Subscribe
Share
Share
Embed
Jonathan discusses the risk to low-Earth orbit from Russia’s successful test of an anti-satellite weapon, and whether the kinetic threat is a big as the cyber one. Are non-attributable attacks in space the ones we really have to worry about?
Cyber Context exposes the story behind the story with information security that increasingly defines our economy. The podcast features Jonathan Moore, chief technology officer of SpiderOak, a leading voice in cyber, software design, and business. Co-host Christian Whiton is a PR guy and former diplomat and banker.
Christian Whiton (00:00):
Welcome back to Cyber Context, featuring Jonathan Moore. I'm Christian Whiton. A lot of news dealing with satellites, which is an area where we want to focus a lot of attention from the cyber realm, but this time, not so much from the cyber realm, but an actual kinetic weapon, Jonathan. From Russia, fire destroys an obsolete Russian satellite in low earth orbit, not so low that it's going to not cause us problems with debris for potentially many years to come. This took people by a surprise. It certainly isn't the first time someone has blown up a satellite intentionally. The Russians probably went first. I was taking a look back and they may have used the kinetic weapon in 1970. Certainly in the 1960s, they were looking at this. The United States somewhat famously blew up one of our own satellites. It was an anti-satellite missile off of an F15, and that was in 1985.
Christian Whiton (00:55):
Then China went in 2007, and blew up one of its satellites. Apparently, a lot of debris from that. India went more recently, making the fourth country to use an anti-satellite weapon, and that was 2019. Apparently, an intentional used a satellite that was in a very shallow orbit so that the satellite and what was left of it, and what was left of the anti-satellite kill vehicle de-orbited fairly quickly. What do you think? I mean, presumably this is not great for the satellite business, the idea of more and more debris. Did this take you by surprise? Do you think this is a big deal?
Jonathan Moore (01:32):
I mean, it's certainly bad for space traffic management and space debris management. I think as you pointed out, India's the only one that's done it really responsibly. I think they were at 320 or 300-something kilometers, at which point, you've got months really before pretty much everything is going to de-orbit if it doesn't have anything to lift it. I think it's a big deal. In fact, that China incident was a big deal back... That was in the nineties, right? Wasn't it?
Christian Whiton (02:06):
They may have done something then, but the more recent test by China was in... I think it was in 2007, is what I have.
Jonathan Moore (02:12):
Okay, 2007, sorry. That's long enough ago. It seemed like the nineties to me. I remember back in the time it was the nineties, that must have been before that incident, mid-nineties, reading an issue of Space Debris Quarterly, which I'm not sure if they're still producing, but that's a NASA publication talking about how even at that time, we transitioned into a regime they referred to as "super critical", where the number of distinct pieces of debris caused by collisions is increasing faster than debris is de-orbiting.
Jonathan Moore (02:54):
So this isn't a new problem that we're in. This is something that we've known about for a long time, which is why it's really disappointing to see countries intentionally pushing this problem further. You know, while we're looking to a future of proliferated [Leo 00:03:15], where we see really big social and economic gains from operating more and more things in Leo, where at the same time, making it harder and harder to operate safely. It is I think tied back also to this whole conversation of space becoming a contested regime.
Jonathan Moore (03:36):
It's now a contested theater that we're seeing people demonstrate capabilities in. I think this is in a way posturing. Russia wants to be a credible player in the states. They're certainly one of the space powers. Even if we haven't seen a lot of really recent innovation, they still have a ton of capability there. Historically, they've been one of the prime players in space. I think they probably did it just to demonstrate they were still in the game. It is really disappointing, and I think it is a real concern. But I think that that does tie it back in a couple of ways, back to our discussion of cyber, which is I think it demonstrates both the question is that when you start thinking about depending on assets in space, and right now they're all information assets, right?
Jonathan Moore (04:38):
We're not manufacturing in space. We're not living in space really. We put things in space because we want them to relay information, and it's all part of sort of data mesh network. I don't know whatever the right term there is. And so when we have to start thinking about like, how are we going to maintain those capabilities, and we start thinking about communications, if we start depending... We depend on the world on GPS now. Our economies wouldn't operate the way they do, and individuals wouldn't operate they do without GPS. We've been dependent on it globally.
Jonathan Moore (05:22):
As we start to push out these global constellations, that's yet another thing where we're getting dependence on, on successful operation and Leo. I think it has very big implications both sort of directly to the capabilities we're building. To flip it around the other side is, if the world does see this as negative, and we really don't want to have these kind of kinetic attacks happen because of the long term implications they have, does that mean that what we're going to see is the next demonstrations by all these players are going to be cyber based? What does that mean?
Jonathan Moore (06:09):
Because is it interesting to demonstrate you can have a successful cyber attack against your own assets? Or are we going to have to see demonstration of power, not by demonstrating a weapon system, but by demonstrating a successful denial of capability of somebody else's asset through cyber? So I think there are some interesting questions there.
Christian Whiton (06:33):
What you say about cyber is interesting, and I'd like to delve more into that. Before that, just a novice question, and incidentally I think you must have been one of maybe 10, 20 young people who are subscribed to Space Debris, did you say monthly? Weekly? Quarterly?
Jonathan Moore (06:47):
Quarterly. It's quarterly.
Christian Whiton (06:48):
Quarterly. There was a [crosstalk 00:06:50]-
Jonathan Moore (06:50):
It was a digital publication, even back in nineties.
Christian Whiton (06:51):
Was it? Okay. You got it. There was an AOL keyword for it.
Jonathan Moore (06:55):
[crosstalk 00:06:55] on the internet back then, but yeah.
Christian Whiton (06:58):
Okay, so not CompuServe. Novice question though, can you armor satellites? Is that going to be... I mean, we talk about just the mass expansion in the number of satellites that's coming true. Exponential growth, even though that term is overused, at least for a little while. I mean, can sweep up junk in space? I assume the geography is just too big to handle. Can you armor satellites against debris?
Jonathan Moore (07:24):
I think this is not an area we're an expert in, but I have some exposure to these questions. First off, the main thing we're doing is trying to track everything in space. We have radars to track pretty much everything about the size of a baseball and larger. We have optical systems looking for other things. There's a large amateur network that also tries to find these kind of un-tracked objects. There are public databases that contain all of the known objects and their trajectories, and get updated regularly. So, we know where a lot of stuff is. Of course, at whatever like five kilometers a second, that this stuff is moving, even something fairly small can have a fairly substantial impact.
Jonathan Moore (08:20):
That is definitely concerning. In terms of removing stuff from space, that is definitely an active area of investigation. There are contracts awarded to work on this problem. I don't know whether how successful it's going to be or not. I don't have a really good feeling of, from the first principles, whether that could work or not. But it's at least interesting enough that it's being funded. I think to get back to your last question of sort of mechanical protections, again I'm not an expert in this, but I think your answer is, you got to stop something that's going around. I think it's five kilometers a second. Fact check me on that. I think that it's about the velocities that we're talking about here.
Jonathan Moore (09:22):
Then after that your question is, what's the weight going to cost me? I've got to put this stuff in orbit. I think we're around currently 15 or $20,000.00 a kilogram to put stuff in orbit. So, all of that stuff is going to cost you additional budget in terms of mass orbit. Also, in terms of your fuel, because if you ever need to do any maneuvering operations, you're going to have to accelerate that mass. I think it's not whether it's possible or not, it's whether it's feasible. Do you want to spend fuel for lift in your maneuvering on that mass?
Jonathan Moore (10:10):
Right now, what we do is try to avoid it. Again, it's the best answer I can give you to that. I think it's... They give you some strings to pull on, if nothing else.
Christian Whiton (10:21):
With the demonstration effect you mentioned. Again, four countries, four nation states that have done an overt kinetic attack. Who knows if someone has used a laser? It doesn't seem like anyone that we know of has used a laser to blow up another satellite.
Jonathan Moore (10:42):
We've demonstrated laser attacks against satellites, I believe. I know it's been done. I'm pretty sure we did it. I would be surprised if other countries haven't, but these space-based weapon [inaudible 00:10:54], it's certainly interesting. Energy-based weapons seem to be maybe more practical in orbit than kinetic weapons if you can get the energies up [inaudible 00:11:03].
Christian Whiton (11:05):
Then with cyber, that does seem to be sort of the growing realm. Do we know of anyone who's done a ransomware attack on a satellite? I'm just thinking today, the Brits, GCHQ, their version of BNSA I gather, put out a report that ransomware is just the growing field, the focus of cyber attacks on earth, at least. Do you think that is the new frontier in space? Is that the first thing we see? I guess it probably wouldn't come from a nation state, but from sort of shady group, someone manages to hold the satellite hostage with ransomware?
Jonathan Moore (11:43):
Well, I mean, ransomware gangs are businesses, right? If the economics make sense, I suspect we'll see one. It's certainly more challenging. I think maybe we won't see one for a while because why would you bother hacking a satellite when you can just do something much simpler? It is rampant. I have a daughter in college. She wrote me the other day to show me a picture that said, "Don't turn these computers on. They've got a virus on them. You're not allowed to use the WiFi. All the websites are down. Don't come to class." Literally, this happened to her last week. Ransomware is an epidemic, and it's increasingly affecting our daily lives.
Jonathan Moore (12:35):
But again, it's a business. So, I have no doubt someday we will see ransomware on a satellite. They're complex computer systems. It's clear that we cannot implement complex software without introducing vulnerabilities. Someday, that will happen. Because of the business nature of it, I think we're more likely to see nation-backed attacks on satellites where there's a strategic objective for attacking the satellite versus ransomware, because the economics are better to just do what they already know how to do.
Christian Whiton (13:12):
In other words, it would not be a shadowy group necessarily, but a nation state that just said, "Okay, we're taking down one of our satellites to show that we can, or one of yours because we are at war with you," and it's just some software mechanism of ruining the satellite.
Jonathan Moore (13:28):
I actually will not be surprised at all to see a government taking down somebody else's satellite just to prove they can. The attribution being as hard as it is, and nations like Russia and China being as aggressive as they are, their postures are different but Russia has demonstrated... As is reported, attribution is hard, but they're willing to use cyber tools against civilian populations to try out capabilities if it doesn't arm them politically or maybe even [inaudible 00:14:05]. We see the attacks against the Ukraine. We see various kinds of broad GPS jamming, or even falsifying, and marine environments that look like Russia is responsible for those.
Jonathan Moore (14:23):
So, why wouldn't Russia demonstrate it's power by disabling somebody else's satellite? We also see over and over again that cyber attacks don't raise the level of traumatic response. So, what's the motivation not to?
Christian Whiton (14:40):
Right. That's interesting what you say. So, cyber attacks don't lead to a kinetic response. That's sort of another way of saying as on earth, when we are attacked by... Let's say attribution is hard. Who knows? Maybe some Chinese are using a [inaudible 00:14:56] keyboard to make it look like the Russians. But in space, do you think that would be the case too, that basically deterrence doesn't really work because it clearly isn't working right now. When you have these attacks occur, there's not necessarily a direct response.
Jonathan Moore (15:12):
Well, I don't know of a case where there has been a nation-backed cyber attack on another nation that has resulted in that nation raising the level of act conflict. We sanction people, right. We make their lives difficult. Certainly, it doesn't make people happy when they can't spend their money or they can't travel out of their nation of origin for fear of being arrested, or we've arrested some people and diplomatically let them go back eventually. It certainly has not been enough of a deterrence.
Christian Whiton (15:57):
You're saying that that spring break and Sochi is not as fun as the South of France?
Jonathan Moore (16:03):
I guess so.
Christian Whiton (16:07):
Are software vulnerabilities in space going to be the same as they are on earth? Let's say I am... The North Koreans, if you look back at the Sony Pictures hack, maybe blur the line between a nation state attacking and some people who want a profit attacking. If you were doing this, whether it's trying to take down a satellite on behalf of a government or on behalf of a criminal group, are the vulnerabilities the same for people who don't live and breathe this every day? What is the access point that you would try first?
Jonathan Moore (16:46):
Fundamentally, the software all has the same architecture, and even moreso. There's containerization in space, and orchestration systems in space are kind of one of the current trends. We're adopting in space the same software architectures and approaches we're using terrestrially so that we can scale in space and using those lessons, but it means we're adopting the same vulnerabilities. Even the software itself is fundamentally written in the same way. I'm sure there are some things on orbit that have used very high assurance processes and are better, but I don't think you're going to find in reality that most of it has put enough effort to protect against adversaries.
Jonathan Moore (17:42):
Even if you look at the ways we've developed high assurance software today, they're meant to validate that it works reliably in the conditions that we intend to operate in. The job of an adversary is almost always to figure out how to operate something in a way it wasn't intended, and push things into the state of un-testing, take those untested paths until you can gain control and get your job done. The thing that they have supporting them in the past is, that the adversaries don't have great knowledge of how to assist this work. There's specialty operating systems. More and more what we see is that we're running Linux servers in orbit, and that all of the adversary's domain knowledge of how to attack Linux is going to apply to Linux in space as well.
Jonathan Moore (18:41):
So, I think the answer is, yes it's different. A lot it is just do have the knowledge required to perform these tests. The less people do, but as we commoditize more, it'll become more standardized and make those attacks easier. It's hard to say. One thing that is sort of maybe riskier is about space, is it's all connected by radios. If it's overhead, I can send energy to it and potentially start interacting with it. It's harder to sort of basically segregate and segment assets in orbit, and everybody knows where they are, they can look up what their past trajectories are, and they're also licensed. There're the frequencies. There's a lot of work on licensing frequencies, so you can find out a lot what frequencies people are licensed to, and you're halfway there to starting to be able to talk to it.
Jonathan Moore (19:42):
I think that's maybe an additional risk that this has, but what it is, certainly growing knowledge in the community of how to use software to find radios to do these kinds of things, and motion control is getting cheaper and more accessible so that it is in reach of everybody who wants to. But the knowledge is still less broad than people who know how to Windows [inaudible 00:20:06].
Christian Whiton (20:07):
That's interesting, because when you think of it, first you think "Wow, these things are in space." That gives you some protection because they're several hundred miles away in a vacuum, when it sounds like that's actually not the case, that in fact essentially they're accessible to everyone, or at least everyone who can send them energy. Just a little more on that and software, you mentioned Linux servers in space. The basic software providers now, are people running Windows in space? Is the firmware another software? Is it basically what you get from the satellite manufacturers, the big guys like Boeing or SpaceX? Or is it highly varied by the type of satellite?
Jonathan Moore (20:52):
I think there's a lot of diversity now. There's increasing standardization. From any particular organization historically, you'd see limited diversity because they want to use flight-proven hardware with heritage that they know is reliable. So, you'll find that a particular organization is likely to use something that they know they've worked before. The example I may have already used last week, or I pull out on a regular basis is, in 1989 [Hovel 00:21:21] launched the core memory. That technology had been replaced in industry for 30 years, but because they knew how to operate it and they knew it was reliable, they still launched with it.
Jonathan Moore (21:37):
It was then replaced a few years later by an on-orbit mission with some RAM, but the fact is, is that kind of shows how deeply ingrained heritage has historically been in space systems. I think that you'll find that a particular organization will use what they know how to use, but there's a large diversity between organizations what they're going to use. Mostly what you're going to find right now is, embedded system. You're going to find basically two things, some embedded operating system or just hand-coded one-off implementation, or people who are moving to a commercially-provided [ARCOV 00:22:18] and/or for a real time operating system, or Linux, or a combination of the two.
Christian Whiton (22:27):
When you think of a lot of information security, you tend to think of well, government has higher needs, legal requirements, but also they're slow to move. They're terrible at hiring people. Almost all the computer scientists in government are contractors because it would just take too long to hire them if they were direct government employees. There're some exceptions, of course. They can't pay them enough in the government, on and on, and on. So, the government sometimes has better systems, but also older technology because of their speed. Is that true in satellites when you think of our security? Is the government in a better position in the private sector? Or are there vulnerabilities across the spectrum?
Jonathan Moore (23:08):
I can't speak for firsthand knowledge for how government systems in space work. That's not where I have experience. I would say it's not even clear if the government systems have better security, anyway. I think there are some areas where they try harder, but I think they're generally under-resourced. Periodically, the Executive Branch decides they need to understand vulnerabilities in the government after a large hack or whatever, and the number of assessments that happen, and then years later another assessment happens, and the exact same vulnerabilities that they found in the previous assessment still are sitting unfixed, that's the norm I believe, rather than the exception. Or at least it's fairly average.
Jonathan Moore (23:58):
I don't think we should believe that the government is more secure. They certainly have a lot of resources to spend, and they have an intelligence defense and high classified areas they're willing to put a lot of effort and man hours, and be careful. But I don't think they inherently write better software. I don't think they have any kind of special ability to write better software. If they're willing to spend more money, they'll achieve. We know how to write highly correct software, high assurance systems, systems with very low defect rates. It's just that it costs 10 or 20 times more than it would cost to create normal quality commercial code.
Jonathan Moore (24:46):
Everybody's budget-constrained at a level, and do you want to spend 10 times sort of the quality of commercial code to get something with a very low defect rate?
Christian Whiton (24:59):
It sounds like ideally you would take that approach. You would address everything in software from... Just employ zero trust in space. The idea that security should be central, not peripheral, and the way you operate yourself, your software, your business practices stem from that. It sounds like that's what you're saying. Is there sort of an interim step that satellite operators could use? If they just used a little better encryption, would that put them in a better space? I guess the flip side of that question is, for systems you think that are pretty open, take a communications satellite, does that use encryption already? Are these things pretty accessible if you have a space radio and want to go after them?
Jonathan Moore (25:51):
There are two questions there. I think, is there something incremental you can do? Do you have to fix everything? No, I think you don't. But you do need to segment, and say "Here are the parts of the system that need to be trustworthy, and have segmented them out from the others." At a level though, you can get a lot of progress done. It's not going to completely solve it until you've got very robust systems where you can sort of wipe the lower trust systems clean from the high trust systems, in a way you really have confidence in. I think there's certainly incremental steps.
Jonathan Moore (26:26):
On cryptography, it's basically going to have to do with the age of the vehicle. If you're going to operate in space, you do so licensed by your nation of origin that you launched from or whatever that you operate under. Whoever's flag you're operating under. They're required to license and manage spectrum as well as police the behavior of the people under their flag. The FCC requires to satisfy your license that you have encrypted COMS. But how good are your COMS? How are well are they managed? What is that encryption? Do you key management well? There's really, as far as I know in my experience, very little really checks. It's a checkbox right now, not a stronger control.
Jonathan Moore (27:23):
So, new things will have encrypted COMs to fulfill their FCC licenses. Is there any real standards on what that means? I don't think so.
Christian Whiton (27:34):
It's interesting. With the idea of flagging as it were a satellite the same way you might flag a ship from its country of origin, I just wonder if that creates a race to the bottom? I guess there's an incentive not to hear sort of unlike in shipping. Once I saw a rickety ship in Taiwan that was flagged in Mongolia, which is a landlocked country of course, and several hundred miles away.
Jonathan Moore (27:55):
I think they are seeing that now. Was it in Uganda? There was, I believe, an African country who recently filed a motion with the UN, or wherever you file it, that they wanted to launch a constellation of 500,000 satellites.
Christian Whiton (28:10):
Wow.
Jonathan Moore (28:11):
Clearly, that's an example of exactly what you're saying. I don't believe that nation state has the expertise or resources to develop and deploy that. There is clearly somebody working with them coming from another nation that has those expertise and knowledge of whatever plan that is. All I know about it is just that the headline of the article... Well, I guess I think I did read the article, but it was very light on details. I don't know about that specific plan, but I think that's exactly the example of that priming you're talking about.
Christian Whiton (28:46):
Right, well it'll be interesting to see. It's like a brave new world. That's all the time we have now for this edition of Cyber Context. If you like what you heard, please subscribe to us and we'll see you again soon. Thanks.