CyberWire Daily - Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Episode Date: July 9, 2023Moez Kamel, Threat Management Specialist at IBM Security, joins us on T-Minus Deep Space for a special edition all about the cybersecurity ecosystem in the New Space industry. You can follow Moez on L...inkedIn and his work at IBM’s Security Intelligence blog. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on Twitter and LinkedIn. Selected Reading Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in the New Space Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges    Audience Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the N2K Space Network. data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game
changer. Within days of signing up, they started removing my personal information from hundreds of
data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team
does all the work for you with detailed reports so you know exactly what's been done. Take control
of your data and keep your private life private by signing up for Delete.me. Now at a special
discount for our listeners, today get 20% off your Delete.me plan when you go to joindeleteme.com
slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindelete me.com slash N2K
and enter code N2K at checkout.
That's joindelete me.com slash N2K, code N2K.
Welcome to T-Minus Deep Space from N2K Networks.
I'm Maria Varmozes, host of the T-Minus Space Daily podcast.
Deep Space includes extended interviews and bonus content for a deeper look into some of the topics that we cover
on our daily program, T-Space Daily.
Now in this episode, I'm speaking with Moez Kamel, Threat Management Security Technical
Specialist at IBM Security and a
subject matter expert on cybersecurity in space. It's an area of growing interest from both a
cybersecurity and a space perspective. So why do space programs need to bolster their cybersecurity
and why now? And what kind of cybersecurity threats are unique to space infrastructure?
Well, Moez will walk us through it all in this interview.
First, he's going to give us some helpful context
into why it seems like we're all talking about cybersecurity in space
so much more now than we used to.
Before we talk about the threats,
I will give a glimpse why we are talking about cybersecurity today in space.
And this also appears with the appearance of the new space age.
So earlier, the space industry was just a nation level domain.
It means that it was just related to two countries, to two nations, the United States of America and the USSR nation.
Also, the space was related to government and defense department.
So the objectives were essentially political and strategic ones.
So then we noticed this paradigm shift in the space industry, which was characterized
by the emergence of private companies and more commercially driven approach to space
exploration and activities. emergence of private companies and more commercially driven approach to space exploration
and activities. But unfortunately, this new space has indeed led to an expansion of cyber threats
for space systems. Today, we have several factors that contribute to this phenomenon,
like geopolitical tensions, growing commercialization and democratization, and
also the limited focus on cybersecurity.
So that's why today we have many cybersecurity threats related to the space system.
Excellent.
Yep.
Thank you for setting that stage.
I appreciate it.
So if we dig more now on the threats related,
the cyber threats related
to space, to space systems.
So if we take a look
at the space system architecture,
so we'll find
three main components today.
We have the ground segment,
which includes all the
terrestrial elements
of the space system
and which allows
the command control
and the management of the satellite itself. which allows the command, control, and the management of the satellite
itself, and also the data coming from the payload, which is transmitted to the users.
The second main component would be the space segment.
So here we are talking about the satellites, and here we can talk also about the tracking,
telemetry, command, the control, the monitoring,
and all the related facilities and equipment used to support the satellite operations.
And the third one is the main component of the space system architecture is the link or communication segment.
So the link segment is all the data and signals exchanged between the ground segment and the space segment.
And we have a fourth component, which is not the main one, but it's included in this space
system architecture, which is the user segment.
So user segment includes all the user terminals, stations that can launch operation, humans,
operators, space operators that can, as I said, launch operations with a satellite in the form,
for example, of signals, transmission, and reception.
That's interesting. Yeah, I don't often hear that fourth one mentioned.
Exactly. So all these, I would say, three main components,
or even the four components of the space architecture,
are targeted today by CyberAttack.
Okay.
So today we can compromise the ground station,
we can interfere with the communication and the signals,
we can attack directly and compromise the satellite,
and et cetera.
So we have many, many threats related to the component.
Most of the attacks today and vulnerabilities
are related to communication link, such as, for example, radio frequency links or the ground segment in general.
So if we dig more on the threads related to each component, so if we begin, for example, with the ground segment threads,
today, we need to keep in mind that breaking into the ground station network will give the attacker access to the satellite itself.
So once inside the ground station network,
attackers can gain access to the satellite
and can perform many types of attacks.
For example, the DOS attack, which is the Denial of Service attack.
It means that we will send many, many requests to the satellite
and we will put the satellite down.
We have also the hijack of the industrial control systems
and the purpose is to control and damage the satellites.
So in the ground station, we have also,
even in the ground station or also in the satellite segment,
we have used many usage of
COTS components.
So today, COTS,
which are a commercial-of-the-shelf
product,
they are ready-made hardware
or software that can be
purchased and
designed to be easily installed
and operate
with existing systems.
So they are a cheap product that can be integrated in the satellite or in the ground segment.
So today, the SpaceCode components, they are the main component that support today the new space technology development.
So with their qualifications, especially for small satellite missions like CubeSat missions.
with their qualifications, especially for small satellite missions like CubeSat missions.
So these components are well known and widely available, and we can find many public information related to their security,
including configuration vulnerabilities and software versions and more and more.
So the usage of COTS today is very risky,
and it's one of the vectors or one
of the surface attacks that can
be used by a hacker to
get first intrusion
to the system or to the ground segment.
Right, because if one
vulnerability is found or known that is
maybe unpatched at that point,
then a whole bunch of systems are vulnerable.
So that
scale can sort of be a multiplier there in that case.
Exactly.
The second point we can discuss about the unauthorized access also.
So this attack can lead to the, for example,
to the theft of sensitive data that can be used by the hacker,
for example, against a mission operation.
So this is also one of the threats that the ground segment is facing.
The third one is the data manipulation attack.
So a data manipulation attack, also known as the data tampering attack.
the data tampering attack.
So it's a type of cyber attack where an unauthorized individual or entity
will alter or modify or manipulate the data
to achieve specific goals.
It means that today in the space industry,
a typical use case is to corrupt data
and send wrong commands to the command and data handling, CNDH, which
is a component in the satellite, in the spacecraft.
And the purpose is to compromise the mission.
So this is one of the threats that also facing the ground segment.
We can talk also about the supply chain attack.
So the supply chain attack will seek to harm the space ground segment
by targeting the less secure element of the chain. So at this stage, the adversary, for example,
can take advantage of these vulnerabilities and some exploit. Then it can, for example,
create a backdoor in the embedded system of the supply chain,
for example, of the supply chain microelectronics devices.
So a backdoor that will be created by the hacker will allow him to communicate after that
with the satellite or with this component in the ground signal.
Right, right. So once they get in that backdoor is the best way to put it, obviously,
then if I understand correctly,
then they basically have access to the broader system
if they can work their way in.
So even if you as the main company,
for lack of a better term, have locked down,
if your subcomponent has a vulnerability
that someone can access,
then the access is the same.
Okay.
Also, we have also the computer network exploitation.
So this is a term used to describe the process of infiltrating or exploiting
computer networks for various purposes.
So, or also to gather intelligence about targets to figure out how they work
or how they are configured.
to figure out how they work or how they are configured.
So these also, we have many attacks related to the computer network expectation in the cloud segment today.
And the last one for the cloud segment,
the cloud platform attacks.
The new space era is marked by the expansion
of cloud infrastructure use.
So today we have many organizations and companies that rely on cloud services for
various purposes, for example. And relying on cloud, it means that we will face all the cloud
attacks or cloud vulnerabilities. So the hacker can compromise the cloud asset or the cloud
application to gain access to the ground station or to the satellite itself.
Lots of different ways in this.
We're still just talking about ground at this point.
It's like we haven't even gotten to the other ones yet.
There's lots of different ways in, for lack of better terminology on my part.
My understanding is that many people might think,
well, I'm not a big target or I'm not a big player, so I don't need to worry about stuff like this.
Can you talk a little bit about maybe that perception of people thinking like that's not something they need to worry about?
Or I'm not trying to put fear in people.
I'm just saying like it's a concern why people should maybe who think this doesn't apply to them should actually think twice.
them should actually think twice.
This period when we talk about cybersecurity space, and it's the same I faced in 2014 when I worked on security on SCADA systems and industrial control systems.
When we met industrial operators and industrial companies, the first step is not to present
or to propose the solution that will secure the industrial control system,
but the first step is the awareness. We need to aware people, we need to aware industrial people
that your system is vulnerable and these CADA systems at that time or the industrial control
system is vulnerable and can be hacked by an adversary. So we are facing the same situation today with the space operators.
So today, with this new age or new space age,
the hackers today are more and more interesting
on space systems because of the groundbreaking technology
deployed or because of the commercialization
that we will have or
the private ventures that are deploying more and more maybe applications or many different
type of missions in the space.
So the hackers also are getting more and more interesting to attack these systems.
And also, I think the threats related even to ground segment.
Also, we have threats related to the space satellite itself or the threats related to
the communication.
All of these confirm that today we need to be aware about the cybersecurity space and
to be aware about these cyber threats and the space system design today.
We'll be right back after this quick break.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're
thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs
that are exploited by bad actors
more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI
stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral
movement, connecting users only to specific apps, not the entire network.
Continuously verifying every request based on identity and context.
Simplifying security management with AI-powered automation.
And detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
We talked about ground, and I know ground is the major point,
but for space and link, are there, I mean, those are pretty unique to the space,
not entirely, but those are pretty unique to the space industry.
Okay, so yeah, in the space segment also, we have many threads related to space segment.
And even the space segment, we will talk about COTS component also.
So as I explained earlier,
the COTS are reliable solutions
for space ventures today, especially in the
new space age. So
we can deploy
COTS hardware also, or
what we call also the plastic
encapsulated
microcircuits of electronic parts.
So these components also are
used on board the smallsats,
especially smallsat satellites such as CubeSat. And we have today many vulnerabilities that are
related to these COTS components and can be exploited by adversaries. Also, we have also
threats related to specific components on the satellites. So for example, the GNNC, the guidance, navigation,
and control, because attackers will attempt to compromise the GNNC system for the purpose of
creating wrong navigation data. And the purpose, the big goal is to impede the capability to
navigate. The second component which is targeted by hackers today in the satellite is the SDR. So the software-defined radio, which is a component that will allow the satellite to
communicate with the ground station, so both for transmitting and receiving signals. And the
adversary can send malformed packets to the SDR component to perform the buffer overflow attack and gain unauthorized
access. And the final component also which can be risky and can be targeted by hackers or by
adversaries is the electrical power system, EPS. So why the hacker will be interested in the EPS component?
Because of the limited power of the EPS today in the CubeSats.
So the attacker will be interested just to flood the satellite with unnecessary process to consume this power.
So he led to the outage of the satellite.
So here the threat is not a malicious attack
or something abnormal behavior.
No, he will just flood the satellite
with unnecessary process.
So it will appear like legitimate traffic
going to the satellite,
but this unnecessary process will consume all the power
on the CubeSat and will lead to the outage
of the CubeSat or of the small sat.
Yeah, totally disabling it.
Yeah, yeah, yeah.
Don't need to send a missile to disable a satellite.
There are other ways to do it.
Yeah, absolutely.
Yeah, and you also mentioned the user segment,
which I really appreciate that you brought that up
because sometimes when I look at cybersecurity in space,
that part doesn't come up. And putting
on my old cybersecurity hat for a moment, it's not a pleasant thing to talk about in terms of how
users can be compromised either purposely or maybe even be an insider threat. And I know
it's a slightly different thing, but it is still worth talking about because I know for folks who
maybe are coming from a military or intelligence background,
this is a given, but I don't know if everyone in the commercial space understands this.
So can you talk about that a little bit?
Yeah. As I said, the user segment is the segment which includes the user terminals and stations.
So from this station, we will launch the operation, we will launch the command,
we will maybe communicate with the ground station or communicate directly
with the satellite.
So a hacker,
of course, if you have bad
users or bad
operators working on this
station or on these
user terminals,
it means that it's more easy
for a hacker to send
malformed packet or to send malicious traffic to the ground station and compromise the ground station and the satellite.
So, of course, I think this part of user segment, of course, we need to secure the components, but we need to secure or to do some awareness training to the space operators that are working, that their daily work is in ground segment
or communicating with satellites.
So that's why, yeah,
I think the awareness training of these people
is very important to be aware
about the threats of space systems today.
Right.
I mean, I'm thinking something as,
I guess, unsexy,
but as proliferated as ransomware.
You know, that's not, I don't hear that talked about much, but it's like, it's a real threat.
It can be very disabling. And yeah, so sorry, now I'm on my soapbox.
It's true. Yeah. Also, ransomware today in the space system is a fact also. Especially today, the ransomwares are getting more and more complex, more and more sophisticated. It means that today the ransomware, if it's deployed, it will not give you the time to stop him or to remediate or to get back to the normal status on the machine.
or to get back to the normal status on the machine.
So today also we need specific solutions that will secure the endpoints of the space systems
or the station of the space system against the ransomwares.
So yeah, it's very important also to take the case of the ransomware
and to fight against ransomwares today in the space systems.
And yeah, finally, we have the communication thread.
So the communication part, the link part, the link segment between the ground station
and the satellite also can be targeted by attack.
And today we have many techniques that can be used by adversaries.
The first one, or the very well-known one, is the jamming.
The first one, or the very well-known one, is the jamming. So it's disrupting or interfering with the communication between the ground segment and space segment.
We have also the spoofing technique, which is a more sophisticated interference method than jamming.
Adversaries can use the eavesdropping technique, which is the concept of man-in-the-middle attack.
can use the eavesdropping technique,
which is the concept of man-in-the-middle attack. It means that
the attacker can
be in the middle of a communication,
for example, between
a ship and a satellite for GPS
positioning, for example.
So he can interfere the communication
and send, for example, wrong
information to the ship for his
directions, etc. So this
attack also can be used by adversary.
And the last one, sorry, is the hijacking.
So the hijacking is gaining unauthorized control of the satellite to transmit the attacker's
signals instead of the legitimate signal.
So yeah, here I give you, I don't know, an overview of the threats related to the components
of space design.
Thank you. That was an amazing walkthrough because it is a very multifaceted landscape.
There are a lot of different threats.
And as we talked about, it's people, but it's also a lot of technological issues as well.
And a lot of things are enmeshed, so it can be both at the same time.
The question that I'm sure a lot of people are enmeshed. So it can be both at the same time. The question that I'm
sure a lot of people have that I have to ask is, how do we protect against this? Which is an
extremely complicated answer. So it's like, how much time do we have to get into that? But I mean,
it will depend, I imagine, on specifically what the threat is. But for maybe a space organization
that is beginning their journey on becoming a more cybersecurity-savvy organization.
Maybe we should start with what steps they should take
to improve their cybersecurity maturity,
awareness, and practice.
Maybe we start with there.
Yeah.
Actually, these companies or these ventures need to,
before thinking about the solution
that they will deploy in the system or in the space
system, they need to think about the approach, the security approach first. And today we have,
let's say, three main security approaches that can be applied on a space system. So the first one,
and the most important one, is the security by design. Today, if you have a vulnerable component in its conception,
even if you put many layers of security,
the component will be vulnerable.
So the approach of security by design
is to designing systems with security
as a primary consideration from the outset.
So rather than adding in, as I said, as an afterthought.
So, for example, today, there were many researchers that were carried out on the architecture
of the SDR component, the software-defined radio.
And there are many proposals of new architectures secured by design as a result.
So today, we have many researchers that are working on
changing the architecture of some components on space systems.
One of them, the SDR component,
because the SDR is very important because he will take the role of
communicating and transmitting the signal
between the ground segment and the satellite.
So as I said, the security by design is very important and we need today that transmitting the signal between the ground segment and the satellite.
So as I said, the security by design is very important. And we need today that all the space operators to give more, I don't know, more budget, more people to work on this topic.
Then we have two other approaches.
So the first one is the proactive defense approach.
So proactive defense approach is all the measures and strategies designed to prevent a potential cyber threat to assets or to space system before they can cause harm.
In this approach, we have many measures or technologies that can be deployed, like, for example, the vulnerability management, the patch management to apply software patches
and updates on the space assets, risk assessment also, threat modeling also is very important.
So by identifying the potential threats and attack vectors on space systems,
we have also the attack surface management solution
that are very important to know which of our assets is vulnerable
or is exposed to internet, for example,
and what is the risk related to these assets
from the perspective of the hacker.
The endpoint protection also is one of the proactive
defense approach and it's very important to protect the endpoint because we have today
the user terminals for example or the stations are based on many endpoints so we need to protect them.
Also the security awareness training we talked about that for space system operators. So the purpose is to educate potential space security risk and best practice.
So this is very, very, very important.
And finally, the offensive security assessment.
So including the pen test, including the red teaming campaigns to apply an adversarial approach and determine the weakness in the space system components.
Yeah.
Yeah, for folks who may not be familiar with what that is, as you said, it's the adversarial approach.
It's literally you hire somebody who's on your side who kind of just tries to imitate what a hacker would do.
And it's a great way to sort of figure out if your systems are going to hold up in the way that you hope and find any weak points.
It's a really great program to do.
Yeah.
And the second approach
or the third approach in our security approaches
is the reactive defense.
So reactive defense refers to the approach
of responding to the cyber threats
and attacks after they have already occurred.
So here we have also many technologies
that can be deployed, like the SIEM, the Security Information
and Event Management solution.
For example, this solution will collect, analyze, respond
to security events and alerts from various sources
within the space system components.
We have also the forensic analysis.
We have also the incident response solutions,
and we can also apply a disaster recovery plan.
So here, an overview of the approach that can be deployed
before thinking to solutions.
After that, the solutions, we can have many security measures
that can be deployed.
For example, the signal authentication for the
link segment. And here we can talk about both data level and signal level authentication.
And I think this is the concept of supersonic codes. We can find algorithms today that
authenticate the data and signal level in the link segment communications.
We can talk also about the quantum.
In the quantum, we have the quantum key distribution, which is an emerging technique that relies
on the unique properties of quantum mechanism and will provide a tamper-evident communication, use it to deploy new cryptographic
keys with the unconditional post-quantum security and without direct physical contact.
So this is the method that can be used to exchange keys in cryptography, for example,
to encrypt communication between, I don't know, between two satellites or between ground
station to satellite.
So the quantum key distribution can be a good solution.
And also we have the post-quantum cryptography.
So the quantum safe cryptography includes a suite of algorithms that are resistant to
attacks by both classical and quantum computers.
Also, another point we need to think about the security of standards and protocol usage in the communication especially.
Right. Okay. Yep.
Today, we need to secure some protocols or we need to use some protocols that are dedicated for security.
For example, the Space Data Link Security Protocol, the SDLS.
It's one of the protocols that will have security features. But also we have the
CCSDS protocol stack, which is a set of communication protocols designed especially
for space missions and the exchange of data between the spacecraft and the ground-based
system. So this protocol stack is very used widely in the satellites and even CubeSats, smallsats.
So we need to secure this protocol because I don't know,
the confirmation of this protocol will lead to the confirmation of the
communication between the satellite or satellite and ground station.
And then if that happens, yeah, big problems. Yeah, exactly.
Yeah.
Yeah.
So there's different measures that can be used, that can be integrated in space system
to secure this space system design.
But as I said, we need to think first about the approach, security approach, then think
about the solutions.
Absolutely.
You've given me an amazing walkthrough of the landscape for cybersecurity for space.
And I'm hoping our listeners
have a much better understanding now
and at least a starting point
or a continuation point, hopefully,
they're not just starting up,
but a continuation point
on maybe what to think about next,
because certainly everyone's situation
is going to be different.
Everyone's system is unique,
but there are a lot of different things
and components to think about here.
So thank you so much for walking me through this.
I really appreciate your time today.
And that's it for T-Mine is Deep Space for July 8th, 2023.
We'd love to know what you think of our podcast.
You can email us at space at n2k.com or submit the survey in our show notes.
Your feedback ensures that we deliver the information that keeps you a step ahead in the rapidly changing space industry.
in the rapidly changing space industry.
This episode was produced by Alice Geruth,
mixing by Elliot Peltzman and Trey Hester,
with original music and sound design by Elliot Peltzman.
Our executive producer is Brandon Karpf.
Our chief intelligence officer is Eric Tillman.
And I'm Maria Varmasis.
Thank you for listening. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.