NASA feels the heat from OIG.

[MUSIC] With the month of May here, a lot of us in the Northern Hemisphere are starting to turn our thoughts to summertime.

And while feeling hot, hot, hot, maybe a classic summer jam, it's not so great a theme song for a spacecraft.

After all, you need your heat shield to protect the craft in crew from that blazing reentry heat.

That's why the latest from the NASA Inspector General Office says that they've got serious, ongoing concerns about the Artemis heat shield.

Yep, it's too darn hot.

[MUSIC] Today is May 2nd, 2024.

I'm Maria Varmausis and this is T-minus.

[MUSIC] NASA's Inspector General releases Artemis to readiness report.

China, Red Ease, Chang'e 6 for launch.

L'Orient opens the 2024 Humans in Space Challenge.

And our guest today is Mark Kineppers, satellite cybersecurity expert at dominant information solutions Canada, also known as DISC.

We'll be discussing the gaps in satellite cyber threat monitoring.

A hugely important area as many of you listeners know, so definitely stay with us for that chat.

[MUSIC] It's Thursday, let's get into it.

We've got a roundup of NASA news in our Intel briefing for today, starting with a report from the Inspector General Office on the Artemis-1 mission.

The report, titled NASA's Readiness for the Artemis-2 crewed mission to lunar orbit, reviewed problems with the Orion spacecraft, as well as ground equipment and the deep space network from the uncrewed Artemis-1 mission launched in late 2022.

The report revealed anomalies with the Orion heat shield, separation bolts, and power distribution that, quote, pose significant risks to the safety of the crew.

Work on resolving these issues has been impacting the readiness of the Artemis-2 mission, which is still scheduled for late 2025.

The report says that NASA found over 100 locations on Orion's heat shield, which is where thermal material protects the spacecraft from the heat of reentry, had worn away differently than expected during the spacecraft's reentry to Earth's atmosphere.

NASA has yet to find a root cause for the behavior of the heat shield material.

And the report provided six recommendations for addressing the issues found during the Artemis-1 mission.

NASA has accepted the recommendations and says that the agency is already working on them.

The agency has also pointed out that the audit caused, quote, "disruptions to ongoing workflow and priorities," and that the report was, quote, "more engineering focused than having a scope of understanding our risk management."

Let's hope it's a line in the sand and they're able to progress with Artemis-2.

On to Mars now, and NASA has selected nine U.S. companies to perform concept studies of how commercial services can be applied to enable science missions to Mars.

The 12 awardees will receive between $200,000 and $300,000 to produce a detailed report on potential services, including payload delivery, communications relay, surface imaging, and payload hosting that could support future missions to the Red Planet.

The companies that were selected responded to a January 29 request for proposals from U.S. industry.

NASA's Mars Exploration Program initiated the request for proposals to help establish a new paradigm for missions to Mars, with the potential to advance high-priority science objectives.

Many of the selected proposals center on adapting existing projects, currently focused on the Moon and Earth, to Mars-based applications.

They include space tugs to carry other spacecraft to Mars, spacecraft to host science instruments and cameras, and telecommunications relays.

The concepts being sought are intended to support a broad strategy of partnerships between government, industry, and international partners to enable frequent, lower-cost missions to Mars over the next 20 years.

The full list of recipients can be found by following the link in our show notes, as always.

And staying with NASA a bit longer, NASA's innovative Advanced Concepts Program, also known as NIAC, has selected six concept studies for additional funding and development.

Each study has already completed the initial NIAC phase, and the NIAC Phase II conceptual studies will receive up to $600,000 to continue working over the next two years to address key technical and budget hurdles and pave their development path forward.

When Phase II is complete, these studies could advance to the final NIAC Phase, earning additional funding and development consideration toward becoming a future aerospace mission.

And a final announcement from the US Space Agency, NASA has selected BAE Systems to develop an instrument to monitor air quality and provide information about the impact of air pollutants on Earth for NOAA's Geostationary Extended Observations Satellite Program.

The cost plus award fee contract is valued at approximately $365 million, and includes the development of one flight instrument, as well as options for additional units.

On to US Space Systems Command now, who have successfully completed the next generation overhead persistent infrared, or OPIR, Polar Space Vehicle Critical Design Review, also known as the CDR.

The CDR is the culmination of over 50 subsystem mission payload and space vehicle design reviews, and confirms a detailed design maturity and readiness to proceed with system fabrication, coding, assembly integration, and test of the space vehicle.

This major milestone for the program demonstrates the space vehicle's design.

We'll meet the Northern Hemisphere Strategic Missile Warning Warfighter requirements and counter-evolving threats.

And we here at T-minus are on the countdown until the launch of the Chang'e-6 launch, which is China's mission to the far side of the Moon.

The lunar probe completed a final systematic joint rehearsal, which was supported by the Wenchang Spacecraft Launch Site in Hainan Province, the Beijing Aerospace Control Center, the Xi'an Satellite Control Center, and the Yuan Wang Space Tracking Ship.

The mission is due to collect and return samples from the far side of the Moon, and will also carry Pakistan's miniature satellite, iCube-Kamar CubeSat.

The 8.2 metric ton Chang'e-6 probe is scheduled to lift off on a Long March 5 carrier rocket from the Wenchang Space Launch Center at 3.50 pm Beijing time, which would be about 3.50 am here on the U.S.

East Coast.

We'll bring you more details on the launch in tomorrow's show.

South Korean healthcare company Bo-ryeong has launched the 2024 Humans in Space, or HIS Challenge, in collaboration with its global partners.

The HIS Challenge, now in its third year, is an idea competition that Bo-ryeong has led since 2022 to build a global space healthcare ecosystem by gathering various space healthcare leaders and ideas.

You can find out more about the challenge, along with further information on all of the stories that we've mentioned by heading to the selected reading section of our show notes.

We've also included launch announcements for the NRO's first batch of next-generation satellites, as well as Virgin Galactic's last tourism flight of the year.

All those stories and lots more, and always be found on our website, space.ntuk.com.

Hey T-Minus Crew, if your business is looking to grow your voice in the industry, expand the reach of your thought leadership, or recruit talent, T-Minus can help.

We'd love to hear from you.

Just send us an email at space@ntuk.com, or send us a note through our website, so we can connect about building a program to meet your goals.

[Music] Our guest today is Mark Keneppers, satellite cybersecurity expert at Dominant Information Solutions Canada, also known as DISC.

I asked Mark to tell us more about the work that he does at DISC.

What we're really focused on is basically intrusion detection.

Coming out of the telecom world, I spent 20, 24 years doing controls and stopping things, but we've seen the growth of the internet.

The key message there was everything gets hacked.

You need your controls, and you put up your walls, and you do all your zero trust and all these things.

In the end, things get hacked.

What we think is missing in the industry right now is the kind of the full life cycle of security, not just the protection, but then the detection, the response, and the recovery part of it.

What we've been really working on is an intrusion detection module for satellites.

I guess maybe what's a little bit unique, I don't think there are many on the market, but what is a little bit unique about us too is we do it in hardware, which comes with its pros and cons.

Please walk me through all this.

Let's start.

Let's start.

Maybe even a compare and contrast with maybe if for folks who are maybe familiar with, I want to say, non-space cybersecurity, we talk about intrusion prevention.

How is that different when we talk about in the context of satellites here?

Yeah, it's interesting too, because on the terrestrial side, intrusion detection started purely as detection.

What you did is, if you'd known about a number of hacks, you created a signature for them, and you said, "If I ever see this thing again, I will alarm you."

That's detection.

Then as things got sophisticated, you said, "Well, we're going to prevent it, so it becomes intrusion prevention."

Now, if you see that same signature, you're going to block it.

You're going to turn on a packet filter and things like that.

The interesting thing is, I don't know if we're yet at the maturity for intrusion prevention in space, because the question is, how would a satellite react if I started blocking things?

The focus right now is really intrusion detection.

I think the parallel is for space health or space resiliency, it's really been fault management.

Are my solar panels deployed?

Is my power levels okay?

Is the temperature okay?

All those things are great, and they produce health checks, but none of them have been designed to produce security checks.

Have I been hacked or not?

The fundamental question is, I can go into a long story about how I think everything's going to be hacked, but eventually it will.

The question you have to ask yourself is, how do I know if my satellite has been hacked or not?

That's how we got to where we are.

How do you know?

Because sometimes when I've had this conversation, I've had flavors of this conversation of varying levels of security awareness.

Some people go, well, all I'm concerned about is the ground station, which is like, okay, well, that's a point of view.

The question about the actual satellite in orbit, how do you know what you're talking about?

Yeah.

Yeah, and just a quick note on the ground station.

I mean, that's great.

You've got to protect the ground station.

The way they're connected to the internet, they're going to get more and more exposed.

But traditionally, that has now become almost an old fashioned view of security.

You can't rely on the castle walls anymore, which is really what's saying the ground station will protect me.

It's because things will get past it.

We think it's a combination.

Then one of the things we've been looking at is the standards, the cybersecurity standards for space.

They're very much based on controls in space.

The problem a bit on standards is that when you build the controls for threats and standards, you cover everything.

You're like, here's the million possible threats.

To cover them, I need a firewall, and I need this and that and whatever it is.

We think that's a bit top heavy for satellites.

Our approach really is based on a threat modeling approach.

That is understanding the specifics of your satellite, looking at the information flows, and then really looking at how would that information flow be corrupted or attacked.

Then it goes into what are the indicators of that specific corruption.

Just a simple example is if we believe the memory is going to be corrupted, you look for a hash of a certain block of memory.

If you believe that the encryption key is going to be accessed or changed or modified or just read, then you look for the read times for those key accesses and things like that.

You end up developing a very specific set of indicators rather than a generic ones.

That's what we think is the most effective way for going after That's fascinating.

You mentioned things being certain levels of protection being really top heavy for a satellite, which is something I've often wondered about myself honestly.

If you want to get the full suite, so to speak, how does one deploy that on an often a very limited satellite bus?

How do you do all that?

It's literally like a physical challenge.

How do you do that?

But I'm also really curious.

You mentioned, and I'm really glad you did, about the thinking of just the castle wall, so to speak, just the ground terminal defenses being the end of B all.

What would you say then, as we're looking at the evolving threat landscape, is what's facing satellites?

What's out there?

What should we be thinking about in terms of future threats?

Yeah, I don't want to be, I mean, alarmist, but I do think you're at a cusp of some serious potential here.

Where I'm coming out of on telecom was we saw internet go from really slow dial-up speeds to ubiquitous internet to fiber at the home and all that stuff, great bandwidth.

And then you saw it happen in mobility.

And then, so it became critical infrastructure.

I come from Canada and at some point, internet was not critical infrastructure until it became part of life and then it suddenly was.

And so the question is, are we at the point where satellites are critical infrastructure?

Are they that much part of life?

And I think we're getting there, if not, yes.

And then the next deal is, is it in any attackers' favor to down a satellite or change a satellite or steal something?

And that answer is getting to be yes.

I mean, we've seen the extreme cases of war.

Like there's the classic, at this point, classic, it wasn't at the time, but the Viasad hack.

It's amazing how it feels classic now.

It's been two years, but it's totally, yeah.

Well, until the credit, nobody really talks about the attack.

So at least that one came out, right, to talk about.

But what I'm watching is all the 5G communication stuff going up.

So there's Earth observation stuff going up and then the dual use between government and commercial that.

But if you put 5G up in critical infrastructure and the internet and that, it's a target.

Like it simply is a target.

And it's, I'm rambling a little bit, but I find it a super interesting target.

You're totally not rambling.

No, no, please.

I want to hear more about this.

Yeah.

I mean, it's reminding me a little bit of the parallels when bringing your old device, this ages me a little bit, but bringing your own device was a new thing.

And it was sort of like, how do we deal with everybody bringing their own cell phones into work?

And do we have every employee, install an agent on their phone and not everybody's going to want that?

How do we manage this?

And now there is no perimeter.

I remember that was a phrase that was used a lot at that time.

And yeah, 5G, can you get into that a little bit more?

Because this is honestly one of those things, especially with your telecoms background, would love to hear you explain a bit, like how that threat presents itself.

Yeah.

Oh boy, there's a lot of threats there.

There's just so many angles.

Like one of the angles simply is the supply chain.

So what happened at the end of commercial, at restrials 5G was all this, all these discussions around should the West take equipment from the East, like would it dominate the market?

So this was the discussion on Huawei as a vendor, and that became a security concern and all that.

So you have sort of national boundaries, or you have international boundaries where you don't want things to mix.

And in space, you've got these Leo satellites whipping around like the entire world.

They're going past your boundaries.

The signals can be sort of intercepted here, there, whatever it is, and can be attacked almost, they almost leave your country and can be attacked anywhere.

So that same concern has to translate itself up.

And then just in the context of like how important is 5G to us, like it's become part of life, you can't sort of get away from a phone.

And in cases where terrestrial reach can't go, so Northern Canada is a great case because it's really expensive putting things, putting towers there, you're going to put satellites up there.

But that is deemed critical for us, right?

So any hack there sort of hacks those communities, those communications, all that sort of stuff.

So yeah, it has been amazing reach for the communication stuff.

The one that also gets me just if you wanted to go into more serious things is quantum key distribution because they talk a lot about that, right?

Yes, I was just going to ask you about quantum because that is often when I have these kinds of space cybersecurity type conversations, people are like, well, we've got quantum.

So that I always go, okay, there's no way anything fixes everything.

We just know that's not how things work.

But a lot of people are like, well, quantum sort of fixes most everything that can't, I don't know.

So your thoughts, I would love to hear them.

Well, I mean, in many regards, quantum's overhyped, like it's a fantastic physical science, that's great and all that stuff.

But right now it's really just producing entropy because the algorithms haven't been figured out.

And so the big worry is what if they break encryption?

So I think I've seen two main uses for quantum.

One of them is for key distribution in a constellation, because you have to sort of authenticate all the satellites.

That seems great, like no big issues there.

But one of them is actually distribute key material down to Earth, right?

And that's where I get into, man, I sure would hate for my key distribution satellite to get hacked.

Like that would be a serious thing, right?

And so you've got to imagine it needs the highest level of security.

If that was on Earth, you would put intrusion detection, you would do prevention, you all kinds of stuff.

So those are the areas where you think, man, there's some serious stuff going into space, right?

Yeah.

And you had mentioned that you all are looking into this as a hardware problem.

Because my brain coming from the cybersecurity world is like, well, this is a software thing.

I'm sure there's a software solution there.

But you're talking about hardware level.

So can you talk a little bit more about what that is?

Yeah, I think that's interesting because it's going to present some challenges for us, even though we think it's the right idea, because resources are limited on satellite, and yet we think hardware is the right way.

That takes space.

But what we're worried about is we think that if your satellite is hacked, there are enough scenarios where that is because the software is hacked, right?

They've injected that.

And so then the question is, can you trust the telemetry from your satellite if the software has corrupted?

And so the standard forensic approach, you know, post hack on the ground is you have to go in physically grab the system and sort of do it on a separate physical system.

And so that's the way we've built it is we built the system to integrate with the bus and then read the indicators from there.

So it's actually read only, they can't be tampered with, and then it sends the data down.

And so that is our belief is that you need to separate the software from the hardware because we think the software is going to get corrupted, or there's a good chance, right?

We'll be right back.

Welcome back.

A fictional Scottish village that disappears from view, only to magically reappear once every 100 years is known as...

My fellow musical theater nerds know it's Brigadoon.

An American in Scotland.

A hunting he goes.

Ah yes, but a romance he finds.

And a satellite launched in 1974 that said, hey, that sounds like a really neat idea.

How's about I disappear for decades at a time?

Is known as...

S73-7.

Okay, yeah, that's not as memorable as a name, but unlike Brigadoon, that satellite is quite real.

And for quite some time it was...

Lost in Space.

Been dying to make that reference for it.

You don't even know how long.

S73-7 is a 26 inch wide satellite launched on April 10th, 1974.

Not long after it launched, though, its calibration target failed to deploy, which then made the satellite nigh impossible to track.

In fact, it was essentially lost to any tracking efforts since its launch, only to briefly reappear.

Or more accurately, really briefly to be rediscovered in the 90s.

And then lost again for a while, found again, yet again briefly in 2002.

And then nada for another 20 plus years.

Until just a few days ago when it was found yet again.

And this time it was properly catalogued.

Space is hard folks, and space debris, dangerous and annoying.

Credit where it's due, though.

The 18th Space Defense Squadron at Vandenberg Space Force Base made the re-re-discovery of this wayward Brigas spacecraft.

Here's hoping it doesn't dance off like Gene Kelly and disappear into the mists yet again.

That's it for T-minus for May 2nd, 2024, brought to you by N2K Cyberwire.

For additional resources from today's report, check out our show notes at space.n2k.com.

We're privileged that N2K and podcasts like T-minus are part of the daily routine of many of the most influential leaders and operators in the public and private sector.

From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.

This episode was produced by Alice Carruth.

Our associate producer is Liz Stokes.

We're mixed by Elliot Peltzman and Trey Hester, with original music by Elliot Peltzman.

Our executive producer is Jennifer Iben.

Our executive editor is Brandon Karp.

Simone Petrella is our president.

Peter Kilpe is our publisher.

And I'm Maria Varmazes.

Thanks for listening everybody.

We'll see you tomorrow.