Space Cyber Attacks: A Wake-Up Call
Tuesday, 14 January 2014
By Dave Majumdar, posted at 7:00 p.m. EST
A former top security official with NASA predicted that it is only a matter of time before a spacecraft in orbit comes under attack via cyber warfare.
“I think we’re headed to have some significant cyber event in space, and it’s going to be a bad day for everyone,” said Phil Bounds, the recently retired official. “I do think we need to get rid of this false sense of security.”
Bounds predicted that until such an event takes place, the space industry will not take the possibility of a cyber attack truly seriously.
Though NASA is starting to understand the vulnerability of its systems to cyber attacks, there are many at the agency that do not fully understand the threat to their hardware, both in space and on the ground, Bounds said.
Mark Maybury, chief technology officer at MITRE Corp. and former Air Force chief scientist, agreed with Bounds’ assessment. “The single largest vulnerability of space systems today is cyber,” said Maybury.
A cyber attack could come in orbit, on the ground or even on the users linked to the satellite. There are any number of avenues for a potential cyber attack.
As vulnerable as government hardware is, commercial hardware is in worse shape because the private sector does not want to be bogged down with security requirements, Bounds said.
Sam Adhikari, vice president of operations and research at Sysoft Corp. and chair of AIAA’s cyber security working group, said that space systems by their very nature have inherently complex interfaces.
As a result of this complexity, they are prone to vulnerability. The trick is to balance security with revenues since extremely secure networks are expensive. “I can build a very secure system, but it is very, very difficult to generate revenue out of it,” Adhikari said.
The industry has to design common security standards, he added. Further, trained auditors must audit systems built to those standards.
Right now, Maybury said that networks are constantly under attack. Most of the time the network operator has no idea the system is being broken into; therefore it must be assumed that the adversary is already inside the system.
A hacker might have any number of objectives once inside the network, including disrupting operations, manipulating data or other actions.
There are various ways to defend against a cyber attack, said Maybury. An example would be to build layered defenses. “There are all sort of ways you can make yourself a hard target,” he said.
One defense would be to rotate Internet protocols continually, said Maybury; there are also many other techniques.
But, Maybury added, people must recognize that they may not know their system is under attack: “Cyber stealth is part of this domain,” he said.