Officials Consider Zero Trust Challenges for Satellite Cybersecurity
Infrastructure experts call for better public-private cooperation to tackle cybersecurity in the planet’s orbit.
Federal leaders are thinking about ways to confront growing threats to cybersecurity of critical infrastructure in Earth’s orbit, officials said at the 2024 Satellite Conference in Washington, D.C., last week.
Ronald Keen, senior advisor of space at the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center (NRMC), said that “every single critical infrastructure sector that we have here in the homeland has direct and indirect dependencies on space-based assets.”
With satellites in space, ground stations on Earth and the actual distance that information travels in between, vulnerabilities exist on an attack surface that can sometimes cover over a third of the planet.
“The space community is maturing at a rate and growing at a rate where we need to really start thinking across the board how we implement for the entire system controls,” said Erin Miller, executive director of the Space Information Sharing and Analysis Center, about the Space Force’s Infrastructure Asset Pre-Approval Program (IA-Pre). The program lays out approximately 400 cybersecurity controls for commercial providers working with government.
“Some of the things that I’ve heard from industry members that are part of the space tech stack is that there are some challenges around how to implement it still — there’s a learning curve associated with it,” she added.
Keen noted that in a zero-trust architecture where everything needs to be validated, space-specific issues like latency can add wrinkles into conventional problems.
“Some of the things we found that they’re not insurmountable, but they are definitely challenges to zero-trust architecture,” Keen said. “One is cross-linking. The other thing is the intra-satellite communication, the handshaking at ground stations. Satellites, unless they’re geo-synced, don’t stay in one place at one time in the process of being handed off. So how does that handle if you’re doing zero trust architecture on handoffs between ground stations?”
As the space industry moves away from siloed applications toward mega constellations operating in low orbit, Keen said, the nation will encounter new complexities, threats and vulnerabilities. He noted that satellite infrastructure is still siloed and will need better collaboration between the private and public sectors to ascertain where the most pressing vulnerabilities are.
Miller said that true cybersecurity can only be achieved as part of a collective, as companies and single government agencies cannot defend themselves against the power and resources of adversarial nation-states’ cyberattacks.
“Despite that being the case these companies are willing to own it and their C-suite takes on the responsibility for security, it’s still a highly complex and dynamic environment. We have to treat it as ‘an attack against one is an attack against all’ and we have to be continuously sharing the best practices for how to manage the threat,” Miller said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
FDA Outlines Future Tech Priorities
FDA is advancing its tech capabilities with quantum computing, zero-trust architecture and modernized data sharing.
6m read -
This Partnership is Tackling Federal Zero Trust, Cloud Security
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
16m watch Partner Content -
Effective Cloud Governance Balances Innovation, Security
ULA and AWS leaders discussed strategies for secure cloud adoption, emphasizing effective permissions to balance innovation and security.
2m read -
CBP Leads Federal Post-Quantum Cryptography Work
The agency began its post-quantum cryptography migration two years ago and thinks others would benefit from its lessons learned.
4m read