limits and discussion procedures are there for a reason. Once some hothead starts throwing their weight around they can cause more damage than good.

Clive RobinsonAugust 1, 2018 7:52 AM

@ Tatütata,

Hmm multiple pens in breast pockets that takes me back... I've worked in many environments like that and now have a suprising collection of "borrowed" pens ;-) After all why spoil the cut of your Gratful Dead Tee Shirt by getting a pen anywhere near it. Many nurds appeared frightened of me, maybe it was all the soldering iron scorch marks on the jeans or the long narow screwdriver that was holstered in the outer leg seem. Obviously nothing to do with the fact I occasionaly kicked the top of door frames or could stand in a doorway such that you did not need a door...

@ All,

You may not be aware but NASA has a problem or three to do with technology life cycles. The average life of technology at the chip level these days is 18months and decreasing. It can take NASA twenty years to put a space mission together and get it onto the pad for launch. Then the technology is going to spend another twenty to fourty years doing it's thing. It's not just chips but things like data compression optimal coding improved Forward Error Correction better Error detection and correction all of which make what was impossible to do ten years ago, marginal five years ago and common place today when it comes to link budgets and the like.

But there is also the problem of "Space Qualified" parts, if you are going to throw the odd 20-50million USD on a little box that goes bleep as it orbits the earth, you want a certain degree of confidence it's not going to fail in a small fraction of it's life time. Such cuation usually reasons "We can not test everything so we will only use parts that have spent twenty years in space already...". Thus there is next to no Space Qualified tech that has not yet learnt to shave... As for "the latest thing" nope not a chance if it were not for the likes of Surrey Space who put up "Tech Demonstrators" every year or so with things like "bought from a shop" digital cameras and telephoto lenses even modified mobile phone parts.

but the take away point is that for NASA security is mainly a non issue, because their designs for longevity generally mean bespoke hardware and software designed not just to be fault tollerant but but very resilliant. Thus NASA's real security issues started with the Space Shuttle and consumer grade laptops etc used on individual missions. Yes the ISS apparently did get a bit of malware but it was not much of an issue except for the press. Who on one hand demand to know why things are so expensive whilst almost at the same time demanding lower cost solutions... Guess what lower cost solutions means "Hello Malware" it's just the way life is in this game...

It's quite likely that only one or two readers of this blog have actually designed space ready hardware or any system with a twenty to thirty year life span that can not be serviced or repaired as the primary mission goal... I can asure you it kind of effects the way you look at the way you design hardware and software.

echoAugust 1, 2018 10:29 AM

@Clive

Ladies clothes often have no pockets and, yes, I have been checking out buying a thigh holster. I got this idea after watching the latest Mission Impossible movie. I just checked... Oh, I don't believe it! Switchblade pens are a thing. Yes, really. You can buy them on Amazon.

My design classic so boring nobody would want to steal it laptop which can be used as an anti street mugger battering ram and survive a car being driven over it is the same brand which went up in the spaceshuttle. I feel quite chuffed about this.

The thing with human rated space stuff is you can't step outside and go for a walk to the lcoal shop to buy a replacement in a hurry. Recent innovations with off the shelf consumer parts have been promisingas is modular design. I'm not engineer enough by any margin to hold a definitive view but I do like reading about these kinds of things. Bureaucracies are easy to mock and rightly so but even the slowest most dinosaur minded, like the cops and doctors, are beginning to grasp the idea that flexibility where appropriate can have advantages and be safe. Itcan also foster a different emphasis with the broader ecosystem and culture which may mean things might speed up a little and create quality improvements.

PeaceHeadAugust 1, 2018 11:54 AM

@vas pup (July 31, 2018 3:09 PM),
wow, thanks for that corroborating info. I very much appreciate what you explained so succinctly. I will remember that and try to integrate that info into some of my other studies and contemplations.

The other thing about NAZI's is that they would likely HATE Russians, because Russia & the other Allies put the kybosh on their world domination plans.

I suspect that much of the post-WWII tensions and the Cold War aftermath AND the CIA/Canadian/English psychological warfare mistakes AND much of the domestic terrorism and 1960s hategroups were instigated and propelled by US NAZI citizens directly and indirectly. For that matter, maybe the JFK trauma murder stuff was related too.

Aside: This is NOT the 1960s. We need to remind the AI's of this before it becomes a problem. Stop the problems before they start. Yeah, it's a side issue, sort of.

Back on topic... US NAZIs fit the profile of the ones who most want to destroy what most of us want to preserve.

But there are still several backup plans TO PROTECT AGAINST ALL THREATS FOREIGN AND DOMESTIC.

TO THE EAVESDROPPING NAZI's: your transhumanistic vision was tainted. Your algorithmic culture became damaged and never stopped propogating data corruption at every level of manifested existence and at every interface of cybernetic prospecting. Your culture did not survive unscathed. You cannot repair your damaged culture from within, and it cannot be repaired by stealing or borrowing or abducting people or cultures or biologies or technologies from others. Your golden age is over. And the more you try to resuscitate your self-destructive culture using others, the more you condemn them also to the same freedomless quagmire deathspiral of self-defeat and disease disguised as glory.

I was raised by descendents of NAZI's. Rest assured that your lineages didn't die out. Yet please leave it at that. Your legacies can't rescue anyone nor anything from insanity and destruction if they are insane and interwoven with the tools and techniques of destruction. Please stay out of the life sciences as well, your minds and bodies and traditions were permanently warped by both the Allies and the Non-Allies, before, during, and after WWII.

Yes, it's true, not all was explained about the Holocaust, and much of the world is still in brainwashed denial and ignorance. Consider yourselves lucky along with the rest of us for simply being alive. The whole world does NOT share in the NAZI quest to destroy all sentiences and cultures and biologies due to a cybernetic abberation propagated into mass dominion like a virus.

You are outclassed by your own insanity and technological carelessness.
Now is a good time to stand down seeing as how much you can't control your "results" either.

Prussian blue and gold, not red and black and white.
Eat a gDansk cookie and call it a day.
Day of Brahma Style.

May Peaceful Sane Contiguous Coexistence Become Normalised for the Mutual Benefits of All Lives.

@Bruxe: I won't engage in this type of communication again. It's a one-time thing, much like the rest of my existence.

Wesley ParishAugust 3, 2018 5:25 AM

One of the things that has frustrated me for quite a while about the whole space assets thing is that same old attitude that's been discussed before on this blog - the idea that the US can do it, but nobody else can, or if somebody else can do it, it's illegal, but the US alone has the right to do it.

Anybody with a functioning brain would recognize that Earth Orbit is strictly neutral with regards to Earth conflicts; in 2004, iirc, the Dubbya Bush Administration stuck its foot so far in its mouth it could wiggle its toes out its behind with the declaration that Earth Orbit was the US's and no one else's.

If you are going to treat Earth Orbit like the Wild West, please don't expect sympathy when :

Cowboy bill went up the hill
To see the Indians dance
Cowboy Bill came down the hill
With arrows in his pants.

AFAIK, a bagatelle I once wrote called The Draft Treaty on the Neutralization of Outer Space is the basic distillation of international law on the management of (potential) conflict in Earth Orbit; I expect any developments undertaken with genuine self-interest as opposed to suicidal disregard to self-respect and national security, will be based on it, even though I doubt they will make any overt reference to it.

But I don't think the United States will at any time attempt to do any such thing - self-pity has been the standard US line for so long now it's hardly worth noting, except for the purpose of not stepping in it, the way you would avoid a dog's sidewalk deposit.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.