JPL AND SPACE HACKING…February 14, 2020
T.S. shared this article, and it contains implications for the Trump Administration's emerging space force that I want to discuss today.
In a blog earlier this week I pointed out some possible implications of the splitting of commands between the Strategic Command and the Space Command, and that there are clear indicators that suggest a reorganization of black projects research may be in the works. But another aspect of the creation of a Space Force will be security, both of space-based assets, and of operational security. Additionally, I also pointed out Mr. John Greenewald's recent discoveries combing trough federal defense budgets, and his coming across contract requirements that required contractors to make extrapolations of long term technological development in propulsion and "spatial-temporal translation" not based on "updates" to public technology, implies an exotic technological component to all of this.
With this context of earlier blogs this week in mind, now consider the following statements from this article:
NASA’s Jet Propulsion Laboratory designs, builds, and operates billion-dollar spacecraft. That makes it a target. What the infosec world calls Advanced Persistent Threats — meaning, generally, nation-state adversaries — hover outside its online borders, constantly seeking access to its “ground data systems,” its networks on Earth, which in turn connect to the ground relay stations through which those spacecraft are operated.
Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotage of a billion-dollar mission also exists. Over the last few years, in the wake of multiple security breaches which included APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.
I talked to Arun Viswanathan, a key NASA cyber security researcher, about that work, which is a fascinating mix of “totally representative of infosec today” and “unique to the JPL’s highly unusual concerns.” The key message is firmly in the former category, though: information security has to be proactive, not reactive.
Successful missions can last a very long time, so the JPL has many archaic systems, multiple decades old, which are no longer supported by anyone; they have to architect their security solutions around the limitations of that ancient software. Unlike most enterprises, they are open to the public, who tour the facilities by the hundred. Furthermore, they have many partners, such as other space agencies, with privileged access to their systems.
All that … while being very much the target of nation-state attackers. Theirs is, to say the last, an interesting threat model.
With the model, ad hoc queries such as “could someone in the JPL cafeteria access mission-critical servers?” can be asked, and the reasoning engine will search out pathways, and itemize their services and configurations. Similarly, researchers can work backwards from attackers’ goals to construct “attack trees,” paths which attackers could use to conceivably reach their goal, and map those against the model, to identify mitigations to apply.
Or to boil all this down to two simple propositions: (1) no cyber system is secure, and (2) this opens the possibility that space-based hard assets such as satellites, including weapons platforms, could be hacked, and literally either "turned off" or - worse - taken over by a hostile power, and turned against their owner(s). Now, put those two propositions against the backdrop of the speculation I advanced earlier this week, that one of the implications of the splitting of the Space Command from Strategic Command is that the weapons platforms of the latter are approaching obsolescence, and that newer and much more exotic and destructive strategic offensive weapons platforms might be one reason for the command split. After all, if you're going to "defend" against asteroids, and shunt them aside or destroy them, then the weapons platforms to do so would be extraordinarily powerful (rods of God, x ray or gamma ray lasers, and so on), and capable of being turned against targets on the Earth. But those weapons have to be pointed and aimed, and that's done by computer programs, communications, and so on, all of which can be jammed, or hacked.
This consideration by the nature of the case has to be a fundamental and principal concern, a high priority for any future space force. Indeed, it's considerations such as these that might be behind the requirement that contractors be able to extrapolate in an "out-of-the-box" manner about the long term arc of military science and technology. Consider Robert Hasting's crucial research into the nature of UFO sightings near nuclear weapons bases and missile silos. Mr. Hasting's book, UFOs and Nukes: Extraordinary Encounters at Nuclear Weapons Sites (see his website: https://www.ufohastings.com/book) recounts two such incidents, one at an American ICBM base, and one at a Soviet ICBM base, at the height of the Cold War. In the American case, a UFO was seen near a flight of ICBMs, and apparently reprogrammed the targeting programs of the flight, effectively demonstrating a capability to re-target hydrogen bombs. In the Soviet case, a flight of ICBMs was actually made to begin the launch count, which was then cancelled at the last moment, much to the relief of the Soviet crews.
To put all this "country simple," the fact that this type of work is being done may be understood that the Space Force is not some passing plaything; it's a deadly reality, and that all possibilities are being considered...
... only this time, we may not be playing the game of Mutually Assured Destruction with Russians...
See you on the flip side...