Subscribe
Share
Share
Embed
We are moving into a new space age, one that's about commercialization and scale. Access to space is getting cheaper by the year. We have this opportunity now to define the cyber and network architecture of New Space.
Cybersecurity in space! Join us as we talk about protecting assets in space, hardening existing assets, and models for the new space ecosystem. Hosted by Dave Pearah, CEO of SpiderOak and SpiderOak Mission Systems.
Dave Pearah (00:00):
Hey, everyone. Welcome to the Zero Trust for Zero Gravity Podcast, your source for all things space cybersecurity. I'm your host, Dave Pearah, CEO of SpiderOak and SpiderOak Mission Systems. This week, we'll be interviewing our special guest, Jonathan Moore, who for those of you who may know is our chief technology officer here at SpiderOak and Jonathan and I have worked together for a couple years. But for those in our audience that don't know you, why don't you give us a little bit of your background?
Jonathan Moore (00:29):
Yeah, thanks. Yeah, I mean, I came to SpiderOak because I've had a lifelong interest in the civilian applications to cryptography and how we can really move forward high assurance security using cryptography. When we started working on the technology we have now, I realized that this stuff we were building for our collaboration product fit really well into some of the problems I saw in aerospace when I had been working there at a new space company called Planet. So that led me to really think about these kind of technologies we're building and deploying. So I have this nice combination of background of application security, cryptography, and aerospace that I think is the mix that let us really get into this field.
Dave Pearah (01:20):
So when I joined the company two years ago and you and I met for the first time, I'm not even sure if the word space really ever came up. It was just something that you had done in your background. So what led you and perhaps SpiderOak back into space? I'm just curious how that journey happened.
Jonathan Moore (01:40):
As you know, it was really driven by the market. I mean, I had some experience and we had another employee who's since moved on, who also had some experience. So we had that inkling that the market might care. We went out and asked, they really said, "Yes, this is a problem we have." A lot of that to do is not because space has legacy problems they're desperate to solve with new technology, but because we're in a transition era where we're moving to a new commercial era of space and of scale that necessitates new solutions to the security problems that arrive.
Dave Pearah (02:25):
Well for those in our audience that don't know a lot about space, and I still count myself as one of those folks, could you paint just a quick picture of what is the current state of cybersecurity in space as it is, before we jump to what would you like it to be?
Jonathan Moore (02:44):
Yeah. Well, as it is today, it's a very vertically integrated model. Most people build and operate their own equipment, and especially if we're talking about orbital satellites, if we're talking about satellites, things in orbit, usually you maybe will pay a vendor to build the satellite on spec and you'll pay somebody to launch it, but then you'll operate it even if you use a commercial ground station provider. And those operations are all very 1990s where you had sysadmin who was responsible for a server, they'd log into the server, they'd edit config files, they'd maintain it very much. Satellites, they take passes, you have the operator on the ground station running the pass, making sure that everything goes well. And it's a very well fed and cared for pet that you take care of.
Jonathan Moore (03:42):
But now what's about to happen is what happened in the IT world. So we had that vertically integrated world where you had hand operations, a small number of people you trusted who you knew, who you hired. And now we're moving to what's happened in IT in space where we don't... sysadmins don't log into servers anymore. They edit YAML files that orchestrate clusters and individual servers aren't aren't pets anymore. They're just another part of the system that's [inaudible 00:04:17]. And if a server crashes, you don't care. There's another one.
Jonathan Moore (04:20):
In aerospace, as we go to this new era of commercialism and scale, we're seeing those same kind of operations where you have a handful of operators who operate tens or hundreds, or even thousands of satellites and do so because they're managing the orchestration, not the individual running of satellites. And so the traditional way is individual satellites with individual operators who know these things intimately. And the new era is large constellations of homogeneous or heterogeneous satellites, which are operated entirely by automation.
Dave Pearah (04:59):
Yeah. One thing I'm always struck by is it's not just vertically integrated in terms of the operating of these things, [inaudible 00:05:06] can't talk to all the constellations, it talks to only that particular operator. So how important is it that satellites interoperate anyway? It just seems like the whole ecosystem is designed to be, if not from a manufacturing and supply chain standpoint, vertically integrated, but at least is it important these systems be interoperable, much like terrestrial networks are?
Jonathan Moore (05:32):
I think that's something that we're going to see shake out. I mean, I think eventually likely my suspicion is the answer is yes, but not for traditional interoperability reasons. It's because, so if NewSpace is this commercial space era, one of the things that private capital wants to do is not be frozen in place for a long time. When you invest in a space startup, you'd like to see revenue and a return on that investment as soon as possible. And that's really going to push these new commercial space companies to really look more at integrating both operationally and in the construction of their satellite from parts from more people, and they really broaden that supply chain. And so I think if you're able to have that interoperability, it will make your operations more robust, more agile, and lower overpay.
Dave Pearah (06:28):
So for those not familiar with how cybersecurity actually happens today, I mean, if you just Google, and I've done this, cybersecurity, it's not easy to find a primer on in 60 seconds or less, what are the key ways people actually try to protect data [inaudible 00:06:47] in motion? So for our audience, what are the two to three ways or however many people use to protect their satellite systems?
Jonathan Moore (06:58):
Well, I think the key thing is traditional approaches to security are about putting controls around data, whether that's putting a encryption on the link that the data's going to traverse, putting a armor around that data on the link or encrypting it at rest, putting in some armor on that disc. The controls are outside and very often, very far outside. If the protection of whether somebody can read a file is dependent on their role... On a file server is dependent on their role in some active directory on another server, the distance between the data you're protecting and the control can be logically very far.
Jonathan Moore (07:48):
We've seen a reduction in that. The move to zero trust networking was the move between putting the controls at the organizational perimeter, to pulling those controls back and around the application. But that still leaves a big distance between that control at the edge of the application or sometimes implemented in it, and the data as it sits there resident. So that's the same kind of thing we see in space where we encrypt links, we encrypt data, but the overall authority in the system still tends to be fairly centrally managed.
Dave Pearah (08:26):
Which I suppose is the opposite of what zero trust is going for?
Jonathan Moore (08:30):
Well, I mean, zero trust is really about moving the network perimeter to be smaller or the security perimeter. The security perimeter from the organization to the application. As you know, our mission here is to move that perimeter all the way to the data record where we implement our controls entirely cryptographically, not just transient in motion, but all the controls that protect things at the end are implemented cryptographically at the record layer or the file layer level so that you don't have these gaps.
Jonathan Moore (09:06):
If you are doing encryption in transit and I send it to a server and that server forwards it to another server, you could have a decrypt and re-encrypt at that point. Or when I send it to the server, it decrypts it off the network and re-encrypts it to the file system, but there are those gaps where data is encrypted and de-encrypted. If instead you use an end to end model like you'd see with a popular app like WhatsApp or Signal, would encrypt the data from one device all the way to the end with no decryptions in between. We've taken that idea, but said, "Hey, could you actually implement more traditional controls like role-based access controls, or attribute access controls with that same end to end model?" We found the answer is yes.
Dave Pearah (09:51):
So why not just use applications like Signal or WhatsApp over satellite networks because the satellites are just a dumb internet anyway? So, I mean, this is an argument I hear all the time. So just let applications handle their security and you don't need to have anyone in the satellite ecosystem or supply chain participate in or need to care about cybersecurity, just like they don't seem to care today.
Jonathan Moore (10:15):
Well, I don't think it's fair to say they don't care today. They're just taking a traditional approach to it, which I think isn't aligned with the adversarial environment we exist in and doesn't scale. To push on that point just a little bit, which I know is not your question is the other way to look at it is we're still using the security model of a bunch of private disconnected networks and the other part of NewSpace is we're about to connect everything together. We did that with IT networks where we took IT software and IT networks and we connected the whole... all those networks together there to form the internet. And all of a sudden we found out that the assurance level of our controls was woefully inadequate and is still inadequate, as we can see by the regular data breaches and ransomware attacks to prevent persistent global adversaries from breaching those controls.
Jonathan Moore (11:15):
So we're at risk of doing the same thing in space, as we scale up, as we interoperate, as we try to have hybrid architectures and broad vendors. We're about to take the same controls that were reasonable on our protected small individual disconnected networks, our private networks, and globally connect them together. And I think [inaudible 00:11:38] going to find very quickly that those controls aren't adequate.
Jonathan Moore (11:42):
And now to the why not you a Signal? I mean, well those kind of protocols, Signal and TLS, and they're all great, but what none of them tackle is how do you actually manage authority and keys in a dynamic environment? Signal's great for my personal communications, because I get my family on Signal and we can all use it and we know who each other are, but I don't have to worry about a new brother that nobody told me about that all of a sudden needs to communicate with me, but is part of my family. Where in a more dynamic environment, you're having new nodes enter and leave, and you need to be able to manage those roles and dynamic [inaudible 00:12:24] in a much more agile way.
Jonathan Moore (12:26):
So I think, again, Signal is great for small networks, but it doesn't scale because it doesn't have any solution for managing that identity overall. Another approach we could take is with the Web PKI where we have this global scale hierarchy PKI, but that's also proven to be fairly insecure and that technology doesn't even have any solution for assigning roles and has very poor solutions for revocation when things become breached.
Jonathan Moore (12:58):
So I think we've learned a lot of really good lessons from that area, but it doesn't allow us to have this kind of dynamicism we need. And I think too, it doesn't segment authority very well. So some data you might want the ground station to have, like about telemetry to manage the path. It needs to know something about what's happening on the satellite, maybe even needs to send some control data up to the satellite, commands to the satellite, but it doesn't need to ever have access to the results of any observations or measurements that the satellites made from their instruments, their payload instruments that is.
Jonathan Moore (13:40):
I think it also fails down besides the... So you have dynamic environment and agility. It also fails down in its ability to segment data and provide just the access required. I mean the fundamental problem we're really pushing against here in security is that our architectures we deploy today don't really implement the principle of least privilege. Any application you run in your computer as you, runs with all your privileges. Why is it that your calculator only doesn't connect to the internet or read random files on your computer? Because it wasn't programmed that way. There's actually no control in place to stop it. That's the kind of thing we need to fix. And just applying something like Signal doesn't really solve that problem. It's a great bit of technology, but it doesn't really solve the fundamental problems at play.
Dave Pearah (14:31):
Yeah. But what you're describing really isn't unique to space, right? I mean, this is a problem of terrestrial networks where we get hacked all the time and no one seems to care. And again, I'm exaggerating to make a point, but we seem to think that this is just normal now on the terrestrial side. What will create a sense of urgency to not repeat these mistakes in space?
Jonathan Moore (14:56):
Well, I think there's two important points there. One is that I think, although there is a long legacy and heritage to the way we operate on Orbit, the truth is, is that NewSpace is upending that table and writing new rules. So on some levels we do have a bit of a greenfield opportunity here and we don't have metastasized solutions that are very hard to replace. So that's one aspect is because I think there's more willingness to solve these solutions because we don't have solutions to these problems in space cyber. And I think the other side of that is that the cost is higher. I mean, in the end, if every server in your server room gets hacked, you can go then there and replace it and it's going to be a pain and it's going to be expensive and it's going to cause downtime, but you don't have to get it to orbit.
Jonathan Moore (15:49):
And I think that's really the challenge. We've accepted that if you have a total compromise of a computing device today with the assurances that our hardware provides, you can't really completely trust that device ever again. And so what do we do when that's on orbit? I mean, are we just going to abandon the assets set in space? We might have to. What's the timeline for you getting a new spacecraft up there to provide the same capability? Right now it's months, if not years, depending on what it is. So we really have to work a little harder to prevent those compromises because replacement is harder.
Dave Pearah (16:30):
Well, what kind of attacks do you think will happen? It's kind of we don't want to motivate activity or change by fear, but we see everything happening on the terrestrial side and the range of attacks that happen. What do you think's going to be happening now with these growing constellations of satellites over the next few years? What are some of the biggest cyber threats that they're going to be facing and you think we'll be hearing about?
Jonathan Moore (16:55):
Well, I mean, I don't have a crystal ball and this is all new. So I can't tell you what the future is going to hold, but I don't think it's hard to imagine that we will see campaigns that are potentially designed to deny capabilities either by foreign adversaries or criminal organizations. I mean, when's the first case of ransomware and space going to be? I mean, if you have a multimillion dollar asset floating up there and I can take it over and deny you access, I've got some pretty good leverage there. Then also, just denying capabilities. I don't want you looking over my shoulder or I want to even temporarily deny capability during some event that it's useful for me to reduce your information.
Jonathan Moore (17:52):
So I think that's certainly plausible. I think if you look at it that cyber is a really... From the standpoint of an adversary who's trying to deny capabilities as part of a larger campaign, that cyber is a great way to go because where... Certainly we've demonstrated over the last years that you can go have a rendezvous with something in orbit, you can fire a laser or a rocket at something in orbit and destroy it. It's going to be a lot quicker and easier if I can just hack everything. And the advances in software-defined radio and telescopes and all these kinds of things have meant... Telescopes are important for knowing where the satellite is and when you can talk to it. It really means that there's a lot of stuff that's vulnerable up there and it's a really cheap way for the adversary to take a first step, and one that also for the adversary often has the advantage of making attribution hard.
Dave Pearah (18:58):
Well, we're coming up on the end of this episode. I just wanted to open it up to you, see if you add any final points that you wanted to make?
Jonathan Moore (19:06):
Well, I really, just to reiterate what I said before, we are moving into a new space age, one that's about commercialization and scale. Access to space is getting cheaper by the year. Cadence of launches are increasing. There's going to be more and more commercial opportunity in space and I think it's really a... And we have this opportunity now to define the cyber and network architecture, NewSpace. And I really think we should take advantage of that and look at the mistakes and lessons learned from terrestrial data and IT networks, and attempt not to repeat them on orbit.
Dave Pearah (19:46):
What era of technology are we using right now in space? I'm curious. Are we talking about eighties technology?
Jonathan Moore (19:51):
[inaudible 00:19:51] NewSpace is out there now. You look at some of these new providers and they are using commodity hardware, but a lot of what we still use is heritage. I mean, I'm not up to date on what traditional space is doing these days. My experience in aerospace was in a NewSpace company, but I can't speak for exactly what's being launched today. But I do know that when we launched Hubble in 1989, we launched it with core memory, which had been replaced in commercial network in the seventies or terrestrial hardware in the seventies. So at that point we were 30 years behind. I'm not sure how far it's caught up since then.
Dave Pearah (20:38):
Well, that's all the time we have for today. I want to thank Jonathan Moore, CTO of SpiderOak, for joining us today. And we look forward to seeing you all on the next episode of the Zero Trust for Zero Gravity Podcast. Thanks.