Many thanks to the Washington Space Business Roundtable for hosting a compelling panel discussion offering a current look at space cybersecurity – a combination of two exciting topics that are near and dear to our hearts at W2 Communications. The expert panelists included Erin Miller of Space ISAC, Lauryn Williams with the Office of the Assistant Secretary of Defense for Industrial Base Policy, Dr. Dianne Poster of the National Institute of Standards and Technology (NIST), and moderator Ryan Roberts of Deloitte’s Cyber Risk practice.
The discussion covered critical issues around the proliferation of cyber threats in space, with the panelists offering insights around unique challenges in space cybersecurity compared to terrestrial networks. Here are a few highlights:
- The panelists acknowledged that securing legacy space systems is a major hurdle, given the difficulty and cost to update older, deployed systems needing retroactive security measures. New space technologies should integrate secure by design principles from the start; however, the cost of cybersecurity implementation remains a major concern for new space companies juggling tight budgets. The panelists suggested that governments should consider providing incentives, grants or subsidies to support cyber investments using a risk-based approach.
- In the U.S., there is a push to implement cybersecurity requirements across federal space systems, such as for command link encryption, anomaly detection and secure software development frameworks. Recent Executive Orders have been aimed at mandating updates to national security space policies that have not been revised in nearly a decade.
- The panel discussed the need for clear, uniform security standards for space systems, advocating for countries to work together to establish them. While the NIST Cybersecurity Framework 2.0 offers a strong starting place, at this point most countries are implementing their own unique standards, complicating the issue. The U.S. is actively engaging international partners such as Japan and the European Union to develop unified cybersecurity policies.
- Beyond establishing standards, there is great need for better, more frequent two-way communication among government and industry, and internationally (among friendly nations), about observed cyber threats in space and ways to defend against them. The role of Information Sharing and Analysis Centers (ISACs) was highlighted as a successful model for cross-sector collaboration.
- The panelists also called for furthering prime contractor to sub-contractor collaboration, as greater transparency will ensure security compliance at all levels. There are significant risks inherent in the highly complex global supply chain for space systems, given the vast number of parts required for everything from satellite components to ground stations and user equipment. The Space ISAC has established a supply chain risk management working group that is working on standardized software bills of materials (SBOM) for space industry members to use.
- Of course no tech-centric conversation today is complete without some discussion of artificial intelligence (AI). While AI and machine learning (ML) are being integrated into space cybersecurity for things like intrusion detection and anomaly recognition, the panelists noted there are concerns about the lack of historical space cyber threat data for training the models―these technologies’ effectiveness depends on high-quality data inputs.
- Finally, the discussion turned to the pending quantum computing era, which could both revolutionize cybersecurity and pose a threat to current encryption methods. Panelists urged organizations to prioritize quantum-resistant encryption methods now to prepare for future security threats. In fact, Dr. Matt Scholl, NIST’s Chief of the Computer Security Division and an audience member at the session, was called on for impromptu remarks, noting that in as little as 10 years’ time, quantum could make current encryption methods obsolete. He highlighted the NSA’s 2035 deadline for adoption of post-quantum cryptography across national security systems, and advised that vendors begin preparing right away.
The entire discussion underscored the urgent need to bolster cybersecurity in the space domain through robust policies, collaboration and emerging technologies. While significant progress has been made in establishing frameworks and guidelines, some major challenges remain. Panelists were at least optimistic about the growing global community of interest, technological advancements and increasing stakeholder awareness for building a more secure space ecosystem going forward. By prioritizing cybersecurity now, industry and governments can increase space systems resilience against evolving cyber threats.