SlideShare uma empresa Scribd logo

Seftas krage

N
NASAPMC
TecnologiaNegócios
1 de 30
Baixar para ler offline
Spaceflight Project Security: Terrestrial and On-Orbit/Mission PM Challenge 2007 Randy Seftas and Joshua Krage NASA Goddard Space Flight Center Greenbelt, MD
Agenda Highlights from: – National Space Policy Protection – GSFC Space Asset Protection Cyber: – Attacks, Impacts, and Issues – Threat Sources/Adversaries Trends 2
National Space Policy Protection Highlights 2. Principles: The United States considers space capabilities -- including the ground and space segments and supporting links - - vital to its national interests. Consistent with this policy, the United States will: …. take those actions necessary to protect its space capabilities. 5. National Security Space Guidelines: To achieve the goals of this policy, the Secretary of Defense (SECDEF) shall: Have responsibility for space situational awareness; in this capacity, the SECDEF shall support the space situational awareness requirements of the Director of National Intelligence and conduct space situational awareness for: …. civil space capabilities and operations, particularly human space flight activities. 3
National Space Policy Protection Highlights (cont) 11. Orbital Debris: Orbital debris poses a risk to continued reliable use of space-based services and operations and to the safety of persons and property in space and on Earth. The United States shall seek to minimize the creation of orbital debris by government and non-government operations in space in order to preserve the space environment for future generations. Toward that end: Departments and agencies shall continue to follow the United States Government Orbital Debris Mitigation Standard Practices, consistent with mission requirements and cost effectiveness, in the procurement and operation of spacecraft, launch services, and the operation of tests and experiments in space. 4
Space Control Objectives and Missions Space Control Ensure Freedom of Action Deny Freedom of Action in Space for In Space US and Allied Forces to Our Adversaries Protection Prevention Negation Employ measures to Employ measures to prevent Disrupt, Deny, ensure US and Allied adversary use of US & or Destroy space capabilities friendly space capabilities for adversary space operate as planned purposes hostile to the US capabilities Space Situational Awareness Historic, current, and predictive knowledge to enable decision making Integrated Command and Control Data Fusion and Exploitation 5
Goddard’s Space Asset Protection Highlights Space asset protection involves the planning and implementation of measures to protect space assets from intentional or unintentional disruption, exploitation or attack, whether natural or man-made. Space asset protection includes aspects of personnel, physical, information, communications, information technology, and operational security. Effective protection requires a risk management vice risk avoidance approach, consistent with existing policies, approved mission requirements, and fiscal realities. The Center shall ensure that space asset protection functional support is provided to missions and management, including at a minimum, support in the development of threat assessments, identification of risks, and identification of protection strategies appropriate for the threats and risk levels identified. Space asset protection functional support shall be led by the Mission Engineering and Systems Analysis Division, Code 590, with support from the Information Technology and Communications Directorate, Code 700, and other organizations as appropriate. 6
Goal / Objectives / Approach Goal – Protect space assets from intentional or unintentional disruption, exploitation or attack, whether natural or man-made Objectives – Mitigate or eliminate vulnerabilities and single points-of-failure in the infrastructure of space systems – Elevate the space situational awareness of managed missions Approach – Transfer best protection practices from DOD/IC organizations, in particular the NSSO and the NRO. • Leverage ongoing DOD/IC Defensive Space Control investments, activities, countermeasures and resources – Integrate institutional security capabilities to eliminate single points of failure – Focus protection resources to achieve greater space situational awareness (less investment than either “defend” or “restore”) – Spin-off DOD/IC DCS countermeasures to support current space flight operations or science data processing activities 7
Protection for Space Mission Assurance Functional Construct DEFEND AWARENESS RESTORE • Avoid • Detect • Recover • Preempt • Locate - Activate - Reconfigure • Identify - Appropriate • Characterize • Reconstitute • Vulnerability Mitigation • Assess - Repair • Control Knowledge • Monitor - Replace • Track - Augment • Warn • Report = Least Costly Investment • Post = Required FD Interface Desired Effects of Risk Mitigation Actions
Desired Effects of Risk Mitigation Efforts DEFEND AWARENESS RESTORE Capability Sustain our knowledge base and reporting of the natural and threat The quick recovery survival or environment, indications of adversary intent and motivation, and of our from attack. endurance. space capabilities and status. Prevent, deter Maintain vigilance over the natural and threat environment and our The timely and dissuade space capabilities for the purpose of tracking movement and changes to reconstitution of attacks. posture and status of attacks, threats, natural hazards and events, and mission capability our space assets. Be alert to the implications of movement, changes to posture and other indications, and quickly draw inferences about threats, intentions and attacks, or the potential for a natural event or hazard. Monitor status, changes, anomalies and malfunctions in our space capabilities, understand their implications, and quickly determine and attribute the cause. Issue timely warnings of potential or impending attacks or natural events, and direct the appropriate course of action. 9
Space Asset Protection Risk Model 2 Susceptibility 4 6 Lasers Ground 5 Attack 1 Criticality HERF ASATs 3 Threats 7SOSI Electronic Cyber Attack Attack 1 – Critical assets for which there are no known susceptibilities and no validated threats 2 – Susceptibilities in systems, hardware, software, equipment or facilities which are not associated with critical assets and for which there are no validated threats 3 – Threat environment for which there is no valid threat to critical assets or access to susceptibilities (or susceptibility information) 4 – Critical assets for which there are known susceptibilities but no valid threats 5 – Critical assets for which there are known susceptibilities and valid threats 6 – Valid threat has acquired specific knowledge and/or capability to exploit a susceptibility in an asset however, the asset is not critical 7 – Critical asset for which there are no known susceptibilities but there is exposure to a valid threat 10
Threat x Susceptibility = Vulnerability Space Object Surveillance and Identification Anti-Satellite Weapons (ASATs) - ASATs come in (SOSI) - Knowledge of a satellite's position and a variety of forms, from missiles tipped with velocity can now be obtained using relatively nuclear warheads to low-altitude direct ascent unsophisticated optical, radar, and signal tracking interceptors. These weapons are typically ground systems. or air launched into intercept trajectories or orbits that are nearly the same as the intended target Ground Segment Attack or Sabotage - One of the satellite. easiest ways to disrupt, deny, degrade, or destroy the utility of a space system is to attack or Lasers - Low-power lasers are typically designed sabotage its associated ground segment elements. to spoof or jam satellite electro-optical sensors using laser radiation that is in the sensor pass band Electronic Attack on Communications, Data and (in-band), thus temporarily blinding the satellite. Command Links - Electronic attack is defined as High-power lasers can permanently damage or any action involving the use of electromagnetic destroy a satellite by radiating enough energy to energy and directed energy to control the overheat its parts. electromagnetic spectrum or to attack an adversary. Radio Frequency ASAT Weapons - RF ASAT weapons concepts include ground- and space- Cyber Attack - Hacking, whether “for fun” or based RF emitters that fire an intense burst of radio some other purpose, is clearly a widespread energy at a satellite, disabling electronic phenomenon with ground-based systems, and components. NASA is a popular target. 11
Evolution of Cyber Attacks Early in the space age… – Attacking (or just understanding) space assets and support systems required extensive knowledge and physical access – It wouldn’t be “right” to sabotage the program – Only the “space age” nations could play Then came PCs, the Internet, and the tech explosion.. – Access and information are now “just a hop away” on the Internet • Geographic barriers and physical access are no longer pre-requisites • Easy access to information on building and operating spacecraft – Satellite use is so commonplace that amateur satellites are being launched • The pool of experienced space operators is now very large And now we’re beginning the information warfare era – Cyber attacks are becoming both commonplace and part of military capabilities, including integrated operations – Non-Government organizations can now level the playing field 12
The Potential Cyber Impact Several studies have been conducted around the “survivability” of unprotected Internet systems – The average time is currently measured in minutes and continues to diminish and new systems on the Internet are probed or attacked within seconds of becoming active • Its akin to keeping air contained while in a vacuum -- any unchecked damage can become a breach – Attacks are so cheap and easy to launch, they have become omnipresent and impossible to avoid -- everyone is being attacked at all times The sheer number of different types of attacks poses defensive challenges – New vulnerabilities are identified routinely – Miss one vulnerability, or be slow in responding, and an attacker can breach the system – Internet systems are constantly being breached Support systems on the Internet can quickly become the project’s weakest link 13
An Explosion of Cyber Issues Reported Vulnerabilities 1995 - 3Q2006 (from cert.org) Since the dawn of recorded 7000 (Internet) time, cyber 6000 # Reported Vulnerabilities 5000 Average annual increase 148% vulnerabilities and reported 4000 successful incidents have 3000 2000 blossomed 1000 – New vulnerabilities are 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006* identified through research, Year independent validation, and black box testing Reported Incidents 1998 - 2003 (from cert.org) 160000 – Incidents are self-reported, 140000 which tends to be a lower 120000 # Reported Incidents bound due to concern over 100000 Average annual increase 329% reputation and liability 80000 60000 – Damages from these incidents 40000 Too many to are quite difficult to calculate, 20000 track after 2003! especially when intangible 0 elements such as reputation are 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 19 19 19 19 19 19 19 19 19 19 19 19 20 20 20 20 Year considered 14
Additional Challenges Every space asset has associated terrestrial support systems that are increasingly: – Challenged to do more with less – Dependent on information systems – Dependent on external resources – Connected to partners at other organizations – Complex – Remaining operating beyond completion of the mission objectives At the same time, adversaries are significantly increasing the knowledge and resources focusing on understanding and exploiting space assets and support systems. 15
Cyber Threat Sources The most severe threats involve the intelligent adaptive adversary who: – Actively works to defeat defenses – Will change tactics and tools mid-course – Is generally unpredictable – Has specific objectives in mind – Can attack any vulnerability, while the defender must protect everything – Can develop and test new attack methods without the defender’s knowledge The most dangerous adversary is not the most numerous (yet) 16
Cyber Adversary Pyramid Adversary Capabilities m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 17
Cyber Adversary Pyramid Adversary Capabilities d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 18
Cyber Adversary Pyramid Adversary Capabilities na l •Custom exploits ge pio ria Skilled attacker •Motivated (usually financial) Es ust •Many resources Ind •Limited penalties apply d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 19
Cyber Adversary Pyramid na ate •Advanced, tailored, exploits pio -st ge Highly •Very motivated Es tion Skilled •Extensive resources Na Attacker •Very limited penalties apply Adversary Capabilities na l •Custom exploits ge pio ria Skilled attacker •Motivated (usually financial) Es ust •Many resources Ind •Limited penalties apply d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 20
SCADA and Spacecraft Systems Similarities Supervisory Control and Data Acquisition (SCADA) systems are a subset of industrial control systems – Used in community infrastructure to manage utilities – Part of the nationwide critical infrastructure SCADA systems are similar to spacecraft systems in that they both… – Depend on highly specialized hardware such as embedded systems and realtime operating systems – Have operators sensitized to the need to protect integrity and availability of the controlled systems – Require dedicated practice and experience to develop the requisite skillset to manage the systems – Were not initially designed to be targets of deliberate attacks – Are current targets of skilled adversaries 21
Cyber Trends Attackers continue targeting the weakest link: people – Design/configuration flaws in hardware and software – Individual end-users are being actively targeted, with the attacker convincing the user to take a specific action – Simple, common mistakes continues to be the low hanging fruit Financial motivation continues to improve – Blackmail, competitive “edge”, direct $$ return Cyber/Information warfare will continue to develop as a dedicated discipline – Groups will continue to develop experience and establish footholds in neutral territory (such as a home user’s computer) – More nation states will officially incorporate information warfare capabilities into their military structure – The adversary pool size and overall capabilities will improve rapidly Complex environments, e.g. space systems, continue to move from black to crystal boxes – Attackers continuously increase their knowledge pool 22
Stemming the Tide Cyber countermeasures: – Must be tailored to the project and organizational objectives – Need to be improved, and evolve, across the board • Protect the support systems and operational policies as aggressively as the command and control systems – Require active responses within the infrastructure • In turn, requires detailed understanding of how it works, what can break, and how any external dependencies can affect you – Need to have the ability to make changes in ground and support systems rapidly • Long lead times and configuration freezes are becoming issues by creating windows of “risk through lack of change” – Require paranoia regarding deliberate man-made actions, both internal and external • If it can go wrong, it will • If it can be made to go wrong, it will 23
Space Asset Protection Trends The nation’s defense and economic dependence on space derived information will continue to increase. Current trends in technology proliferation, accessibility to space, globalization of space programs and industries, commercialization of space systems and services, and foreign knowledge about U.S. space systems increases the likelihood that vulnerable U.S. space systems will come under attack. The ability to restrict or deny freedom of access to and operations in space is no longer limited to global military powers. Knowledge of U.S. space systems functions, locations and physical characteristics, as well as the means to conduct counter-space operations is increasingly more available on the international market 24
Questions? Contact information: – Randy Seftas Space Asset Protection George.R.Seftas@nasa.gov +1 301 614 5122 – Joshua Krage Information Security Joshua.Krage@nasa.gov 25
Backup Slides 26
Space Situational Awareness Tasks Environmental Information – Monitor, characterize, predict and report on the space related environment, i.e, terrestrial weather; atmospheric, ionospheric, magnetospheric, solar and interplanetary conditions. Significant “Push” and “Pull” Orbital and Network Information – Detect, track, identify and catalog man-made objects in space “Push” state vectors for operational missions from LEO out to GEO “Pull” catalog data from archive to support in-house collision avoidance – Provide battle-space information and services “Pull” signal/laser de-confliction and space network nodal analysis Event Information – Detect, process and report space events, i.e, launches, orbital maneuvers, break-ups, reentries, orbital decay, dockings, etc. “Push” state vectors for operational missions after maneuvering “Pull” catalog data from archive to support in-house collision avoidance 27
Space Situational Awareness Tasks (cont) Event Information (cont) – Characterize, assess and resolve anomalies/attacks on all space systems, i.e, provide I&W of attacks, support resolution of anomalies, provide sufficient information to attribute source of attack/interference, etc. “Push” operational status of missions “Pull” technology (sensors and automation) that supports DOD capabilities for generating event information. US Space System Information – Maintain the status and characteristics of Blue Space Forces/Assets, i.e, physical properties, current status, vulnerabilities, constellation composition, etc. “Push” operational status and vulnerabilities of missions “Pull” same/similar bus engineering/operations information to assist in fault isolation and anomaly resolution of spacecraft. 28
Space Situational Awareness Tasks (cont) Space Intelligence Information – Provide intelligence on foreign and adversary space systems, i.e, space related communications links, on-orbit asset locations, etc. “Pull” intelligence information when required to protect missions. – Maintain current foreign and adversary space system characteristics and operating parameters, i.e, physical and signal properties, function, signal internals and operating parameters, etc. “Pull” intelligence information when required to protect missions. – Detect, monitor and report on foreign and adversary terrestrial space systems, i.e, fixed and mobile systems for command and control, launch and exploitation, etc. “Pull” intelligence information when required to protect missions. – Develop predictive battle-space awareness on adversary strategies, tactics, intent, activity, and knowledge, i.e, identify adversary centers of gravity, likely courses of action, strengths and vulnerabilities to support targeting and intelligence collection, etc. “Pull” intelligence information when required to protect missions. 29
Space Asset Vulnerability References China Attempted To Blind U.S. Satellites With Laser http://www.defensenews.com/story.php?F=2121111&C=america China a Major Cyberthreat, Commission Warns http://www.fcw.com/article96975-12-01-06-Web Combating Satellite Terrorism, DIY Style http://www.popularmechanics.com/technology/military_law/4205155.html US Warns of threat to satellites http://www.centredaily.com/mld/centredaily/news/16231120.htm The Increased Threat to Satellite Communications http://satjournal.tcom.ohiou.edu/Issue6/overview2.html Hacker Infiltrates Military Satellite [UK, never substantiated] http://www.theregister.com/1999/03/01/hacker_infiltrates_military_satellite/ http://www.interesting-people.org/archives/interesting- people/199902/msg00087.html The Great Satellite Caper http://www.time.com/time/magazine/article/0,9171,1048422,00.html Another Suspected NASA Hacker Indicted http://news.zdnet.com/2100-1009_22-6140001.html Unpatched PCs Compromised in 20 Minutes http://news.com.com/2100-7349_3-5313402.html 30

Recomendados

Trahan stuart
Trahan stuartTrahan stuart
Trahan stuartNASAPMC
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski johnNASAPMC
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marcoNASAPMC
 
O'keefe william
O'keefe williamO'keefe william
O'keefe williamNASAPMC
 
Mc namara.karen
Mc namara.karenMc namara.karen
Mc namara.karenNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joeNASAPMC
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeffNASAPMC
 

Recomendados

Trahan stuart
Trahan stuartTrahan stuart
Trahan stuartNASAPMC
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski johnNASAPMC
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marcoNASAPMC
 
O'keefe william
O'keefe williamO'keefe william
O'keefe williamNASAPMC
 
Mc namara.karen
Mc namara.karenMc namara.karen
Mc namara.karenNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joeNASAPMC
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeffNASAPMC
 
Paradis william
Paradis williamParadis william
Paradis williamNASAPMC
 
Law.richard
Law.richardLaw.richard
Law.richardNASAPMC
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karleneNASAPMC
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mikeNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Yew manson
Yew mansonYew manson
Yew mansonNASAPMC
 
Snow lee
Snow leeSnow lee
Snow leeNASAPMC
 
Stock gahm
Stock gahmStock gahm
Stock gahmNASAPMC
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)NASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.garyNASAPMC
 
Muller ralf
Muller ralfMuller ralf
Muller ralfNASAPMC
 
Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk boNASAPMC
 
Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...Western Governors University
 
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09runningman825
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber securityJoey Hernandez
 
Lee Military Resume 2015
Lee Military Resume 2015Lee Military Resume 2015
Lee Military Resume 2015Kyle Lee
 
Space policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassifiedSpace policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassifiedPaul Szymanski
 
Seftas.george
Seftas.georgeSeftas.george
Seftas.georgeNASAPMC
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles HamiltonReenergize
 
A deception framework for survivability against next generation
A deception framework for survivability against next generationA deception framework for survivability against next generation
A deception framework for survivability against next generationRuchika Mehresh
 

Mais conteúdo relacionado

Destaque

Paradis william
Paradis williamParadis william
Paradis williamNASAPMC
 
Law.richard
Law.richardLaw.richard
Law.richardNASAPMC
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karleneNASAPMC
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mikeNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Yew manson
Yew mansonYew manson
Yew mansonNASAPMC
 
Snow lee
Snow leeSnow lee
Snow leeNASAPMC
 
Stock gahm
Stock gahmStock gahm
Stock gahmNASAPMC
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)NASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.garyNASAPMC
 
Muller ralf
Muller ralfMuller ralf
Muller ralfNASAPMC
 
Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk boNASAPMC
 

Destaque (14)

Paradis william
Paradis williamParadis william
Paradis william
 
Law.richard
Law.richardLaw.richard
Law.richard
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karlene
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mike
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandra
 
Rackley mike
Rackley mikeRackley mike
Rackley mike
 
Yew manson
Yew mansonYew manson
Yew manson
 
Snow lee
Snow leeSnow lee
Snow lee
 
Stock gahm
Stock gahmStock gahm
Stock gahm
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)
 
Wood frank
Wood frankWood frank
Wood frank
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.gary
 
Muller ralf
Muller ralfMuller ralf
Muller ralf
 
Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk bo
 

Semelhante a Seftas krage

Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...Western Governors University
 
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09runningman825
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber securityJoey Hernandez
 
Lee Military Resume 2015
Lee Military Resume 2015Lee Military Resume 2015
Lee Military Resume 2015Kyle Lee
 
Space policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassifiedSpace policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassifiedPaul Szymanski
 
Seftas.george
Seftas.georgeSeftas.george
Seftas.georgeNASAPMC
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles HamiltonReenergize
 
A deception framework for survivability against next generation
A deception framework for survivability against next generationA deception framework for survivability against next generation
A deception framework for survivability against next generationRuchika Mehresh
 
Drone Image LLC | Drone Operators and Inspectors | Washington.pdf
Drone Image LLC | Drone Operators and Inspectors | Washington.pdfDrone Image LLC | Drone Operators and Inspectors | Washington.pdf
Drone Image LLC | Drone Operators and Inspectors | Washington.pdfVograce
 
3309_Space_Situational_Awareness_2015_4pp
3309_Space_Situational_Awareness_2015_4pp3309_Space_Situational_Awareness_2015_4pp
3309_Space_Situational_Awareness_2015_4ppTiziana Casinelli
 
Drones and animal welfare
Drones and animal welfare Drones and animal welfare
Drones and animal welfare KatrinaWhitting
 
BROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASABROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASASean Brown
 
BROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASABROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASASean Brown
 
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...juliekannai
 
Simulations and Educational Games
Simulations and Educational GamesSimulations and Educational Games
Simulations and Educational GamesCynthia Calongne
 
Mobicom tutorial-1-de
Mobicom tutorial-1-deMobicom tutorial-1-de
Mobicom tutorial-1-deajsatienza
 
Mobicom tutorial-1-de
Mobicom tutorial-1-deMobicom tutorial-1-de
Mobicom tutorial-1-deajsatienza
 
Security Hazard Safety 0.pptx
Security Hazard Safety 0.pptxSecurity Hazard Safety 0.pptx
Security Hazard Safety 0.pptxPramjeetKhalon
 
final res_07aug rework
final res_07aug reworkfinal res_07aug rework
final res_07aug reworkZachary Sunder
 

Semelhante a Seftas krage (20)

Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...Space Weather And International Civil Space Situational Awareness ( Met...
Space Weather And International Civil Space Situational Awareness ( Met...
 
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
Lessons 5,18,21 Ofd, Air And Space Power Functions, Aef Doherty 27 Oct 09
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Lee Military Resume 2015
Lee Military Resume 2015Lee Military Resume 2015
Lee Military Resume 2015
 
Space policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassifiedSpace policy space warfare definitions-unclassified
Space policy space warfare definitions-unclassified
 
Seftas.george
Seftas.georgeSeftas.george
Seftas.george
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton
 
A deception framework for survivability against next generation
A deception framework for survivability against next generationA deception framework for survivability against next generation
A deception framework for survivability against next generation
 
Drone Image LLC | Drone Operators and Inspectors | Washington.pdf
Drone Image LLC | Drone Operators and Inspectors | Washington.pdfDrone Image LLC | Drone Operators and Inspectors | Washington.pdf
Drone Image LLC | Drone Operators and Inspectors | Washington.pdf
 
3309_Space_Situational_Awareness_2015_4pp
3309_Space_Situational_Awareness_2015_4pp3309_Space_Situational_Awareness_2015_4pp
3309_Space_Situational_Awareness_2015_4pp
 
Drones and animal welfare
Drones and animal welfare Drones and animal welfare
Drones and animal welfare
 
BROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASABROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASA
 
BROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASABROWN-SEAN-P-RESUME ASA
BROWN-SEAN-P-RESUME ASA
 
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
 
Simulations and Educational Games
Simulations and Educational GamesSimulations and Educational Games
Simulations and Educational Games
 
Mobicom tutorial-1-de
Mobicom tutorial-1-deMobicom tutorial-1-de
Mobicom tutorial-1-de
 
Mobicom tutorial-1-de
Mobicom tutorial-1-deMobicom tutorial-1-de
Mobicom tutorial-1-de
 
Alexander F Szinnyey
Alexander F SzinnyeyAlexander F Szinnyey
Alexander F Szinnyey
 
Security Hazard Safety 0.pptx
Security Hazard Safety 0.pptxSecurity Hazard Safety 0.pptx
Security Hazard Safety 0.pptx
 
final res_07aug rework
final res_07aug reworkfinal res_07aug rework
final res_07aug rework
 

Mais de NASAPMC

Mulenburg jerry
Mulenburg jerryMulenburg jerry
Mulenburg jerryNASAPMC
 
Mitskevich amanda
Mitskevich amandaMitskevich amanda
Mitskevich amandaNASAPMC
 
Martt anne
Martt anneMartt anne
Martt anneNASAPMC
 
Manzer fred
Manzer fredManzer fred
Manzer fredNASAPMC
 
Manthos jeff
Manthos jeffManthos jeff
Manthos jeffNASAPMC
 
Lengyel dave
Lengyel daveLengyel dave
Lengyel daveNASAPMC
 
Krahula john
Krahula johnKrahula john
Krahula johnNASAPMC
 
Kroeger lin
Kroeger linKroeger lin
Kroeger linNASAPMC
 
Krage jousha
Krage joushaKrage jousha
Krage joushaNASAPMC
 
Kotnour tim
Kotnour timKotnour tim
Kotnour timNASAPMC
 
King richardson
King richardsonKing richardson
King richardsonNASAPMC
 

Mais de NASAPMC (11)

Mulenburg jerry
Mulenburg jerryMulenburg jerry
Mulenburg jerry
 
Mitskevich amanda
Mitskevich amandaMitskevich amanda
Mitskevich amanda
 
Martt anne
Martt anneMartt anne
Martt anne
 
Manzer fred
Manzer fredManzer fred
Manzer fred
 
Manthos jeff
Manthos jeffManthos jeff
Manthos jeff
 
Lengyel dave
Lengyel daveLengyel dave
Lengyel dave
 
Krahula john
Krahula johnKrahula john
Krahula john
 
Kroeger lin
Kroeger linKroeger lin
Kroeger lin
 
Krage jousha
Krage joushaKrage jousha
Krage jousha
 
Kotnour tim
Kotnour timKotnour tim
Kotnour tim
 
King richardson
King richardsonKing richardson
King richardson
 

Último

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Último (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Seftas krage

  • 1. Spaceflight Project Security: Terrestrial and On-Orbit/Mission PM Challenge 2007 Randy Seftas and Joshua Krage NASA Goddard Space Flight Center Greenbelt, MD
  • 2. Agenda Highlights from: – National Space Policy Protection – GSFC Space Asset Protection Cyber: – Attacks, Impacts, and Issues – Threat Sources/Adversaries Trends 2
  • 3. National Space Policy Protection Highlights 2. Principles: The United States considers space capabilities -- including the ground and space segments and supporting links - - vital to its national interests. Consistent with this policy, the United States will: …. take those actions necessary to protect its space capabilities. 5. National Security Space Guidelines: To achieve the goals of this policy, the Secretary of Defense (SECDEF) shall: Have responsibility for space situational awareness; in this capacity, the SECDEF shall support the space situational awareness requirements of the Director of National Intelligence and conduct space situational awareness for: …. civil space capabilities and operations, particularly human space flight activities. 3
  • 4. National Space Policy Protection Highlights (cont) 11. Orbital Debris: Orbital debris poses a risk to continued reliable use of space-based services and operations and to the safety of persons and property in space and on Earth. The United States shall seek to minimize the creation of orbital debris by government and non-government operations in space in order to preserve the space environment for future generations. Toward that end: Departments and agencies shall continue to follow the United States Government Orbital Debris Mitigation Standard Practices, consistent with mission requirements and cost effectiveness, in the procurement and operation of spacecraft, launch services, and the operation of tests and experiments in space. 4
  • 5. Space Control Objectives and Missions Space Control Ensure Freedom of Action Deny Freedom of Action in Space for In Space US and Allied Forces to Our Adversaries Protection Prevention Negation Employ measures to Employ measures to prevent Disrupt, Deny, ensure US and Allied adversary use of US & or Destroy space capabilities friendly space capabilities for adversary space operate as planned purposes hostile to the US capabilities Space Situational Awareness Historic, current, and predictive knowledge to enable decision making Integrated Command and Control Data Fusion and Exploitation 5
  • 6. Goddard’s Space Asset Protection Highlights Space asset protection involves the planning and implementation of measures to protect space assets from intentional or unintentional disruption, exploitation or attack, whether natural or man-made. Space asset protection includes aspects of personnel, physical, information, communications, information technology, and operational security. Effective protection requires a risk management vice risk avoidance approach, consistent with existing policies, approved mission requirements, and fiscal realities. The Center shall ensure that space asset protection functional support is provided to missions and management, including at a minimum, support in the development of threat assessments, identification of risks, and identification of protection strategies appropriate for the threats and risk levels identified. Space asset protection functional support shall be led by the Mission Engineering and Systems Analysis Division, Code 590, with support from the Information Technology and Communications Directorate, Code 700, and other organizations as appropriate. 6
  • 7. Goal / Objectives / Approach Goal – Protect space assets from intentional or unintentional disruption, exploitation or attack, whether natural or man-made Objectives – Mitigate or eliminate vulnerabilities and single points-of-failure in the infrastructure of space systems – Elevate the space situational awareness of managed missions Approach – Transfer best protection practices from DOD/IC organizations, in particular the NSSO and the NRO. • Leverage ongoing DOD/IC Defensive Space Control investments, activities, countermeasures and resources – Integrate institutional security capabilities to eliminate single points of failure – Focus protection resources to achieve greater space situational awareness (less investment than either “defend” or “restore”) – Spin-off DOD/IC DCS countermeasures to support current space flight operations or science data processing activities 7
  • 8. Protection for Space Mission Assurance Functional Construct DEFEND AWARENESS RESTORE • Avoid • Detect • Recover • Preempt • Locate - Activate - Reconfigure • Identify - Appropriate • Characterize • Reconstitute • Vulnerability Mitigation • Assess - Repair • Control Knowledge • Monitor - Replace • Track - Augment • Warn • Report = Least Costly Investment • Post = Required FD Interface Desired Effects of Risk Mitigation Actions
  • 9. Desired Effects of Risk Mitigation Efforts DEFEND AWARENESS RESTORE Capability Sustain our knowledge base and reporting of the natural and threat The quick recovery survival or environment, indications of adversary intent and motivation, and of our from attack. endurance. space capabilities and status. Prevent, deter Maintain vigilance over the natural and threat environment and our The timely and dissuade space capabilities for the purpose of tracking movement and changes to reconstitution of attacks. posture and status of attacks, threats, natural hazards and events, and mission capability our space assets. Be alert to the implications of movement, changes to posture and other indications, and quickly draw inferences about threats, intentions and attacks, or the potential for a natural event or hazard. Monitor status, changes, anomalies and malfunctions in our space capabilities, understand their implications, and quickly determine and attribute the cause. Issue timely warnings of potential or impending attacks or natural events, and direct the appropriate course of action. 9
  • 10. Space Asset Protection Risk Model 2 Susceptibility 4 6 Lasers Ground 5 Attack 1 Criticality HERF ASATs 3 Threats 7SOSI Electronic Cyber Attack Attack 1 – Critical assets for which there are no known susceptibilities and no validated threats 2 – Susceptibilities in systems, hardware, software, equipment or facilities which are not associated with critical assets and for which there are no validated threats 3 – Threat environment for which there is no valid threat to critical assets or access to susceptibilities (or susceptibility information) 4 – Critical assets for which there are known susceptibilities but no valid threats 5 – Critical assets for which there are known susceptibilities and valid threats 6 – Valid threat has acquired specific knowledge and/or capability to exploit a susceptibility in an asset however, the asset is not critical 7 – Critical asset for which there are no known susceptibilities but there is exposure to a valid threat 10
  • 11. Threat x Susceptibility = Vulnerability Space Object Surveillance and Identification Anti-Satellite Weapons (ASATs) - ASATs come in (SOSI) - Knowledge of a satellite's position and a variety of forms, from missiles tipped with velocity can now be obtained using relatively nuclear warheads to low-altitude direct ascent unsophisticated optical, radar, and signal tracking interceptors. These weapons are typically ground systems. or air launched into intercept trajectories or orbits that are nearly the same as the intended target Ground Segment Attack or Sabotage - One of the satellite. easiest ways to disrupt, deny, degrade, or destroy the utility of a space system is to attack or Lasers - Low-power lasers are typically designed sabotage its associated ground segment elements. to spoof or jam satellite electro-optical sensors using laser radiation that is in the sensor pass band Electronic Attack on Communications, Data and (in-band), thus temporarily blinding the satellite. Command Links - Electronic attack is defined as High-power lasers can permanently damage or any action involving the use of electromagnetic destroy a satellite by radiating enough energy to energy and directed energy to control the overheat its parts. electromagnetic spectrum or to attack an adversary. Radio Frequency ASAT Weapons - RF ASAT weapons concepts include ground- and space- Cyber Attack - Hacking, whether “for fun” or based RF emitters that fire an intense burst of radio some other purpose, is clearly a widespread energy at a satellite, disabling electronic phenomenon with ground-based systems, and components. NASA is a popular target. 11
  • 12. Evolution of Cyber Attacks Early in the space age… – Attacking (or just understanding) space assets and support systems required extensive knowledge and physical access – It wouldn’t be “right” to sabotage the program – Only the “space age” nations could play Then came PCs, the Internet, and the tech explosion.. – Access and information are now “just a hop away” on the Internet • Geographic barriers and physical access are no longer pre-requisites • Easy access to information on building and operating spacecraft – Satellite use is so commonplace that amateur satellites are being launched • The pool of experienced space operators is now very large And now we’re beginning the information warfare era – Cyber attacks are becoming both commonplace and part of military capabilities, including integrated operations – Non-Government organizations can now level the playing field 12
  • 13. The Potential Cyber Impact Several studies have been conducted around the “survivability” of unprotected Internet systems – The average time is currently measured in minutes and continues to diminish and new systems on the Internet are probed or attacked within seconds of becoming active • Its akin to keeping air contained while in a vacuum -- any unchecked damage can become a breach – Attacks are so cheap and easy to launch, they have become omnipresent and impossible to avoid -- everyone is being attacked at all times The sheer number of different types of attacks poses defensive challenges – New vulnerabilities are identified routinely – Miss one vulnerability, or be slow in responding, and an attacker can breach the system – Internet systems are constantly being breached Support systems on the Internet can quickly become the project’s weakest link 13
  • 14. An Explosion of Cyber Issues Reported Vulnerabilities 1995 - 3Q2006 (from cert.org) Since the dawn of recorded 7000 (Internet) time, cyber 6000 # Reported Vulnerabilities 5000 Average annual increase 148% vulnerabilities and reported 4000 successful incidents have 3000 2000 blossomed 1000 – New vulnerabilities are 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006* identified through research, Year independent validation, and black box testing Reported Incidents 1998 - 2003 (from cert.org) 160000 – Incidents are self-reported, 140000 which tends to be a lower 120000 # Reported Incidents bound due to concern over 100000 Average annual increase 329% reputation and liability 80000 60000 – Damages from these incidents 40000 Too many to are quite difficult to calculate, 20000 track after 2003! especially when intangible 0 elements such as reputation are 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 19 19 19 19 19 19 19 19 19 19 19 19 20 20 20 20 Year considered 14
  • 15. Additional Challenges Every space asset has associated terrestrial support systems that are increasingly: – Challenged to do more with less – Dependent on information systems – Dependent on external resources – Connected to partners at other organizations – Complex – Remaining operating beyond completion of the mission objectives At the same time, adversaries are significantly increasing the knowledge and resources focusing on understanding and exploiting space assets and support systems. 15
  • 16. Cyber Threat Sources The most severe threats involve the intelligent adaptive adversary who: – Actively works to defeat defenses – Will change tactics and tools mid-course – Is generally unpredictable – Has specific objectives in mind – Can attack any vulnerability, while the defender must protect everything – Can develop and test new attack methods without the defender’s knowledge The most dangerous adversary is not the most numerous (yet) 16
  • 17. Cyber Adversary Pyramid Adversary Capabilities m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 17
  • 18. Cyber Adversary Pyramid Adversary Capabilities d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 18
  • 19. Cyber Adversary Pyramid Adversary Capabilities na l •Custom exploits ge pio ria Skilled attacker •Motivated (usually financial) Es ust •Many resources Ind •Limited penalties apply d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 19
  • 20. Cyber Adversary Pyramid na ate •Advanced, tailored, exploits pio -st ge Highly •Very motivated Es tion Skilled •Extensive resources Na Attacker •Very limited penalties apply Adversary Capabilities na l •Custom exploits ge pio ria Skilled attacker •Motivated (usually financial) Es ust •Many resources Ind •Limited penalties apply d im ize •Limited exploit customization Cr gan Semi-skilled attacker e •Self-motivated Or •Limited resources •Penalties apply m •Use others’ tools is Un-skilled attacker tiv •Out for fun ck Ha •Limited resources •Many penalties Adversary Pool Size 20
  • 21. SCADA and Spacecraft Systems Similarities Supervisory Control and Data Acquisition (SCADA) systems are a subset of industrial control systems – Used in community infrastructure to manage utilities – Part of the nationwide critical infrastructure SCADA systems are similar to spacecraft systems in that they both… – Depend on highly specialized hardware such as embedded systems and realtime operating systems – Have operators sensitized to the need to protect integrity and availability of the controlled systems – Require dedicated practice and experience to develop the requisite skillset to manage the systems – Were not initially designed to be targets of deliberate attacks – Are current targets of skilled adversaries 21
  • 22. Cyber Trends Attackers continue targeting the weakest link: people – Design/configuration flaws in hardware and software – Individual end-users are being actively targeted, with the attacker convincing the user to take a specific action – Simple, common mistakes continues to be the low hanging fruit Financial motivation continues to improve – Blackmail, competitive “edge”, direct $$ return Cyber/Information warfare will continue to develop as a dedicated discipline – Groups will continue to develop experience and establish footholds in neutral territory (such as a home user’s computer) – More nation states will officially incorporate information warfare capabilities into their military structure – The adversary pool size and overall capabilities will improve rapidly Complex environments, e.g. space systems, continue to move from black to crystal boxes – Attackers continuously increase their knowledge pool 22
  • 23. Stemming the Tide Cyber countermeasures: – Must be tailored to the project and organizational objectives – Need to be improved, and evolve, across the board • Protect the support systems and operational policies as aggressively as the command and control systems – Require active responses within the infrastructure • In turn, requires detailed understanding of how it works, what can break, and how any external dependencies can affect you – Need to have the ability to make changes in ground and support systems rapidly • Long lead times and configuration freezes are becoming issues by creating windows of “risk through lack of change” – Require paranoia regarding deliberate man-made actions, both internal and external • If it can go wrong, it will • If it can be made to go wrong, it will 23
  • 24. Space Asset Protection Trends The nation’s defense and economic dependence on space derived information will continue to increase. Current trends in technology proliferation, accessibility to space, globalization of space programs and industries, commercialization of space systems and services, and foreign knowledge about U.S. space systems increases the likelihood that vulnerable U.S. space systems will come under attack. The ability to restrict or deny freedom of access to and operations in space is no longer limited to global military powers. Knowledge of U.S. space systems functions, locations and physical characteristics, as well as the means to conduct counter-space operations is increasingly more available on the international market 24
  • 25. Questions? Contact information: – Randy Seftas Space Asset Protection George.R.Seftas@nasa.gov +1 301 614 5122 – Joshua Krage Information Security Joshua.Krage@nasa.gov 25
  • 27. Space Situational Awareness Tasks Environmental Information – Monitor, characterize, predict and report on the space related environment, i.e, terrestrial weather; atmospheric, ionospheric, magnetospheric, solar and interplanetary conditions. Significant “Push” and “Pull” Orbital and Network Information – Detect, track, identify and catalog man-made objects in space “Push” state vectors for operational missions from LEO out to GEO “Pull” catalog data from archive to support in-house collision avoidance – Provide battle-space information and services “Pull” signal/laser de-confliction and space network nodal analysis Event Information – Detect, process and report space events, i.e, launches, orbital maneuvers, break-ups, reentries, orbital decay, dockings, etc. “Push” state vectors for operational missions after maneuvering “Pull” catalog data from archive to support in-house collision avoidance 27
  • 28. Space Situational Awareness Tasks (cont) Event Information (cont) – Characterize, assess and resolve anomalies/attacks on all space systems, i.e, provide I&W of attacks, support resolution of anomalies, provide sufficient information to attribute source of attack/interference, etc. “Push” operational status of missions “Pull” technology (sensors and automation) that supports DOD capabilities for generating event information. US Space System Information – Maintain the status and characteristics of Blue Space Forces/Assets, i.e, physical properties, current status, vulnerabilities, constellation composition, etc. “Push” operational status and vulnerabilities of missions “Pull” same/similar bus engineering/operations information to assist in fault isolation and anomaly resolution of spacecraft. 28
  • 29. Space Situational Awareness Tasks (cont) Space Intelligence Information – Provide intelligence on foreign and adversary space systems, i.e, space related communications links, on-orbit asset locations, etc. “Pull” intelligence information when required to protect missions. – Maintain current foreign and adversary space system characteristics and operating parameters, i.e, physical and signal properties, function, signal internals and operating parameters, etc. “Pull” intelligence information when required to protect missions. – Detect, monitor and report on foreign and adversary terrestrial space systems, i.e, fixed and mobile systems for command and control, launch and exploitation, etc. “Pull” intelligence information when required to protect missions. – Develop predictive battle-space awareness on adversary strategies, tactics, intent, activity, and knowledge, i.e, identify adversary centers of gravity, likely courses of action, strengths and vulnerabilities to support targeting and intelligence collection, etc. “Pull” intelligence information when required to protect missions. 29
  • 30. Space Asset Vulnerability References China Attempted To Blind U.S. Satellites With Laser http://www.defensenews.com/story.php?F=2121111&C=america China a Major Cyberthreat, Commission Warns http://www.fcw.com/article96975-12-01-06-Web Combating Satellite Terrorism, DIY Style http://www.popularmechanics.com/technology/military_law/4205155.html US Warns of threat to satellites http://www.centredaily.com/mld/centredaily/news/16231120.htm The Increased Threat to Satellite Communications http://satjournal.tcom.ohiou.edu/Issue6/overview2.html Hacker Infiltrates Military Satellite [UK, never substantiated] http://www.theregister.com/1999/03/01/hacker_infiltrates_military_satellite/ http://www.interesting-people.org/archives/interesting- people/199902/msg00087.html The Great Satellite Caper http://www.time.com/time/magazine/article/0,9171,1048422,00.html Another Suspected NASA Hacker Indicted http://news.zdnet.com/2100-1009_22-6140001.html Unpatched PCs Compromised in 20 Minutes http://news.com.com/2100-7349_3-5313402.html 30