BLUF

For space to be a viable part of human existence, we need to reframe how we implement technology – specifically cyber. Operations in space have no place for cyber risks to life and efficacy.

Background

Space is certainly a new frontier, with commercial interests and government coalescing to make possible what’s been dreamed of for ages. Technology has caught up or exceeded what’s required, and we are looking for new ways to take tech development further to support our next endeavour.

For this, we need to reconsider cyber in every sense, starting with the security framework.

For even domestic space to become a viable means of work and travel, we need reliable systems and communications. We need ships to function as the default. We need the crew to focus on what is crucial to the mission/ voyage/ work order/etc. – not on whether or not a buggy phishing email got in, dropped a payload, and wreaked havoc. When operations and life support are crucial to survival, we can’t wait for internal/ consultant incident response team support or for someone to find and upload a backup. Current space missions may be able to get all manner of aid from ground elements (in the nascent stage we are in) but as space travel and operations become the norm, we can’t assume ground support organisations will provision adequate response for cyber incidents.

The people (enemies) who conduct these attacks do not consider the impacts caused, largely accepting others’ loss as part of doing business. Very few incidents have occurred with loss of life (though I’m sure many InfoSec teams wish otherwise in the moment), as we have life support built into the planet. In space, there is imminent danger if systems go offline.*

Each spaceship is going to be an ecosystem in and of itself, likely most will not have large crews, with members all wearing multiple hats. They will not have the capacity to run an effective cyber ecosystem to make certain things work. We need to design it so it simply will. We need to re-think how to separate crucial systems so they are not able to be attacked. We need to rethink lateral data transfer so the checks and balances are more rigorous. We need the same degree of redundancy in place with our networks and data as we have with the spacesuits to go outside.

Essentially, we need to take the lessons learned from the development and deployment of the internet to rethink how we move forward.

• We can’t have dedicated streaming or cloud services without anticipating interruption.

• We likely won’t be able to carry massive pieces of data along for the ride.

• We also may not need to ingest the volumes of data we could consume.

We will need to be more judicious in the selection of what data is desirable versus requisite, in determining the risk, scalability, automation, etc. Quite a bit to consider here.

The initial model of the internet was based (among things) on trust, a noble notion exploited ever since. Create our space-cyber based on our understanding, not our aspiration, of human nature. Trust, but verify. Make sure there’s not daggers in hands you are about to (TCP/ IP) shake.

More to come.

-scl

*In non-indigenously habitable planets it will likely be the same. All the more reason we need to get this right upfront.