Despite our foreign adversaries’ best efforts to demonstrate physical attacks to our space assets, the most menacing threat to the United States’ future space capability is an attack on the networks, which connect everyone in today’s globalized world.
The worst part is, many of the satellites our nation depends on were designed in an era where we weren’t concerned about cyber threats.
Stale government policy represents a large part of the problem. The Pentagon’s traditional method – defining program-specific requirements, redirecting budgets, and embarking on a five-year development trek – only marginally improves system performance against threats that existed in the past and not now, when we most desperately need it. At the same time, the requirements process is broken and causes unconscionable delays and cost overruns in otherwise routine government acquisitions.
Take GPS OCX, the Space Force’s ground control system for GPS III, for example. What should have been a simple upgrade program to something that had been operational for over thirty years is now over five years behind schedule and billion over budget, in large part because the Air Force had a poor understanding of how to specific simple cybersecurity needs and attempted to address them after the program had begun.
It’s been that way for a very long time – too long in fact – and our enemies are paying attention. Every wargame exercise exposes our vulnerability in harsh reality. Relentless cyberattacks against our infrastructure, as well as Russia’s moves against Starlink and SpaceX’s counter moves, are examples of what can be done.
Like any other nascent economic sector, the growth rate of new space cyber threats and vulnerability will continue to track with the knowledge economy itself, doubling every two years. It will remain our Achilles heel if the requirements process to secure the cyber domain continue down this path.
We must do better, and we can.
The U.S. must pivot towards a comprehensive cybersecurity plan immediately, the first step of which is to implement Zero Trust architectures (ZTA) across networks, and at the data level where possible. A design philosophy that begins with a “trust no one” mindset, Zero Trust is the only solution that assures the soldiers in the field can receive the orders, coordinates and intelligence they need to conduct military options.
ZTAs require eliminating an implied trust within an enterprise network secured only by hardware encryption. By securing data through software-based encryption and distributed key protocols, Guardians and the joint combatant commands they support can almost immediately enjoy an entire level of data security on top of what already exists.
ZTA will do for our warfighting networks what a home security system does for homeowners and neighborhoods. Locking gates, deadbolts and even the family dog are useful deterrents. But a home security system networked to the neighborhood watch and private security companies is an evolution in defense. And much like ZTA, these software-based systems offer yet another layer of protection at an affordable price.
The government would be wise to move in the same direction that commercial industry is already headed, and field ZTA’s state-of-the-art data protection in government systems, too. The traditional alternative is bolt-on cybersecurity measures like firewalls, which do too little too late and induce expensive and lengthy delays to coalition forces – ultimately leaving our soldiers blind, deaf, and disoriented on the battlefield.
In the Space Force’s Guardian Ideal, the service outlines its innovative approach to talent management and emphasizes a need to “create digital solutions, dismantle data stovepipes to establish a digitally enabled culture”. The only way for the Space Force to be the agile digital service it aspires to be, is to require Zero Trust as a core tenet of all data transmission and storage needs.
Thee commercial world is ahead of the government on innovation. There are already many commercial companies offering different implementations of ZTA, and most either complement or interoperate with other providers’ systems. Private capital is backing companies that offer solutions that can drastically and almost immediately reduce the Defense Departments gaping vulnerability in this new warfighting domain.
The Pentagon must adopt these commercially developed Zero Trust technologies into its networks, so that we can protect ourselves in the space and cyber wars of today and into the future. Government hierarchies can no longer flex quickly enough, when fielding timelines are now measured in months and tactical response times are measured in picoseconds. Waiting for the Pentagon to analyze and talk in circles, and then develop its own ZTAs, will take at least ten years, during which time our networks will become even more compromised than they already are.
A commitment to execute a Zero Trust requirement across the whole of government cannot wait until the first digital “Bitskrieg.” Zero Trust-inspired architectures, combined with standard hardware encryption and enhanced personal security, are all layers that are commercially available, and are necessary to counter the kinds of attacks that would limit our ability to defend against tyranny at home and abroad.
Charles Beames is the executive chairman of SpiderOak Inc., an aerospace company dedicated to providing cybersecurity in the space domain.