Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air Force Looking To Beef Up Spacecraft Network Security

Posted by Soulskill on from the phishing-the-space-station dept.

coondoggie writes "How is spacecraft development — from the space parts supply chain to actual space operations — protected from those who would try to penetrate or disrupt the networks involved in that process? The U.S. Air Force Research Laboratory (AFRL) has put out a call for research to understand that security scenario. They say, 'we are much less concerned about information on the broader themes of cyber-security but rather those that pertain to the mission of the spacecraft, the spacecraft as a platform, the systems that constitute the spacecraft, the computers and their software, the busses and networks within, and the elements that interface to the spacecraft.'"

16 of 31 comments (clear)

  1. Does it have an antenna? by Anonymous Coward · · Score: 4, Insightful

    If you cannot control every single aspect of the spacecraft platform they had better just plan around having been compromised already.

  2. 1st step by Nidi62 · · Score: 3, Insightful

    Don't buy from China, develop and manufacture domestically instead?

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    1. Re:1st step by AHuxley · · Score: 3, Insightful

      That worked well in the Cold War. The NSA, GCHQ produced as needed via a short list of trusted front companies or their own domestic "world leaders".
      This was all good and neat - until the end of the cold war and start of the public war on terror.
      US air and space needs where also well served and lots of cash flowed into domestic producers. Add in the export market to 2nd/3rd world friends and NATO - US profits where good
      The US was still spending but how could your average multi national get limited US spending without a made in the USA/secure/political link to the needed paper work?
      Find a US state in need, local political leaders in need and a small trusted firm in need with all the local security issues filled in and buy in.
      Pump out a lot of paper work at the US gov for any local mil bidding - as a multi national you have the skills - but to the US tax payer your a small 100% US firm getting 'domestic' support in very hard times.
      Now some smart group at the Air Force has finally tracked the huge supply lines - secure US hardware needs are been contracted around the world like car parts.
      So can a gov in South Korea, Brazil, France, Gemany, Spain, the UK, Japan ... work out what the US is doing by watching their top tech exports?
      What the USA do with 99% of an advanced drone/sat/space 'thing' while waiting for news about riots/looting/flooding/banking issues at some distant industrial estate?
      So the US can hope the software is safe at local producers but how much of the "spacecraft as a platform" is now arriving in the US as a box, getting unpacked and been repacked as 100% made in the USA? Joined with a few other imported products and having software loaded might just pass "Made in the USA" laws on a fancy new box to be shipped to a US base/fort/camp?

      --
      Domestic spying is now "Benign Information Gathering"
  3. Sounds familiar ... by code_monkey_steve · · Score: 3, Funny

    Did somebody just now get around to watching Independence Day?

  4. No networking... by Lumpy · · Score: 1

    The Cylons will get in and control all the systems right away if they are networked!

    The NASA guys must be mad if they are even thinking about it.

    --
    Do not look at laser with remaining good eye.
  5. We already have the security: one time pads... by mlts · · Score: 2

    I don't know what rad-hardened storage is out there that can be used, but if security is critical, there is always the good old fashioned one time pad.

    OTPs could be consumed directly for maximum security commands, or used as a way to encrypt a Diffie-Hellman session key generation for stuff that needs less security. The session key can be used without drawing down the random number pool.

    Of course the ultimate downside of OTPs are that when the number pool is exhausted, you are fscked, so trying to use the pool as little as possible is important.

    1. Re:We already have the security: one time pads... by lgw · · Score: 1

      I was very impressed by the security design for the Range Safety Device on the shuttle (the button that makes the shuttle blow up). In addition to the crypto involved, there's a mechanical lock that prevents the RSD from triggering until very close to launch:

      * In order for the RSD to fire, an electrical signal is sent from the computer that authenticates the request to the actual detonation system.
      * The signal path is only closed when a mechanical arm swings into place.
      * The arm is swung into place right before launch by a servo motor, but a large pin blocks that until fairly late in the countdown.

      So all the hacking in the world won't do anything until both a totally separate system creates an electrical connection, and that system is safe until a technician pulls a physical pin to arm it. Three factors, one of which is entirely human. That's a well thought out lock.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    2. Re:We already have the security: one time pads... by DerekLyons · · Score: 1

      If it were possible, I'd moderate you -5 "completely misses the point'.

  6. lol by Type44Q · · Score: 1

    How is spacecraft development â" from the space parts supply chain to actual space operations â" protected from those who would try to penetrate or disrupt the networks involved in that process?

    Well, I'd start by asking Gary McKinnon... :p

    1. Re:lol by slick7 · · Score: 1

      How is spacecraft development â" from the space parts supply chain to actual space operations â" protected from those who would try to penetrate or disrupt the networks involved in that process?

      Well, I'd start by asking Gary McKinnon... :p

      Let's ask Aaron Swartz, oh, wait.
      How about Kevin Mitnick, oh, wait.

      --
      The mind conceives, the body achieves, the spirit manifests.
  7. Mars, Bitches! by PopeRatzo · · Score: 3, Insightful

    Somebody's looking for a big bump in military spending, I think.

    I wonder how high the percentage of Air Force brass that end up working as "consultants" in the defense industry to supplement their pensions from Uncle Sam? I wonder what they're expected to "deliver" to their new employees for those fat consultancy contracts?

    --
    You are welcome on my lawn.
    1. Re:Mars, Bitches! by PopeRatzo · · Score: 1

      Sorry, last sentence should read "employers" not employees.

      (see: Brent Wilkes)

      --
      You are welcome on my lawn.
  8. Some ideas by me useful towards space security by Paul+Fernhout · · Score: 1

    From 2011: http://it.slashdot.org/comments.pl?sid=2368162&threshold=0&commentsort=0&mode=thread&cid=37016386
    "Twirlip: Towards a 21st Century Worldwide Public Intelligence Desktop Platform for Collaborative Sensemaking, Analysis, Risk Assessment, and Horizon Scanning"

    Around them, I also put together another proposal to collect and organize stories about security issues as a modernized "Risks Digest" using software like my wife desiged my wife wrote called "Rakontu":
    http://www.rakontu.org/

    Another spin on that from this month:
    https://www.newschallenge.org/open/open-government/submission/civic-sensemaking-by-working-with-stories-using-rakontu/

    With some more code links and a video here:
    http://twirlip.com/

    See also:
    http://www.phibetaiota.net/2011/09/paul-fernhout-open-letter-to-the-intelligence-advanced-programs-research-agency-iarpa/

    From 1999 to NASA, some ideas about rethinking our manufacturing infrastructure systematically and in an open source way:
    http://www.kurtz-fernhout.com/oscomak/

    And also to DARPA in 1999:
    "DARPA Progam Manager Position on Self-Replicating technology"
    https://groups.google.com/forum/?hl=en&fromgroups=#!msg/virgle/feS-LaqnFyM/z0sqkvvCx2QJ
    "We of course need to minimize military tensions around the world through arms control, international aid, and setting a good example. This delays the culmination of these other trend to war, but in my opinion will not prevent them because of ever-present potential for a small group of unstable people to use weapons of mass destruction. ... I also don't think we have a significant choice. Such self-replicating and self-repairing systems will be developed eventually anyway, if only from commercial competitive pressures. The only thing we can do is slow down their development. Yet that has its own risks of our current infrastructure being overwhelmed by current weapons of mass destruction or sophisticated terrorism. Also, should such self-replicating technology be developed first clandestinely by an oppressive regime, the consequences for the United States could be disastrous."

    From 1987 for grad studies on improving security via self-replicating space habitats:
    http://www.pdfernhout.net/princeton-graduate-school-plans.html

    A long string of failed proposals. :-)

    Well, at least I can still try to promote great ideas by others that have met with more success: :-)
    "A Conceptual Framework for System Fault Tolerance"
    http://hissa.nist.gov/chissa/SEI_Framework/framework_1.html

    And I can keep on working towards those other ideas as very limited spare time permits.

    I guess I am mostly just a creation of 1960s-1970s TV about our future in space -- to keep banging my head against the wall of space and security for decades? :-) Star Trek, The Starlost, Space 1999, Silent Running, Battlestar Galactica, Buck Rogers, Lost In Space, Thunderbirds, and so on... And way too many sci-fi novels. :-)

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  9. keep the prefix command code secret by CaptainPhoton · · Score: 1

    If the enemy does not know the prefix command code of our spacecraft, then they cannot remotely command it to lower its shields.

  10. Attribution works here? by manu0601 · · Score: 1

    Unlike other cyberattacks, that one probably needs the attacker to show up. You need a good antenna, which I suspect is visible from spy satellites. If attack can be attributed reliably, then ballistic defense is possible.

  11. Don't you need a spacecraft.... by Dareth · · Score: 1

    Don't you need a spacecraft....before you can even consider how to secure its communications?

    --

    I only look human.
    My mother is a halfling and my dad is an ogre, so that makes me an Ogreling