As NASA struggles to fend off a fresh wave of cyber-attacks, the US Space Force is quickly ramping up its cybersecurity capabilities to counter foreign interference.

Foreign Threats

Primarily through their Space and Missile Systems Center in Los Angeles, the US Space Force is responsible for acquiring and developing key space technology for both commercial and security purposes. Central to this mandate, then, is providing the assurance that critical space infrastructure will remain safe, secure, and resilient in the face of ongoing foreign cyber-campaigns aimed at disrupting and manipulating the global satellite industry. At its peak, this effort will employ around 15,000 full-time staff; a much-appreciated step for a sector that has been chronically under-funded.

As the commander of the Space and Missile Systems Center, Lt. General John F. Thompson made clear at this week's Space and Cybersecurity Symposium that "we've seen a lot of action in recent months from certain countries, notably China and Russia, that have threatened the peaceful global commons of space. Everyone should understand the Russians have been testing on-orbit anti-satellite capabilities. It's very clear that China is developing anti-satellite programs, electronic jammers, directed energy weapons and, most relevant to today's discussion, offensive cyber capabilities."

It's important to note that these attacks are not just political sparring contests between rival intelligence agencies, but are actually designed to affect the real world economy, along with our ability to communicate and travel. Although the GPS network was initially developed for military purposes, much like the internet itself, it has proven invaluable to commercial innovation as well.

"We developed and currently sustain 31 satellite GPS constellations," Thompson said. "Those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. If GPS went down, a Starbucks wouldn't be able to handle your mobile order, Uber drivers wouldn't be able to find you, and Domino's certainly wouldn't be able to get there in 30 minutes or less."

Private Satellites

A further concern is the rapid expansion of private satellites in recent years, such as SpaceX's Starlink network which is scheduled to reach 12,000 units.

"Space is becoming congested and contested," warned Thompson. "The cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cybersecurity into our space systems, both commercial and government, is a mandate. For new systems we're desperately trying to implement across the Department of Defense and particularly in the space world, we're using a DevSecOps methodology and practice to deliver software faster and with greater security. It's not just widget assurance anymore; it's mission assurance."

As satellites have shifted from bulky pieces of hardware (with very simple systems) to highly complex operating systems (that happen to sit in space), the way in which we develop and maintain these systems must evolve as well. The reason we've become so dependent on firewalls, intrusion detection systems, monitoring systems, and the like is because today's software developers are trained to write inherently insecure code. If, on the other hand, applications and network infrastructure are designed with security in mind from the outset, we could avoid many of the vulnerabilities that currently plague our digital landscape, both on earth and in space.

As Thompson explained: "Our satellites are really not hardware systems with a little software anymore in the commercial and defense sectors; they're basically flying boxes full of software. If it's not cyber secure, if it doesn't have cyber protections built into it or the ability to implement mitigations against cyber threats, then we've essentially fielded a shoe box in space. It's truly a remarkable time, and cybersecurity is a vital element of everything in our national security space goals."

For the complete four-day Space & Cybersecurity Symposium event lineup, click here.