Space Systems Command’s 2,000 mile cyber screwdriver

The Space Systems Command in the Space Force is bringing zero trust to the final frontier.

From the satellites that orbit the earth to the ground stations that control the flow of data, the goal is to protect each piece of the system through these concepts.

The challenge, of course, is Space Systems Command can’t go and touch the satellites to upload software or change the settings, said Col. Craig Frank, the chief information officer of the Space Systems Command.

“We’re just looking at keeping control of them from a distance, what we’d like calling the IT world, the 2,000 mile screwdriver, where you might have a ground station in Nevada, but the person who’s doing all the work on it is sitting in Florida, we got to make sure that that connection is secure,” Frank said on Ask the CIO. “It’s good to have a system that can help us do what I like to call wrapping it in a zero trust envelope. A lot of the challenges we’re having is that we’re going to be putting this on birds that have been in the sky for decades. We can’t just send someone with a screwdriver up there to put a zero trust module in it. So instead, we have to go after the ground segment and securing that by putting the devices in line that will provide that zero trust envelope without disrupting the usability of the system.”

An example of this challenge is with global positioning satellite (GPS) systems. Frank said GPS has been around for several decades and it’s now something that is part of everyone’s daily usage.

“At the same time, we have to keep it secure, not just the customer facing version of the system itself, which is the ability to track yourself when you’re moving around the world or moving around your neighborhood, but also for the actual command and control of the satellites themselves,” he said. “Some of those birds are just a few years old, but the system itself is decades old. So, we have to try to figure out how to make that system more modern and secure. without messing up stuff that’s been working for decades.”

Space Systems Command legacy IT challenge

Geoffrey Mattson, the CEO of Xage Security, which is working with the Space Systems Command to implement the zero trust capabilities, said the organization’s challenges are similar to other remote customers.

He said the approach to zero trust consists of two things: A policy engine, which can authenticate users or devices, and distributed ledger technology to securely store the credentials that are associated with those users.

“The problem of integrating zero trust with legacy equipment means you have to have a transparent enforcement point that sits right in front of that component and is able to enforce that policy,” Mattson said. “Our fabric is providing that the extension for that 2,000 mile screwdriver. What it consists of are the principal technologies of software-defined networking, which is the idea of instead of having a network follow the hardware map of the network itself, we create a virtual network on top of actual network, and use that to actually control and secure connections. The other key element is this distributed ledger keystore, which allows us to store keys in such a way that if one of the devices were to be compromised, the bad actor would not be able to extract the credentials. They would need to be able to compromise a certain number of these devices, and the odds of them being able to do that are incalculable.”

Frank said Space Systems Command faces an added challenge that many of the satellite and related support systems are not using the same standard protocols. He said 99% of all communications today rely on the TCP-IP format, but because some of the systems are decades old, they may use a protocol developed by a specific company or something that doesn’t mesh with TCP-IP well.

“We have to have that software-defined system that can do that translation and basically take those packets and wrap them in a good packet wrap, and then send it off without messing up the original data and allowing it to transmit clearly,” he said. “What we’re looking for is how do we integrate those already existing zero trust capabilities into systems that aren’t Windows based or something like that. So that’s really where I think [Xage Security] comes in as that makes that connection between those. The other thing was what you don’t want because one part of zero trust is that every single user, every single machine gets verified every single time it tries to access a website, a file, data, data repository and really everything. However, what you don’t want is where every single time a user opens an email or open something else, they have to reauthenticate, so a big push for DoD is we have of course, the single sign-on capability where the user certificate is verified through Active Directory domain controller. Once that connection is made, the system can do that constant re-verification on the back end because the user has already logged into the system.”

Mattson said implementing zero trust with operational technology in addition to traditional IT is become more important than ever as organizations has seen an increase attacks over the last few years.

Mattson said Space Systems Command, like many others across the government, face constant threats from criminally-oriented ransomware to nation state level mass campaigns to infiltrate their infrastructure.

“This concept of an envelope of zero trust that can sit in front of any type of equipment. We do have a ruggedized hardware appliance that we can deploy transparently in front of any of this equipment, and then a distributed fabric that allows access control with a secure with secure credential storage,” Mattson said. “In this way, we’re able to protect operational technology assets in the private sector as well as the public sector. We’re also securing standard IT applications as well as the same principles and solutions apply.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.