Cyber-Security, Aerospace, and Secure Satellite Communications - Evolving our Approach

The satellite communications (satcoms) sector is a prime example of a complex aerospace cyber-physical system. To provide a secure, robust communications capability, satcoms systems are designed to implement defense in depth from targeted attacks and component failure as well as operate effectively in harsh environmental conditions. Due to the prohibitive cost of replacement, satcoms spacecraft are frequently designed with lifespans of over a decade and must provide a continual service – where any downtime is seen as unacceptable. Recently, several international governments have developed cyber-strategies that go against the traditional ‘quarantine, resolve, remediate’ methodology. For example, the United States government now requires the continuation of operational capabilities as a priority – over and above that of the isolation and quarantine of systems that may be impacted in a cyber-attack. This new approach will require not only multiple levels of redundancy and a structured approach to cyber-defense, but multiple information and service pathways that use independent protocol and vendor pathways to provide ongoing operational capabilities. While new cyber-strategies are requiring systems architects to rethink their approach to cyberdefense, there is actually no cause to re-invent the wheel. Effective lessons can be learned from a satcoms industry that has faced such requirements for many decades. Indeed, the Aerospace domain is, by its nature, required to produce systems that are designed to survive the simultaneous failure or attack of multiple components. For cyber-strategists and systems architects, this requires a shift in thinking away from the protection of information and towards the continuity of service. In this paper, we present a methodology, adapted from aerospace practices, that facilitates the design of systems designed to provide continuity of service even while under attack. We also leverage established best practices in the cyber-security space and suggest enhancements to common methodologies found within the aerospace industry. For example, due to complex mission-critical requirements, legacy interoperability and multiple vendors, aerospace projects are frequently resistant to implement recommendations from penetration tests – as such changes require extensive retesting and validation. We believe, and demonstrate proof-of-concept, that our presented methodology will enhance both the resilience and security of traditional cybersystems, as well as aerospace cyber-physical systems – and that this approach can minimize associated time, resource and cost expenses. We conclude our approach by the application of our methodology in various hypothetical, and tangible project architectures, and compare this to traditional approaches. As a final note we suggest that all industries in engineering and technology would benefit greatly from this cross-discipline approach to evaluating cyber-security early within the educational process. Introduction As we advance in the information age we are increasingly aware of the threat that cyberterrorists pose to United States government and military networks around the world. In the past, information technology did little more for the government than to aid government offices in administrative tasks, but has now become a critical part of military operations globally. The U.S. military cyberspace infrastructure is made up of tens of thousands of networks and millions of computing devices many of which are located internationally . Our forces need to be prepared to face ever-aggressive enemies in this new warfighting domain. It has come to the attention of the international community that a proactive approach to protecting cyber assets is necessary, and many nations have published publicly available cyberstrategy documents outlining their approach to cyber-defense. . U.S. executive order 13636 was given in February 2013 by President Barack Obama who addressed the need for “Improving Critical Infrastructure Cybersecurity” emphasizing the need for a collaborative and incentivized framework to be adopted in government and commercial entities understanding that we are severely underprepared for the threats that cyber-attacks pose to the United States of America . This framework was released in February 2014 and encourages the development of policies and procedures that, at their core, are built to identify, protect, detect, respond and recover from cyber-attacks. While this framework addresses what needs to be done, it does not specify the techniques or technologies that should be implemented to realize its potential. We need to discuss how we can better approach cyber-defense to maintain national security. A fresh look at cyber-security practices is necessary as we evaluate recent attacks that have been realized against large corporate firms. In the past, response to a security breach often involved isolation of the effected system which was then cleaned, reimaged or otherwise recovered before introducing it back into production. In the meantime, a backup or redundant system took the load of the compromised system. This common solution may no longer be a sufficient incident response method as we move into the future. In December 2014 Sony Pictures Entertainment (SPE) was attacked by a hacking group who identified themselves as the “Guardians of Peace”. This organization was confirmed by the Federal Bureau of Investigations (FBI) to be associated with the North Korean government. Given this and other state sponsored attacks that have occurred within the last several years, we can project that state-driven cyber war is likely in the near future. Given the nature of the Sony attack we can see how a ‘quarantine, resolve, remediate’ approach to recovery from cyberattacks would be ineffective. According to the FBI press release given December 19, 2014, not only was a large amount of sensitive data stolen from SPE but, “The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.” 5 Attackers have proven that they have the capability to perform large-scale operations against high-profile targets. With these capabilities it is not feasible to assume that a plan to quarantine compromised systems in wake of a cyber-attack while maintaining service availability will be a possible recovery method in the future. We must find ways to maximize availability of services even in the midst of a cyber-attack. The understanding that we need a more robust cyber-strategy with an emphasis on maximizing availability is not new. In 2010 General Charles Shugg, vice commander of the 24th Air Force unit stated, “We want to make sure cyber is integrated into the operational planning process from the beginning. We’ve got to learn how to fight through cyber-attacks.” 6 Given this requirement to maintain continuity of service in the midst of cyber-attacks, efforts are being made to adopt new practices that will allow us the resilience necessary to achieve this goal. However, in our search for cyber-security best practices for availability we do not need to reinvent the wheel. In the following sections we will discuss how effective lessons can be learned from the satellite communications industry which has faced such requirements for many decades. By applying practices adopted by the aerospace industry, we will develop a methodology for cyber-strategists and system architects to make availability a priority over the protection of information and in the end be more effective at achieving both. Our goal is to think outside the box of current cyber-security practices by considering satellite design and defense mechanisms. These will contribute to our cyber defense strategy so that we may become more effective in implementing a new cyber-security methodology. Satellites as a Cyber-Physical System Satellite communications (SatCom) technology has existed for almost as long as electronic computing. These complex cyber-physical systems are not the most commonly understood network devices within the Information Technology (IT) domain, but they have evolved an adapted over many decades just as other IT Systems. The aerospace industry has had to develop secure and robust methods of protecting their resources from physical harm as well as cyberattacks. Due to the inability to perform hardware maintenance on deployed satellites, designing and implementing robust systems is key to maintaining availability and service continuity. It is from this legacy of satellite design that we can discover and implement strategies to be applied in other cyber systems. It should also be understood, however, that a great deal of our satellite systems infrastructure is being integrated into the backbone of the Internet and communicating using protocols familiar to IT professionals. We now have television, phone, GPS and internet services provided via satellite links. In addition, ground stations which are crucial to the relaying of satellite signals to their proper destinations are also connected to the internet. This integration of technologies is driving satellite networks into the broader global network of systems which puts them at risk of attack from external entities. Unless cyber-security professionals are willing to take on the responsibility of assimilating these networks into their cyber-security risk assessments satellite links may become a great weakness in our ability to stave off cyber-attacks. We believe that our presented methodology will enhance both the resilience and security of traditional cyber-systems as well as aerospace cyber-physical systems thus evolving our over-arching cyber-security