CyberWire Daily - AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
Episode Date: November 18, 2023Buffy Wajvoda is the Global Leader for Space Solutions Architecture at AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting cybersecurity in the space domain.... You can learn more at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS re:Invent The security attendee’s guide to AWS re:Invent 2023- AWS Blog Viasat Deploys Resilient Tactical Edge Capability with AWS- YouTube How We Sent an AWS Snowcone into Orbit- AWS Blog How to improve your security incident response processes with Jupyter notebooks- AWS Blog Supporting security assessors in the Canadian public sector with AWS and Deloitte- AWS Blog Establishing hybrid connectivity within a Canadian Centre for Cyber Security Medium Cloud reference architecture- AWS Blog  Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC- AWS Blog Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Thank you for watching. Welcome to AWS in Orbit.
I'm Maria Varmasis.
We're working with AWS to bring you an in-depth look
at the transformative intersection of cloud computing, space technologies, and generative AI.
On AWS in Orbit, we're exploring not just what's possible, but what's meaningful in the realm of space and cloud innovation.
cloud innovation. We grapple with the complex challenges and unparalleled opportunities that arise when we use space to address pressing issues right here on Earth.
Episode 2, Buffy Wavoda and Securing the Space Frontier with AI Cybersecurity Solutions.
My name is Buffy Wavoda, and I am the Global Leader for Solutions Architecture at AWS for the aerospace and satellite business.
In this episode, Buffy's going to take us on a journey through the intricacies of cybersecurity in the space sector.
Buffy will discuss the unique challenges and solutions AWS offers in securing the space frontier.
She also will delve into real-world scenarios where AWS's cybersecurity solutions are making space exploration safer and more secure and leveraging generative AI to do it.
My journey started about 22 years ago at the National Security Agency.
So I started out there as a cryptanalyst, but quickly got into both signal analysis and signal engineering because I was so fascinated by that.
After working at the NSA for a number of years,
I ended up joining AWS in 2019.
From there, I started the ground station technical sales team,
also known as the solution architecture team.
And then quickly after, AWS decided,
you know, the space is really something that we should be paying attention to.
So there was a number of us who were brought in at the start of 2020 to really brainstorm about
how we could do space better. And then in July of 2020 is when we started the aerospace and
satellite business unit at AWS, for which I started the technical team there as well.
Well, thank you, Buffy. So you are at a fascinating intersection of cybersecurity
and space. Tell me a bit about the need first for maybe stronger cybersecurity in space, but
give some context to this a little bit as well, if you could.
Yeah, happy to. So for starters, cybersecurity for space is a now problem, right? So the space
industry has been growing at an extremely rapid
rate, whether that's building satellites, building rockets, launching space assets,
launching space stations, obtaining space data, or driving insights from space data.
It is the fastest growth in the industry since the 1960s. And because of that growth,
securing space is now being recognized on a global scale, right?
So whether it's the U.S. Space Force, who just issued their infrastructure pre-assessment requirement, NIST giving guidance on how space should use quantum-resistant cryptography, the White House hosting the Space Systems Cybersecurity Forum, the EU expressing interest in setting up a Space Isaac, that's an information
sharing and analysis center, or the Indian Space Research Organization explaining how they fight
over 100 cyber attacks a day. Space cybersecurity is a now problem, and AWS is uniquely positioned
to help space customers understand, identify, and then lastly, automate the mitigation
of those space cybersecurity threats.
There's a really interesting kind of bridging the gap
where there are many organizations that understand
that cybersecurity in space is a high need
at many that you mentioned.
And then there's others where it's sort of like
we're still trying to get people to understand
that this is something they really need to be
paying more attention to.
And I think one of the big challenges is explaining why cybersecurity in space is such
a unique field, so to speak, compared to just sort of terrestrial cybersecurity for the last...
Well, there's a cloud also, but terrestrial cybersecurity.
Which is, the cloud is underground, yes.
Yes, yes.
Despite the name.
So why is cybersecurity
in space so different? I mean, aside from the in-space part, I mean, what is it about it that
makes it so nuanced? Well, it really is the in-space part, right? So when you look at space
cybersecurity, you're really looking at four segments. And some of those are similar to what you would see in a terrestrial
network, right? So you have the user segment, you have the ground segment, which could be similar
to, let's say, like a data center segment. That's where you have your antennas and your operations
and all of that. But space also has RF link and space links in between the space assets.
So unlike like a normal web page where
bad actors only have a couple ingress points, with space you have multiple ingress points to launch
a cyber attack. An example of that, a common space threat that we see at the RF link layer,
which is something that wouldn't affect terrestrial, is GPS spoofing. So the GPS that we all use is completely reliant on satellites.
But let's say, for example, a bad actor sends a rogue GPS signal.
The endpoint user could potentially be using an incorrect map position.
So think about things like automatic cars or military operations.
The effect of that could be catastrophic.
Another thing that's fairly
unique about space, again, because space is so far away, is that the space industry still employs
a large amount of legacy systems and hardware. And those are often very, very complex and hard
to secure using modern methodologies. So for example, on a terrestrial network, you could
always swap out a router. It's not trivial, but it's conceivable.
For space, it's not so easy to just swap out a satellite, let's say.
So that makes it very, very different from a terrestrial network.
Yeah, that's a really fascinating point, honestly.
A lot of things are not just software problems.
Sometimes it's literally the hardware, too.
A lot of things are not just software problems.
Sometimes it's literally the hardware too.
What are some misunderstandings that you commonly hear when people are talking about cybersecurity in space,
especially when we're talking about what's on a satellite?
I think the most common misunderstanding is that space is secure
because it's air gaps, right?
So again, space is really, really far away.
And up until recently, space was a
nation state or a big corporation problem. So to put that in perspective, in 2016,
there was about 1,400 active satellites. So a lot, but almost all of them that were owned by
a nation state and large broadcast corporations. Now, seven years later, there are 7,700 active
satellites. So a 5.5 times increase, a ton of commercial users out there, but everyone still
kind of thinks of space as far away. It's air-gapped. It's hard to get to. And so it must
be secure. It's far away. Just because we have a hard time getting to it doesn't mean information has a hard time getting to it, right? Exactly. Yes. So you've done a wonderful job explaining
the threat landscape, the threat surface, so to speak. And that service is changing so much
because we hear about proliferated networks and also, as you mentioned, the volume of satellites
going into space. So satellites, they're not just talking to the ground, but they're talking to each
other and data is getting shared.
Can you talk a little bit about what that means for security?
Yeah, that's one of my favorite things to talk about, right?
Especially the proliferated constellations that are out there.
So, examples of those are things like Amazon Kuiper or OneWeb or many others. There are several customers out there
who are making giant nets of satellites above our heads
where the satellites talk to each other
and talk to the ground.
So when space networks unify with terrestrial networks,
first off, I want to talk about the importance of that, right?
That is going to be a game changer for the industry
and space is going to become just a part of our everyday lives.
It is where the industry needs to go.
And it is actually going to be a really great thing.
However, as any network becomes more and more connected,
it leaves more and more egress points and allows the network more vulnerable to be attacked.
So right now, for example,
if you want to attack a space network,
you need to get access to that space network.
So you can do that through RF link.
You can do that through, if you have,
I don't know, a space asset yourself in space,
but it's hard, right?
It is hard.
But as those networks become more and
more interconnected into our terrestrial network, let's take, for instance, the use case of the
phone. So phones will have those satellite radios built into them. If there's a satellite radio
built into my phone and I'm a hacker, I'll be able to basically have an egress path to a satellite that is in my
hand, which didn't exist before. So that is where I would say the tricky part of integrating with
terrestrial comes into place. Because right now, the networks tend to be very, very separate.
But as you connect the space networks
with the terrestrial networks,
all of a sudden,
you're going to have more connectivity,
more ingress points,
and space is going to become vulnerable
to vanilla-like cyber attacks.
So think about things like DDoS, for example.
So DDoS being denial of service.
If you have a website, you throw a bunch of
requests at that website, and then no one else can access that website because there's just too many
requests coming back and forth, back and forth. Imagine doing that to a satellite in space. So you
can take out entire comm satellites, you could take out entire Earth observation satellites,
just by sending a bunch of requests to space.
GDOS really isn't something that space deals with nowadays, but in the very near future,
when space and terrestrial is more connected, it is going to be just commonplace for those sort of vanilla cyber attacks to be a part of the space cybersecurity portfolio.
Okay, so what would that look like when that happens?
your new portfolio. Okay, so what would that look like when that happens? I think one of the examples that most people are familiar with is the blackout of Viasat over Ukraine. So that was done through
malware. So the attackers were able to get into just a normal computer system, use a normal cyber attack malware, and basically take all of Biosat's modems.
So it's an example of how once we connect more and more at that terrestrial layer,
you're going to make networks in space more and more vulnerable.
So it's kind of a double-edged sword, right? Where you have these increasingly interconnected satellite networks that on the one hand are more vulnerable because they're interconnected, but then there's also great benefit too, right?
I know for me, one of the things that I personally am excited about, but also want to make sure that customers understand from a security standpoint, is how 5G networks will connect to satellites.
Because one of the things about 5G networks and how they're being used
is to use a lot of new access points on ground like IoT.
But IoT, if it's not configured properly, can be less secure.
So all of a sudden, you have this new access point that you didn't even think about being connected to a satellite and you can trace it all the way back to a satellite.
Yeah, it's so fascinating as you're talking about these different sort of, I love the term vanilla attacks.
Because, no, it's a great description because it's it's one of those things
like there's sort of a there's an allure to being in space there's all this like it's the cool fact
right and yet these attacks can be very for lack of better terminology kind of unsexy but it's just
like it's true space is now vulnerable to let you know i i know it's a bit cliche but you know it's
vulnerable to like the 15 year old you know kid who wants to be a hacker and have his name known or her name known, right?
Because these are attacks that you can use across any layer of the network.
Absolutely.
And I'm so glad that you've laid out that landscape for us.
So thank you.
So we've spent some time talking a bit about sort of the current situation.
And it's like, oh, so much big challenges.
So let's completely switch gears.
What is AWS doing to innovate here
and to help secure customers?
So AWS, I think, is uniquely positioned
to help our space customers understand,
identify, and automate the mitigation
of space cyber threats.
So AWS has over 300 security services.
We support 143 different security standards and compliance certifications.
And we can provide customers to thousands of third-party security solutions
that are already deeply integrated with our services.
So that is all to say that AWS is trying to make security easy.
services. So that is all to say that AWS is trying to make security easy. And so what customers are asking us for is easy and actionable security services so that they can manage their cyber
threats. In addition, I would say that AWS's scale allows for significantly more investment
in security countermeasures. So for example, at the end of August,
AWS security teams noticed a new type of cyber threat,
a new type of HTTP request that was flooding our customers.
And we were able to mitigate that for all of AWS customers because we're continuously looking at our own infrastructure
and trying to bolster security for all customers.
I think AWS has been doing a lot in terms of innovating
in how we think about security.
So the hot topic for a lot of industries right now
is AIML and generative AI.
So we work closely with a lot of customers
to use these technologies to develop new cybersecurity solutions
and introduce the new power of generative
AI. So one of those customers is CrowdStrike. Let's dive into CrowdStrike, what they've been
doing. Can you tell me a little bit about what's going on there? Yeah. So CrowdStrike has developed
a generative AI security analyst called Charlotte AI, which is able to help customers quickly react to new threats
and speed up investigations. And this is all being powered by Amazon Bedrock.
So Amazon Bedrock, if you're not familiar with that, it provides easy API access to a bunch of
foundational models that we have stored in the cloud. So we have foundational models from the top startup companies,
which usually encompasses
large tomes of information,
puts it in a model, vectorizes it,
and then allows customers
to use the creative power of generative AI.
And Amazon Bedrock provides customers
easy API access to those foundational models.
So in the case of CrowdStrike and Charlotte AI, they're using Bedrock to use natural language processing
for threat detection, investigation, hunting, response, all using the CrowdStrike Falcon
platform. Wow. So what does this mean? What does that look like? I'm really curious.
Yeah. So then, so people who are does that look like? I'm really curious.
So then, so people who are using Charlotte AI, so customers who are using Charlotte AI,
can ask security questions of the platform like, what are the biggest risks facing our business critical assets? Or what threat actors most often target us? So again, it's that natural language
processing rather than trying to do a complicated,
let's say, database query, or even if you have something like a dashboard drawing all the lines
through the security processes. Now customers can just ask natural questions like, did I have a
cyber attack yesterday? And Charlotte AI will be able to answer that. So the actions that they
receive are intuitive, and then it also provides actionable
answers on ways to mitigate those risks. In addition, when you think about all of the
training that security analysts have to go through, it also allows your most advanced
security analysts to work on the most advanced problems because now anyone can do sort of the
basic like, where is my security stance today?
And so all of that being powered by Amazon Bedrock
and our financial models,
we're super excited about that.
And, you know, we hope that the solution
that CrowdStrike has made helps all industries,
including the space industry.
That is such a cool story
because I can absolutely see,
I've been in those meetings
where you've got like a C-level executive asking
those exact questions.
And that usually takes a ton of
work and a ton of time to
answer that. It's a lot of digging.
And being able to give that or actually better yet being like,
here you go, here's a tool you can actually
use.
Not to
belittle the skill
sets, but not all C-level individuals
are at a technical level
that is on par with everybody else.
And so now C-level individuals
who are probably very, very busy in their day
can say, how many attacks did I have yesterday?
And you'll get an intuitive answer.
That's amazing.
And it's not within,
and I don't mean it in a mean way, a walled garden.
It's like just the security analysts are super busy people. So they know that those requests are very important, but sometimes they're literally fighting a fire.
And then another fire pops up. And then another fire. Exactly. That is really game changing. I'm
not, I don't want to undersell that. That is huge. Just that accessibility information.
So yeah, here I am fangirling about how cool this sounds,
but I'm very curious what you've heard from security analysts
about what they think about all this.
One of the things that we often hear from security analysts
in terms of getting information out to the workforce
is that they are reluctant to give all of the information to the workforce
because it would inundate the workforce. When you look at the amount of cyber attacks, DDoS attacks, like possible failed logins,
all of it, it inundates people. And while they want to be transparent, they also don't want to
paralyze the workforce, right? So here again, generative AI and natural language processing just makes us all way more accessible, but also way more actionable.
Anyone can be a security analyst.
It's just, but also like people who have a gajillion things to do.
And again, they're usually fighting like 20 million fires at once.
But that information is also so important for a lot of people.
They need to know, they need to have a sense of the company's position on something or how vulnerable are we.
And it lets people who have a specialization do more of that, whereas the general information gets where it needs to go.
I'm just, that's incredible.
Okay.
Anyone ranging from people who are new at a company to executives, will be able to ask very simple,
very intuitive security questions,
get the answers that they need.
And then your highly trained security analysts
will be able to work on the most critical problems
rather than honestly just working on data gathering.
Yeah, and like running reports,
which is the last thing they usually want to be doing.
the last thing they usually want to be doing.
So let's talk a bit about innovation because security is a field
where we always have to stay on top of what's going on.
We got to try and stay one step ahead of the adversary.
Innovation is so important.
Innovation is also what space is all about.
So what is AWS doing in terms of innovation for cybersecurity in space?
So for AWS, security has always been the top priority.
So AWS has been looking at security since 2006.
And I think I mentioned before, AWS now has over 300 security services.
And we continue to add more.
So at AWS, 90% of our roadmap comes from customer requests.
So as we talk to more and more customers, we get the feeling of what they need, whether it is bringing on more analysis and more analytical tools, whether it's bringing on more mitigation, whether it's bringing on more dashboarding, and again, sort of that ease of security. So that's our bread and butter at AWS.
One of the things that we recently launched was AWS Security Data Lake. So now customers can have
a central location to put all of their security information and be able to see it with a single
pane of glass. And that may seem so easy, but when you look at companies where you have finance,
you have HR, you have operations, you have maintenance, those often are stovepipes across
the customer segment. And so getting everything together to make a single pane security picture is really, really powerful.
In terms of space itself, AWS is working with customers and innovating alongside customers
to use the tools that we have and to use the partner network we have, like the CrowdStrike
example that I just gave, to allow customers to secure their space assets.
I'd love to know about the people side of things,
because that's always a challenge,
especially in cybersecurity and in space.
So when we kind of bring the peanut butter and chocolate together,
it's like better together,
but also really hard to find folks who can sort of make that magic happen.
So thoughts on that, about finding those folks,
bringing them in and getting them up to speed.
First off, we do peanut butter and Nutella at my house.
So if you haven't tried that,
I highly, highly suggest that.
Yeah.
In terms of, you know,
spinning up a security savvy workforce,
AWS is broadly committed to working with our
customers, our partners, and governments to improve cybersecurity. So some examples of that
are just upskilling. AWS is dedicated to the upskilling of the type of community
throughout all of the industries to become successful on AWS. So examples of that are our AWS Cloud Institute,
a new program that we just launched where one can become a cloud developer in as little as one year,
AWS Educate with hundreds of free hours of training online, or the AWS Skills Institute.
So at the end of the day, AWS is investing hundreds of millions of dollars to grow our customers' technical skills.
The second thing is how we actually shape the security market itself.
An example of that is how AWS co-founded the Open Cybersecurity Schema Framework Project.
So that facilitates the interoperability of data normalization and security products.
So basically, all the security products can start talking to each other and inform each other.
And through that program,
we've actually made an initial commitment of $10 million
in a variety of open source security improvement projects.
And then the third thing goes along with,
you know, the size of Amazon and the scale of Amazon.
So AWS has the ability to work with governments
around the world to provide
innovative solutions to advance shared goals for bolstering security against cyber and combating
security risk. Fantastic. That's great to hear. It is such a pressing need and we need all hands
on deck, frankly. So that's wonderful to hear that AWS is doing all of that.
I would love to know what your call to action would be for the space community in terms of maybe not just improving their understanding of the need for cybersecurity,
but also empowering them.
So first off, I would challenge anyone who's listening to this
to expand their thinking around what is the space community or the space industry.
So AWS and I personally work with many customers who are essentially space companies,
not because they have a satellite in orbit,
but because of the valuable insights that they get from space.
So whether you're the oil and gas industry, the financial industry,
the government, insurance industry, I would say that
these industries are all space industries. And because space is such a critical part of so many
industries, the time to secure space is now. Second thing that I want to recap would be that
cyber attacks are not a question of if, but when. Cyber is going to happen.
So specifically for space, relying on the old school isolation air gap of space is not going
to be enough to secure space, especially as space becomes more interconnected with our
terrestrial networks. So again, the time to get those cybersecurity plans in place is now.
So let's pivot to the future of cybersecurity in space.
It's very hard to predict where things are going,
but I would love to know your thoughts on where you see things going.
I think that, well, one, the obvious that cybersecurity in space
is a paramount thing to look at, to fix,
to really bring to the forefront of every business.
But for me in particular, I see that as space becomes more interconnected amongst itself,
right?
So satellites talking to other satellites, satellites talking to space stations, and
then becomes more integrated with our traditional terrestrial networks.
And whether that is just connecting to our fiber backbones
or specific sort of service level connections.
For example, satellite helping in bolstering a 5G network.
Once those connections are more and more,
the cyber threat to space is going to become more and more.
And so if I were to look into my crystal ball,
I would say that we have a few examples right now,
a few major examples right now of, say, blackouts over Ukraine or GPS spoofing.
But they are, you know, maybe at least the bigger examples are not...
are not,
the bigger examples hasn't inundated the press
like we have seen
with the terrestrial examples.
That's true.
I think that in a number of years,
take five, 10 years,
I think space cyber attacks
are going to be a normal part of news.
So space is going to become
more ubiquitous. Everyone is going to be using space part of news. So space is going to become more ubiquitous.
Everyone is going to be using space, whether they know it or not. Major telecom providers have
already invested in radios for smartphones so that if you are out of distance from a terrestrial
tower, you will automatically be passed over to a satellite connection. And as a user,
you won't even know it.
You will just seamlessly move from terrestrial to satellite back to terrestrial, and you'll
never know it.
And as more and more of that just becomes just everyday behavior, you're going to have
more and more high-profile cyber attacks in space, and it's going to become a large part
of the media.
And my hope is that before it becomes such a large part of the media and such a large part of,
I guess, commonplace, that space companies are proactive in developing their cybersecurity plans,
using tools like the ones on AWS or through our partner network,
and making sure that they have those security plans
and mitigation protocols in place now.
So Buffy, tell me a bit about AWS reInvent
and what the AWS team is going to be sharing with us there.
AWS reInvent, of course,
is the biggest AWS conference of the year.
And we are super excited to have customers
of all industries come and join us.
Whether you are VPs, decision makers, users,
or just interested in AWS,
please come to Reinvention Vegas.
For the space side,
we actually have eight sessions dedicated to space,
a workshop, and three booth demos.
So a lot of investment in space and a lot of ways that
people can come and learn what AWS is doing in the space industry, and also be able to listen
to customers like Viasat, United Launch Alliance,uffy Wavoda and Securing the Space Frontier
with AI Cybersecurity Solutions. A special thanks to Buffy Wavoda for joining us today.
For additional resources from this episode, check out our
show notes at space.ntk.com slash AWS. If you want more of this content, consider attending
the AWS reInvent conference from November 27th to December 1st in Las Vegas, Nevada.
You can learn more at reinvent.awsevents.com.
This episode was produced by Alice Carruth and powered by AWS.
Our AWS producer is Laura Barber.
Mixing by Elliot Peltzman and Trey Hester.
With original music and sound design by Elliot Peltzman.
Our executive producer is Brandon Karpf.
And I'm Maria Varmazis.
And tune in for a sneak preview of Episode 3,
Accelerating Innovation and Investment at the Space Edge,
on December 5th.
Thanks for listening. Thank you.