There's just something about space and secretive spy planes that brings out the inner child in us all. We're all transported to the set of Moonraker, the epic stories of spies in space. Thank you Mr. Bond. But the thing is, we know as much about spy space planes now as we did when that film was first released in 1979. The US Space Force's X-37B space plane is shrouded in mystery, and it's about to change course and dispose of its components as it orbits our planet. Today, as October 10th, 2024, I'm Maria Varmausis, and this is T-Minus. The X-37B is due to change its orbit around the Earth. NASA transmits laser comms from a ground station to LEO, I-Space and AMC to partner on a future lunar mission. And our guest today is Moa's Camille from IBM Security. We're going to be discussing cybersecurity in new space. It's a timely chat for Cybersecurity Awareness Month, so stick around for the second part of the show. We start with a brief announcement from the US Space Force about the secretive X-37B OTV, or Orbital Test Vehicle, otherwise known as the Space Force's space plane. And as often is for anything about this space plane specifically, the announcement was rather cryptic. The OTV is executing a series of novel maneuvers called aerobraking to change its orbit around the Earth and safely dispose of its service module components. Yeah, little is ever known about the X-37B's missions, as it has been conducting, and I quote, "radiation effect experiments and testing space domain awareness technologies in a highly elliptical orbit," according to the Space Force. And the plane stays on orbit for about six months at a time before returning to Earth, nobody's on it, it is remotely controlled. Aerobraking for the X-37B will allow it to use the drag of our planet's atmosphere for it to change its orbits while using little fuel. This is the first time that the space plane has attempted this maneuver, and the Space Force says that it is relying on data from the plane's six prior successful missions to perform this aerobraking maneuver. Pretty neat. Moving on, NASA's low-cost optical terminal ground station transmitted its first laser communications uplink to the T-Bird, which is a tissue box-sized payload in low Earth orbit. And during this test, the terminal produced enough uplink intensity for the T-Bird payload to identify the laser beacon, connect, and maintain a connection to the ground station for over three minutes. NASA says the test marks an important achievement for laser comms. Using the terminal's laser beacon from Earth to T-Bird required one milli-radian of pointing accuracy, the equivalent of hitting a, I don't know, three-foot target from over eight American football fields away. Not bad. Hurricane Milton slammed into Florida overnight, leaving millions without power and with connectivity issues. SpaceX has received emergency approval to provide space-based connectivity to T-Mobile users in Florida who have lost cellular service due to the hurricane. The FCC rapidly approved emergency special temporary authority for coverage in Florida ahead of the hurricane. The move is in addition to the thousands of Starlink kits that SpaceX is delivering in response to Hurricane Helene. SpaceX shared that, quote, "If a phone connects to a Starlink satellite, it'll have one to two bars of signal and show T-Mobile SpaceX in the network name." Users may have to manually retry text messages if they don't go through at first, as this is being delivered on a best effort basis. The service works best outdoors and occasionally works indoors near a window, end quote. We hope the crew in Florida remains safe. iSpace and the UK's asteroid mining corporation, also known as AMC, have announced an agreement for a space robotics demo on a future iSpace mission to the lunar surface. The company signed a memorandum of understanding to provide a framework for collaboration that envisions a future mission in which an iSpace lunar lander will deliver an AMC space robot to the lunar surface. AMC's space-capable asteroid robotic explorer, or SCARE-E, yes, SCARE-E, can be used as a resource for exploration on asteroids in the Moon. AMC says it's capable of tackling terrains such as craters that are currently inaccessible to conventional wheeled rovers. iSpace is launching a mission to the Moon before the end of the year, but it will not include SCARE-E, as that will be manifested on a future lunar mission. The United Arab Emirates has established a "Supreme" space council. The council will oversee the development of the UAE's booming space sector, with the authority to approve laws and policies before they are introduced. The Crown Prince of Dubai, Sheikh Hamdan bin Mohammed, who is also Deputy Prime Minister and the Minister of Defense, will act as chairman of the council. We have had a little teaser of things to be announced at the IAC next week in Milan, with news that eight international spaceports are planning to sign an MOU for Strategic Collaboration. The spaceports, located across five continents, have agreed to team up and establish a forum to explore potential collaboration in a range of areas of common interest and introduce a dialogue on establishing international spaceport standards. The group includes the Pacific Space Port Complex in Alaska, Hokkaido Space Port Hospo in Japan, and Saxa Ward Space Port in the UK. We will bring you more news on that when we have it. A new startup has emerged from stealth led by the co-founder of investment company Robinhood. Ether Flux says it's developing a novel design for my favorite space-based solar. Ether Flux wants to build a massive constellation of satellites in low-Earth orbit, each equipped with a solar array, a battery, and a near-optical infrared laser to transmit the power down to the ground. Baidu Bhatt, Ether Flux's co-founder, has a net worth of over $1.7 billion, according to Forbes, and he has invested millions of his own capital into this startup and is committed to funding it through the first demonstration mission. Viasat is now delivering Viasat 3F1 service to the US Marine Corps, marking the first use of the Viasat 3 network by a government customer. This follows the VS3F1 satellite recently beginning to deliver services for commercial airline customers operating over North America. Northwood Space has conducted its first major development test by connecting with planet imagery satellites in orbit. The ground station as a service company is developing a new phased array system that they say will connect to as many as 10 satellites at once versus the typical 1-3 for parabolic dish antennas. The recent telemetry tracking and control test was conducted in North Dakota, with Northwood making contact with planet's satellite in both S-band and X-band frequencies. And that concludes our briefing for today, but don't panic, we have more for you to sink your teeth into in the selected reading sections of our show notes. Ooh, scary. Check out Bloomberg's take on space and the upcoming election in the US, the announcement of Tanager 1's successful use, and an update from Varda on their participation in the annual meeting of the American Association of Pharmaceutical Scientists. Hey T-minus crew, if your business is looking to grow your voice in the industry, expand the reach of your thought leadership or recruit talent, T-minus can help. We'd love to hear from you, just send us an email at space@educay.com or send us a note through our website so we can connect about building a program to meet your goals. Mois Camille, threat management specialist at IBM Security, joined us last year to talk all about the cybersecurity ecosystem in the new space industry. And as it is Cybersecurity Awareness Month, we thought it was a good time to remind us all about the threats that we face in aerospace. Mois starts by outlining the threat landscape for new space. Before we talk about the threats, I will give a glimpse why we are talking about cybersecurity today in space. This also appears with the appearance of the new space age. Earlier the space industry was just a nation level domain. It means that it was just related to two countries, the United States of America and the USSR nation. Also, the space was related to government and defense departments. So the objectives were essentially political and strategic ones. So then we noticed this paradigm shift in the space industry, which was characterized by the emergence of private companies and more commercially driving approach to space exploration and activities. But unfortunately, this new space has indeed led to an expansion of cyber threats for space systems. Today, we have several factors that contribute to this phenomenon, like geopolitical tensions, growing commercialization and democratization, and also the limited focus on cybersecurity. So that's why today we have many cybersecurity threats related to space systems. So if we dig more now on the threats related to the cyber threats related to space systems, so if we take a look at the space system architecture, so we'll find three main components today. We have the ground segment, which includes all the terrestrial elements of the space system and which allows the command control and the management of the satellite itself and also the data coming from the payload, which is transmitted to the users. The second main component would be the space segment. So here we are talking about the satellites. And here we can talk also about the tracking, telemetry, command, the control, the monitoring, and all the related facilities and equipment used to support the satellite operations. And the third one is the main component of the space system architecture is the link or communication segment. So the link segment is all the data and signals exchanged between the ground segment and the space segment. And we have a fourth component, which is not the main one, but it's included in this space system architecture, which is the user segment. So user segment includes all the user terminal stations that can launch operation, humans, operators, space operators that can, as I said, launch operations with the satellite in the form, for example, of signals, transmission, and reception. All these, I would say, three main components or even the four components of the space architecture are targeted today by cyber attack. So today we have, we can compromise the ground station. We can interfere with the communication and the signals. We can attack directly and compromise the satellite and etc. So we have many, many threats related to the component. Most of the attacks today and vulnerabilities are related to communication link, such as, for example, radio frequency links or the ground segment in general. So if we dig more on the threats related to each component, so if we begin, for example, with the ground segment threats, today we need to keep in mind that breaking into the ground station network will give the attacker access to the satellite itself. So once inside the ground station network, attackers can gain access to the satellite and can perform many types of attacks. For example, the dust attacks, which is the denier of service attack. It means that we will send many, many requests to the satellite and we will put the satellite down. We have also the hijack of the industrial control systems and the purpose is to control and damage the satellites. So in the ground station, we have also, even in the ground station or also in the satellite segment, we have the many usage of COTS components. So today COTS, which are a commercial of the shelf products, so they are ready made hardware or software that can be purchased and designed to be easily installed and enter operate with existing system. So they are ship products that can be integrated in the satellite or in the ground signal. So today the space COTS components, they are the main component that support today the new space technology development. So with their qualification, especially for small satellite missions like CubeSat missions. So these components are well known and widely available and we can find many public information related to their security, including configuration vulnerabilities and software versions and more and more. So the usage of COTS today is very risky and it's one of the vectors or one of the surface attack that can be used by a hacker to get first intrusion to the system or to the ground signal. Right, because if one vulnerability is found or known that is maybe unpatched at that point, then a whole bunch of systems are vulnerable. So that scale can sort of be a multiplier there in that case. Exactly, exactly. The second point we can discuss about the anhyzerized access also. So this attack can lead to the, for example, to the theft of sensitive data or that can be used by the hacker, for example, against a mission operation. So this is also one of the threats that the ground segment is facing. The third one is the data manipulation attack. So a data manipulation attack also known as the data tampering attack. So it's a type of cyber attack where an anhyzerized individual or entity will alter or modify or manipulate the data to achieve specific goals. It means that today in the space industry, the typical use case is to corrupt data and send one commands to the command at data handling C and DH, which is a component in the satellite in the spacecraft. And the other purpose is to compromise the mission. This is one of the threats that also facing the ground segment. We can talk also about the supply chain attack. So the supply chain attack will seek to harm the space ground segment by targeting the less secure element of the chain. So at this stage, the adversary, for example, can take advantage of these vulnerabilities and some exploit. Then it can, for example, create a backdoor in the embedded system of the supply chain, for example, of the supply chain micro electronics devices. So a backdoor that will be created by the hacker will allow him to communicate after that with the satellite or with this component in the ground signal. So once they get in that backdoor is the best way to put it, obviously, then if I understand correctly, then they basically have access to the broader system if they can work their way in. So even if you as the main company, for lack of a better term, have locked down, if your subcomponent has a vulnerability that someone can access, then the access is the same. Also, we have also the computer network exploitation. So this is a term used to describe the process of infiltrating or exploiting computer networks for various purposes. So also to gather intelligence about targets to figure out how they work or how they are configured. So these also we have many attacks related to the computer network exploitation in the ground segment today. And the last one for the ground segment, the cloud platform attacks. The new space era is marked by the expansion of cloud infrastructure use. So today we have many organizations and companies that rely on cloud services for various purposes, for example, and relying on cloud, it means that we will face the other cloud attacks or cloud vulnerabilities. So the hacker can compromise the cloud asset or the cloud application to gain access to the ground station or to the satellite itself. Lots of different ways in this. We're still just talking about ground at this point. Exactly. It's like we haven't even gotten to the other ones yet. There's lots of different ways in for lack of better terminology on my part. My understanding is that many people might think, well, I'm not a big target or I'm not a big player, so I don't need to worry about stuff like this. Can you talk a little bit about maybe that perception of people thinking like that's not something they need to worry about or I'm not trying to put fear in people. I'm just saying like it's a concern why people should maybe who think this doesn't apply to them should actually think twice. This period when we talk about cybersecurity space and it's the same I faced in 2014 when I worked on security on scatter systems and industrial control systems. When we met industrial operators and industrial companies, the first step is not to present or to propose the solution that will secure the industrial control system, but the first step is the awareness. We need to aware people. We need to aware industrial people that your system is vulnerable and the scatter systems at that time or the industrial control system is vulnerable and can be hacked by an adversary. We are facing the same situation today with the space operators. So today with this new age of or new space age, the hackers today are more and more interesting on space systems because of the groundbreaking technology deployed or because of the commercialization that we will have or the private ventures that are deploying more and more maybe applications or many different type of missions in the space. So the hackers also are getting more and more interesting to attack these systems. And also I think the threats related even to ground segment. Also we have threats related to the space satellite itself or the threats related to the communication. All of this confirms that today we need to be aware about the cybersecurity space and to be aware about the cyber threats and the space system design today. [Music] We'll be right back. [Music] Welcome back. And no, we are not receiving transmissions from an alien species. That is the sound of the Earth's magnetic field when it shifted approximately 41,000 years ago. Okay, we did not have microphones in place 41,000 years ago obviously and it, so yeah, it's probably not the exact sound. But that is how scientists in Denmark and Germany imagine that it was. So here's the context. Earth's magnetic field briefly reversed during what is now known as the Lechamp event. During this time, Earth's magnetic field weakened significantly. It dropped to a minimum of 5% of its current strength, which allowed more cosmic rays to reach Earth's atmosphere. Scientists at the Technical University of Denmark and the German Research Center for Geosciences used data from ESA's SWARM mission, along with other sources, to create what they call a sound map of the Lechamp event. They mapped the movement of Earth's magnetic field lines during the event and then created a stereo sound version, which is what we all can hear. This is a pretty neat way to tell the story of science and our planet, don't you think? And in case you were wondering, the soundscape was made using recordings of natural noises, blending them into familiar and strange, almost alien-like sounds. The process of transforming the sounds with data is similar to composing music from a score or from a satellite like they did last year. Data from ESA's SWARM constellation is being used to better understand how Earth's magnetic field is generated. The satellites measure magnetic signals not only from the core but also from the mantle, crust, oceans, and up to the ionosphere and magnetosphere. All of this data is crucial for studying phenomena like geomagnetic reversals and Earth's internal dynamics. Well, with their powers combined, we can't help but love it when science and art meet like that. And that's it for T-Minus for OptoOverTenth 2024, brought to you by N2K CyberWire. For additional resources from today's report, check out our show notes at space.n2k.com. For privilege that N2K and podcasts like T-Minus are part of the daily routine of many of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. This episode was produced by Alice Carruth, our associate producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilby is our publisher, and I'm your host, Maria Varmausus. Thanks for listening. We'll see you tomorrow. T-Minus. . T-Minus. T-Minus. T-Minus.
