With recent events, such as the published cyber breach of Landsat-7 and Terra AM-1 and cyber intrusions into space agencies like NASA and JAXA, public awareness of the cyber defense needs of space assets is rising . Questions such as ‘what is being done to protect satellites and ground stations?’ are being asked by governments, service providers, and possibly even users.
Space Safety Magazine took these questions and started checking around the market. Who is offering cyber defense services for satellites? Is there any benefit to a cyber security solution designed specifically for the satellite environment?
In our quest for answers we came across US-based Kratos Defense & Security Solutions and its RT Logic subsidiary. RT Logic provides cyber protection for ground stations, satellite test equipment, and satellite operations. According to the company, RT Logic’s innovative products have been used and proven in 85% of space missions. And now, with the evolution of satellite networks there’s a new class of threats with which to contend. “The migration of satellite ground networks to IP-based technologies is delivering tremendous benefits in cost, performance, and interoperability, but it also brings along increased cyber security risks,” said Jerry Meleski, Vice President of RT Logic. “With the CyberC4 family of products, RT Logic is addressing that problem for our customers across the various cyber attack surfaces.”
What kinds of risk are such systems facing? Meleski points to what is known as a zero-day malware. “A zero-day malware exploit is one that has not been identified ‘in the wild,’ therefore there are no known signatures to identify it, nor patches available to protect against it. If the system is vulnerable to such zero-day exploits and comes in contact with one, there’s very little to defend against it.” Given the rapidity of cyber virus appearance in the days when do-it-yourself applies just as well to hacking as it does to spacecraft development, ability to protect against unknown threats is a huge need gap. This is the gap RT Logic’s ITAR-free CyberC4:Alert and CyberC4:Capture in conjunction with the ITAR-pending CyberC4:Armor aim to fill.
“Tamper-proofing the algorithms of the devices themselves is the most effective way to combat threats originating both inside and outside the network,” says Meleski. The CyberC4 line is designed to respond to a zero day malware threat that is introduced, for instance, on a thumbdrive. “CyberC4:Armor counters this by creating a “white-list” execution environment, where all binaries are cryptographically bound to the hardware,” explains Meleski. Therefore the inserted non- cryptographically signed (malware) binary will not be allowed to run or execute. Armor issues an alarm to CyberC4:Alert (the security information event manager), which notifies security staff of the tamper attempt. Upon generation of the alarm, a request is sent to CyberC4:Capture, which acts as a DVR, recording everything on the system making it available for forensics and legal purposes.”
The field of space cyber defense is still a limited one but the awareness of cyber security gaps is on the rise. RT Logic’s skills are certain to be in high demand – and enhanced competition surely just around the corner.
Below, speakers at the Herzliya Conference in 2011 highlight the dangers of cyber security breaches: