This NASA project really shows the need for supply chain security

Supply-chain cybersecurity might seem like and abstraction, until you are, say, NASA, and building new ground stations to support the multi-billion-dollar Artemis-to-Mars program. All those antenna signals, data processing, communication links. At the recent ACT-IAC conference on emerging technology, Federal Drive with Tom Temin spoke with Jena Garrahy, Program Manager for Space Communications and Navigation.

Interview Transcript: 

Jena Garrahy We have multiple ground stations all over the world, and these are the two new additions. So...


Supply-chain cybersecurity might seem like and abstraction, until you are, say, NASA, and building new ground stations to support the multi-billion-dollar Artemis-to-Mars program. All those antenna signals, data processing, communication links. At the recent ACT-IAC conference on emerging technology, Federal Drive with Tom Temin spoke with Jena Garrahy, Program Manager for Space Communications and Navigation.

Interview Transcript: 

Jena Garrahy We have multiple ground stations all over the world, and these are the two new additions. So we have ground station already in Canberra, Australia, and another one in Madrid, Spain. So we’ll be adding South Africa and another ground station in Australia into the portfolio.

Tom Temin And what do these ground stations consist of? What do they look like? These are not like a ten by ten fenced in area with a little pole in the middle.

Jena Garrahy Sure, sure, sure. So it’s a normal ground station. It’s got several antennas, you know, big operations building, making sure that we’re tracking our satellites. We provide 24 by seven coverage of COMM to the International Space Station and hundreds of satellites every day. So these new ground stations will just augment that portfolio.

Tom Temin So these are antennas, they’re computers, they’re wiring, and there’s a lot of software.

Jena Garrahy Yes. Everything. Everything from guards, gates and guns to servers and dishes and everything in between.

Tom Temin And these are manned 24 hours or are they automatic and just kind of run themselves?

Jena Garrahy So we’ve got a good mix of both. Some of our ground stations are operated by humans 24 hours a day, seven days a week, actually, on the facility. And some of them we control remotely.

Tom Temin And you expressed some cybersecurity supply chain issues there. So you’ve got construction. You’ve got, as you say, all these different, computers to commodes and this kind of thing. What are the big concerns?

Jena Garrahy Sure. Sure. We want to make sure that the products that we’re using, the hardware and software that’s going into building these ground stations are safe and secure. That at the end of the day, that we’re making sure that our satellites are operating as efficiently and safely as possible. And that also, you know, when we have crewed missions that our astronauts are absolutely safe and we’ve mitigated risk to the greatest extent possible.

Tom Temin And these ground stations communicate bi directionally. So they go to the spacecraft as well as get information down from it.

Jena Garrahy That’s right. That’s right. We are making sure that comm can go up to the satellites and they’re you know, they’re out there doing science experiments and, you know, looking for various things that we’ve directed it to. We’ve got equipment far out into the galaxy that’s sending back data. And and then we get to analyze it when it comes back down.

Tom Temin And let me ask you a technical question. You said there’s a series of ground stations because you have to be able to reach the spacecraft wherever it might be around the globe. Are they all synchronized or are they all seeing and doing the same thing at the same time, or do they operate independently?

Jena Garrahy Yeah, they they most of them operate independently. We actually have for the Deep Space Network is a fantastic example of advanced technology that NASA’s has created. We have three ground stations in the world we talked about earlier, one in Pasadena, California, up at Goldstone, one in Canberra, Australia, and one in Madrid. And they are equidistant around the globe. They used to operate all at the same time, 24 hours a day, seven days a week. But now we have it so that whatever one is currently in the sun is the one that’s currently operating. So that and then they hand over to the next ground station. So we’ve been able to actually create a lot of efficiencies with technology by handing off to other ground stations.

Tom Temin So let me just postulate then there is a signal coming from the spacecraft. It is received by an antenna which converted into a signal that is then processed by computers. So the weak or the links that you worry about then are that actual link between the antenna, which is a something that produces induction and then that current goes to a computer. So that critical point there seems like the most dangerous area for supply chain.

Jena Garrahy So we’re actually we’re concerned about it cradle to grave. So making sure that when the signal is coming down that we get a pure signal into our antennas. And then once it’s being processed on the ground, that it’s able to get to the proper location safely and securely. So making sure that the computer equipment that’s processing these signals are as safe and secure as possible, making sure that all of our patches and updates are completed so that we make sure the integrity of the information is available at all times.

Tom Temin Right. So there are two dangers then, one that a signal or a piece of intelligence could be purloined, just filtered out by someone and sent somewhere or it shouldn’t be sent, or that something could be sent to it that could harm the mission or give you the wrong sense of what’s going on with Artemis.

Jena Garrahy So we make sure, especially with a program like Artemis, that all of our that all of our information is encrypted, right? We want to make sure that the data coming down, the integrity is kept as much as possible and that we’re able to have communications with our astronauts without interruption. So that’s why we have also multiple ground stations and multiple satellites to if something were to happen to one of our ground stations, we could fail over to to another asset to make sure that we keep that comm constantly going.

Tom Temin We’re speaking with Jena Garrahy. She’s network integration manager for NASA’s Space Communications Office. And what is your strategy for supply chain security then, and the construction of these new ones and I guess maintenance of the existing ones?

Jena Garrahy Sure. So we have a pretty robust supply chain risk management department within NASA. As missions, we closely couple with them to make sure that when we have a a roster of things that we need to purchase in order to to build a ground station, everything from a fence to the computers to our hardware, software and everything in between, that we’re in constant lockstep with them making sure that anything is purchased or procured for now, so is on an approved list. And as we’re going through the cycle any notifications of any incidents with any of our vendors is clearly communicated so that, you know, we have instant information to make sure that what we have is the best quality of product in order to implement at our ground stations.

Tom Temin Because I imagine some of the products are custom made for NASA, fabricated, but others like PCs and racks and communications gear and all the rack type of equipment that is standard, That must be something that it’s tougher to get to that second and third tier of subcontractor.

Jena Garrahy Yes. And that’s why we rely so heavily on this particular department, because part of what they do is working with industry partners, looking deeper into the second and third layers of the particular product that they’re looking to purchase to make sure that we’re getting exactly what we’ve asked for and that there’s no compromise of the integrity along the supply chain way.

Tom Temin And what about the physical security aspects of these that might tie in to the cyber?

Jena Garrahy Yeah, sure. So physical security is a big component here at NASA, so we want to make sure that our our guards, gates and guns are completely up to standard. We follow State Department rules and we follow NASA rules to make sure that the integrity of our equipment is always secure so folks don’t have inadvertent access or purposeful access if they’re not required to do so.

Tom Temin Now, the Artemis program is one channel. How do you collaborate across NASA? Because there must be other facilities, other programs that have the exact same concerns.

Jena Garrahy Yes. Yeah, absolutely. So within NASA, we have a big mission community. So within the Artemis program, there’s the Space Communication Navigation Office. We provide the comm. There’s SLS, Orion, Gateway. So all of these various components that build into the Artemis program collaborate usually on a weekly basis. We talk about the good, the bad, the ugly. So any challenges that we’ve had that particular week or any triumphs that we’ve had. It’s the constant source of open communication between these various entities within the agency can make us much more small so we can have these open dialogs.

Tom Temin And you mentioned during the panel, during the ACT-IAC event that components from Mexico, which is can be a trusted partner, but may contain subcomponents that come from China, is that necessarily bad? That is to say you might not want a major processing or signal processing chip to come from China, but maybe a capacitor or a resistor could come from China.

Jena Garrahy Sure, sure, sure, sure. So it’s China is not, we don’t bar purchasing equipment just from them as a as a baseline. There are definitely components in which we purchase from anything that doesn’t have memory or any any particular piece of hardware that is critical to the the success of the mission. But doesn’t it couldn’t introduce any inadvertent risk. So it’s always it always goes back to buying down the risk of the the risk to the mission.

Tom Temin And just in the general communications area, have you had issues that you’re aware of where somehow a signal went astray or someone was listening in on what was going on that wasn’t authorized?

Jena Garrahy Not too much from a listening that wasn’t authorized. But, you know, every single federal agency has had some sort of cybersecurity issue. It would be I’d be remiss to not say that absolutely everyone has faced certain cybersecurity challenges, and we’re no exception. NASA’s job, our mandate is is peaceful space exploration. So we’re really leaning on the Department of Defense, Homeland Security to provide us that extra bit of support and resources in order to make a much more robust program.

Tom Temin And here’s a question just from someone who likes watching flight radar or whatever that thing is called, where you can see all the planes flying in the world, their destinations when they departed their tail numbers and all of this information, late at night. It’s fun to watch what’s going on in the skies above the world. That information is ultimately coming from the government, from the FAA, and so that people that get it are not tapping at the FAA systems, but it’s put out there. Does NASA have the same type of program where just to deter people that might want to amateurishly say break in to hear what’s going on just put out information that can be publicly made available about where is that thing orbiting who’s aboard.

Jena Garrahy Sure.  So we have actually several websites that are dedicated to open source information providing the public where our satellites are at any given moment. So curious folks, scientists can can take a look and see where any of our assets are at any given time. NASA prides itself in being open and honest and providing an educational resource for the public in order to be able to see where we’re at any given day.


Related Stories