[ Sound Effect ]
>> Maria Varmazis: It always tugs a bit at the heartstrings when there's a graduation. It's a sign that someone has learned and achieved and grown, and is ready to take on new challenges, whatever they may be. And in Australia's military space, there was a bit of a graduation recently as well, though the cap and gown are not purely necessary in this case. Australia's Space Command, just a year after its formation within the Air Force, is now striking out on its own.
[ Music ]
Today is July 7th, 2023. I'm Maria Varmazis, and this is T-Minus.
[ Music ]
Australia Space Command stands on its own. LandSpace's Methalox Zhuque-2 sets a date for its orbital flight test. Anticollision maneuvers by Starlink satellites are growing exponentially. And my interview today is with Moez Kemel, who is the threat management security technical specialist at IBM Security, and a subject matter expert on cybersecurity in space. Everything you've ever wanted to know or needed to know about cybersecurity in space but were afraid to ask, Moez gives us a great primer. You really don't want to miss it.
[ Music ]
Happy Friday everyone. Here are the headlines for our intel briefing for today. It's a sign of a greater trend, one could argue. Australia Space Command is now part of the Australian Defense Forces Joint Capabilities Group. Australian Space Command was formally launched, space pun, sorry, last year as part of the Air Force, as is often the case for military space capabilities. Australia's Space Command leaving the Air Force and joining the Joint Capabilities Group speaks to Australia's laser focus on space, both as an economic sector and military priority, especially to increase Australia's autonomy in space capabilities and decrease reliance on allied space assets, like those from the United States for example. As is the case for many countries, concerns about ASAT capabilities in Russia and China have only added to the heightened priority here for Australia to bolster its MILSPACE capabilities. So what does it mean for Space Command to be part of Australia's Joint Capabilities Group? For context here, part of the JCG's responsibilities include, quote, progressing leading-edge capabilities such as cyber, datalink, and satellite communications. So joining up increases the importance of space command overall, says Australian defense minister Richard Marles. But if you are tempted to say hey, just like the U.S. has a Space Force, Australia has the same, that is actually not correct. The previous defense minister, Peter Dutton, said the goal was eventually to get to that point, but the current defense minister Marles said this past May that giving Australian Space Command more funding and resourcing autonomy is all that's needed right now, anyway, not a coequal military branch. So yes, Australia Space Command is standing more on its own now, but no, Australia does not have its own U.S.-style space force, but Australia is also saying, for now anyway, they don't need one. And keeping the focus on Australia a bit longer, a little industry news. Sydney-based Saber Astronautics is expanded in Adelaide, opening a new south Australian headquarters and spacecraft and current design facility there. This new facility is directly thanks to the growth of the Australian commercial and national defense space sectors, says the company. We just talked about Australia Space Command and how it's not like the U.S. Space Force, so speaking of, let's check in with the U.S. Space Force, with Lieutenant General John E. Shaw, who just spoke at an event at the Mitchell Institute for Aerospace Studies. And he said, and I quote, the way we've been doing space operations since the dawn of the space age, we've been doing it wrong. Oh, okay then. Okay, splashy quote aside, this was about positional space, meaning we send things into space and they basically stay parked, or if they move it's largely thanks to physics. Now, modern space is going to require maneuverability, says Shaw. Some of his other commentary was more of an organizational nature though, meaning the delineation of who does what between the U.S. Space Command and the U.S. Space Force could be changing, and it sounds like, given how quickly capabilities like maneuverability and adversary threats are evolving in the space domain, there is some evolution and thought happening now about how the U.S. military operates and organizes itself when it comes to space. So, that's something we'll be keeping an eye on for sure. SpaceNews is reporting that Chinese commercial launch company LandSpace is preparing for a second orbital attempt with its Zhuque-2 rocket on July 12th. If successful, Zhuque-2 will be the first Methalox launch vehicle to achieve orbit, and also placing LandSpace as the second private Chinese company to successfully launch a liquid-propellant rocket. This comes as China opens its space sector to private capital, fueling the growth of commercial space companies. Future opportunities include the national satellite internet project called Guowang, and a new call for space station commercial cargo proposals, indicating a growing role for commercial firms in China's space sector. The Mars Society will send a multinational crew to the Flashline Mars Arctic Research Station in Canada for upgrade work and a two-week Mars simulation mission in mid-July. The crew, consisting of professionals from the U.S., U.K., and Australia, will spend seven to ten days repairing the station, followed by geological and microbiological exploration under Mars-like mission constraints. The crew will monitor the local water and radiation environment, map local features for future missions, and continue the scientific investigations begun on previous missions. Simulation Mars missions have been in the news quite a bit lately, mostly notably with NASA's one-year-long CHAPEA Mission that kicked off in June, with four crew members in Houston, Texas. The University of Hawaii's Institute for Astronomy, along with Leonardo, are developing advanced infrared sensors to improve the detection and analysis of exoplanets. The new pixel arrays, significantly more sensitive than previous infrared sensors, will aid in identifying habitable planets by discerning faint spectroscopic signals. Starlink Satellites made 25,000 collision avoidance maneuvers in the past six months, doubling the previous period's count and continuing an exponential growth trend. Experts doing some quick back-of-the-napkin math there cited a potential total of 1 million maneuvers by 2028 if the exponential trend continues, and warn of a hazardous and unsustainable orbital environment due to the increasing number of satellites. Increased collision risk not only stems from new satellites but also the growing density of space debris. Maritime Launch Services successfully launched a two-stage rocket from its Nova Scotia spaceport, making a significant step in Canada's return to space. The rocket was developed by Arbalest Rocketry, a student group from York University, and successfully flew to about 44,000 feet. The mission, facilitated by Launch Canada and backed by community support, carried a Saudi microchip to test system survivability. The launch was conducted under experimental rocket regulations. MLS is preparing for both suborbital and orbital launches as Canadian regulations evolve, with plans to use an MLS-developed rocket for a test launch in November 2023, and a space-targeted launch in spring 2024. This success, coupled with regulatory changes, could reduce reliance on cross-border launches for Canadian companies. SpaceX's Starlink Division has partnered with Ecuador's Ministry of Telecommunications to provide high-speed satellite internet to six rural schools with 3600 students in the Galapagos Islands. The move is part of a larger effort to reduce the digital divide and promote technological innovation in education across Ecuador. Multiple organizations donated to cover the internet service, with plans for community donations to maintain free student access long-term. And space access in Ecuador, which recently signed onto the Artemis Accords, by the way, is something we'll be covering in our program later this month in an interview with Robert Aillon, who is the founder of Leviathan Space Industries in Ecuador, an played an instrumental role in the nation signing on to the Artemis Accords. It's a fascinating story, so definitely keep an ear out for that interview in coming episodes. And as always, there's a lot going on in space, and we can't cover them all in one show, but we do link to items, especially opinion and editorial pieces that we think provide valuable insight that you'll appreciate. As always, they're in our show's Selected Reading section, which you can find on our show notes at space.n2k.com.
[ Music ]
And that just about wraps it out for our intel briefing for today. Hey T-Minus crew, tune in tomorrow for T-Minus "Deep Space", our show for extended interviews, special editions, and deep dives with some of the most influential professionals in the space industry. Tomorrow we have the full edition of my interview with Moez Kemel, giving us a space cybersecurity 101. It's a fantastic primer for space professionals and cybersecurity pros alike. Check it out while you're mowing the lawn, grocery shopping, folding laundry, or driving your kids to the game. You don't want to miss it.
[ Music ]
[ Sound Effect ]
If you've been noticing that cybersecurity in space has become the topic du jour, you're not alone. And no, it's not just because we here at T-Minus or our colleagues with the CyberWire, it's been simmering in the background for quite a while now. But once Russia said last year that they consider commercial space assets to be valid targets for attack, it feels like someone turned the dial up to 11 on taking cybersecurity more seriously. Thankfully there are space cyber experts who have deep domain knowledge here to help get everyone up to speed, and that's who I'm speaking with today. Here is Moez Kemel, threat management specialist at IBM Security, starting off with some context on space cyber.
[ Sound Effect ]
>> Moez Kemel: Before we talk about the threats, I - I will give a glimpse why we are talking about cybersecurity today in space. This also appear with the appearance of - of the new space age. So earlier the space industry was just a nation-level domain. It means that it was just related to two countries, to two nations, the United States of America and the USSR nation. Also the space was related to government and defense department, so the - the objectives were - were essentially political and strategic ones. Then - so then we noticed this paradigm shift in the space industry, which was characterized by the emergency of private companies and more commercially-driven approach to space exploration and activities. But unfortunately this new space has indeed led to an expansion of cyberthreats for space systems. Today we have several factors that contribute to this phenomenon like geopolitical tensions, growing commercialization and demo - democratization, and also the limited focus on cybersecurity. So that's why today we have many cybersecurity threats related to space system. So if we dig more now on - on the threats related - the cyber threats related to space - to space systems. So if - if we take a look at the space system architecture, so we find three main components today. We have the ground segment, which includes all the terrestrial elements of the space system, and which envelops the command, control, and the management of the satellite itself, and also the data coming from the payload, which is transmitted to the users. The second main component would be the space segment, so here we are talking about the satellites, and here we are - we - we can talk also about the tracking, telemetry, command, the control, the monitoring, and all of the related facilities and equipment used to support the - the satellite's operations. And the third one is the main component of the space system architecture is the link or communication segment. So the link segment is all the data and signals exchanged between the ground segment and the space segment. And we have a fourth component, which - which is not the main one, but it's included in this space system architecture, which are the user segment. So user segment includes all the user terminal stations that can launch operation, humans, operators, space operators that can, as I said, launch operations with the satellite in - in the form, for example, of signals transmission and reception. All these, I would say, three main components or even the four components of the space architecture are targeted today by cyberattack. So today we have - we can compromise the ground station, we can interfere with the communication and the signals, we can attack directly and compromise a satellite, and et cetera, so we have many, many threats related to the component. Most of the attacks today and vulnerabilities are related to communication link, such as for example, radio frequency links or on-the-ground segment in general. So, if we dig more on the threats related to each component, so if we begin, for example, with the ground segment threats, today we need to keep in mind that breaking into the ground station network will gives the attacker access to the satellite itself. So once inside the ground station network, attackers can gain access to the satellite and can perform type - many types of attacks, for example the DoS attacks, which is the denial of service attack. It means that we send many, many request to the satellite and we'll - we will put the satellite down. We have also the hijack of the industrial control systems. The purpose is to - to control and damage the satellites. So in the ground station we have also - even in the ground station, or also in the - the satellite segment, we have the use - many usage of COTS components. So today, COTS, which are commercial-off-the-shelf product, so they are ready-made hardware or - or software that can be purchased and designed to be easily installed and interoperate with existing - existing systems. So they are shipped product that can be integrated in the satellite or in the ground signals. So today the space COTS components, they are the main component that support today the new space technology development, so with their qualifications, especially for small satellite missions like CubeSat missions. So these components are well-known and widely available, and we can find many public information related to their security, including configuration vulnerabilities and software versions and more and more. So the COTS, the usage of COTS today is very risky and it's one of the vectors or one of the surface attack that can be used by a hacker to - to - to get first intrusion to - to the system or the ground segment.
>> Maria Varmazis: Right, because if the - if one vulnerability is found or known that is maybe unpatched at that point, then a whole bunch of systems are vulnerable, so that's - that scale can sort of be a multiplier there in that case.
>> Moez Kemel: Exactly. Yeah, exactly. The second point we can discuss about the unauthorized access. So this attack can lead to the - for example, to the theft of sensitive data or that can be used by the hacker, for example against a mission operation. So this is also one of the threats that are - that the ground segment is - is facing. The third one is the data manipulation attack. So a data manipulation attack, also known as the data tampering attack, so it - it's a type of cyberattack where an unauthorized individual or entity will alter or modify or manipulate the data to achieve specific goals. It means that today, in the space industry, your typical use case is to corrupt data and send wrong commands to the command and data handling, C&DH, which is a component in the satellite, in - in the spacecraft. And yeah, the purpose is to compromise the mission. So this - this is one of these - of the threats that also facing the - the ground segment. We can talk also about the supply chain attack. So the supply chain attack will - will seek to harm the space ground segment by targeting the less secure element of the chain. So at this stage, the - the adversary, for example, can take advantage of these vulnerabilities and some exploit, then, it can, for example, create a backdoor in the embedded system of the supply chain, for example - for example of the supply chain microelectronics devices. So a backdoor that will be created by the hacker will allow him to communicate after that with the satellite or with this component in the ground signal.
>> Maria Varmazis: So once they get in, that - backdoor is the best way to put it, obviously, then if I understand correctly, then they basically have access to the broader system if they can work their way in. So even if you as the main company, for lack of a better term, have locked down, if - if your subcomponent has a - a vulnerability that someone can access, then the access is the same. Okay.
>> Moez Kemel: Also - we have also the computer network exploitation. So this is - is a term used to describe the process of infiltrating or exploiting computer networks for - for various purpose. So - or also to gather intelligence about target to figure out how they work or how they are configured. So these also, we - we - we have many attacks related to the computer network expectation in the - the ground segment today. And the last one, for the ground segment, the - the cloud platform attacks. The new space era is marked by the expansion of cloud infrastructure use, so today we have many organizations and companies that rely on cloud services for - for various purpose, for example, and relying on cloud, it means that we are - we face the - all the cloud attacks or cloud vulnerabilities, so the hacker can compromise the cloud asset or the cloud application to gain access to the ground station or to the satellite itself.
>> Maria Varmazis: Lots of different ways in, and this - we're still just talking about ground at this point, [laughter].
>> Moez Kemel: [Laughter], exactly.
>> Maria Varmazis: It's like, we haven't even gotten to the other ones yet. There's lots of different ways in, for lack of better terminology on my part. My understanding is - is that many people might think, well, I'm not a big target or I'm - I'm not a big player, so I don't need to worry about stuff like this. Can - can you talk a little bit about maybe that perception of people thinking, like, that's not something they need to worry about, or I'm not trying to put fear in people, I'm just saying, like, it's a concern why people should, maybe who think they - they're - this doesn't apply to them should actually think twice.
>> Moez Kemel: This period, when we talk about cybersecurity space, and it - the same, I face it in 2014 when I worked on security on SCADA systems and industrial control systems. When we met industrial operators and industrial companies, the first step, it's not to - to present or to propose the solution that we secure the industrial control system, but the first step is the awareness. We need to aware people, we need to aware industrial people that your system is vulnerable, and the SCADA systems of that time or the industrial control system is vulnerable and can be hacked by an adversary. So we are facing the same situation today with the space operators. So today, with this new age of - or new space age, the hackers today are more and more interesting on space systems because - because of the groundbreaking technology deployed, or because of the - commercialization that we will have, or the private ventures that are deploying more and more maybe applications or many different type of missions into space, so the hackers are sort of getting more and more interesting to - to attack these - these systems. And also I think the threats related even to ground segment. Also we have threats related to the space satellite itself or the threats related to the communication, all of these confirm that today we need to be aware about the cybersecurity space and to be aware about the cyberthreats and the space system design today.
[ Music ]
>> Maria Varmazis: And if you'd like an even deeper dive into space cyber, don't miss T-Minus "Deep Space" in your podcast feed tomorrow. That's where we'll be sharing the entire interview with Moez. It's a fantastic education on this topic, so if learning more about space cyber has been on your agenda for a while but you haven't gotten around to it, no shame there, just definitely have a listen to Moez' full interview tomorrow in "Deep Space."
[ Music ]
And we'll be right back.
[ Sound Effect ]
And welcome back. And I don't often get to talk about space shuttles very often in this program, understandably as we're focused on new space here at T-Minus, but I hope you'll indulge me a bit for today's closing story. It is a Friday, after all. Now, if you've been to the California Science Center in Los Angeles in the past few years, and you're anything of a space and science enthusiast, you probably are, undoubtedly you've been to see the space shuttle Endeavor, which last flew to space in 2011, sitting horizontally arranged in a hangar. Endeavor has been on display like that in the California Science Center since its fantastic voyage being driven through the streets of Los Angeles in 2012. Google that one if you haven't seen the videos of the mission. It's called the Big Endeavor, and it's really fantastic. Anyway, I went to see Endeavor in 2018 with my family, carried my then baby daughter in my arms around and underneath Endeavor, six years after Endeavor came to her new home. It's a really special memory for me, as you can imagine, and at that time there were signs saying that one day the Endeavor was going to be vertically stacked at the museum, at the under construction Samuel Oschin Air and Space Center. It was going to take a lot of time, but by golly, a vertically stacked Endeavor was going to happen. And indeed, after much work and undoubtedly a lot of fundraising, Endeavor is officially go for stack. The vertical stacking process officially begins on July 20th, says the museum, when endeavors twin solid rocket booster aft skirts will be put into place. They are the first pieces on the board upon which Endeavor will be vertically stacked, complete with both boosters and the fuel tank next year. They're basically rebuilding the entire assembly the good old-fashioned way, just without a vehicle assembly building to help, which is quite an engineering feat all on its own. So if you'd like to walk underneath Endeavor's belly as I did, you have until the end of this year. After that point, she's off-exhibit and being moved to her vertical assembly. But don't book your tickets to LA for 2024 to see Endeavor stacked. No, even once she's in place, it will actually be a few more additional years until she's viewable by the public again, as the entire gargantuan 200,000 square foot, or 19,000 square meter, Oschin Air and Space Center is being built up around her. Quite the endeavor indeed.
[ Music ]
And if you remember from yesterday's who, I said I'd give brownie points to any listeners who did the unit conversion on narwhals to Darth Vaders, and listeners, you did not disappoint. Wyatt was the first listener to do the math. If you assume that an adult narwhal is 17 feet long, excluding the tusk, or the - the horn, if you will, and Darth Vader is 6 foot 2, that is one narwhal equals approximately 2.76 Darth Vaders. Wyatt, well done.
[ Music ]
And that's it for T-Minus for July 7th, 2023. For additional resources from today's report, check out our show notes at space.n2k.com. We'd love to know what you think of this podcast. You can email us at space.n2k.com or submit the survey in the show notes. Your feedback ensures we deliver the information that keeps you a step ahead in the rapidly changing space industry. We're privileged that N2K and podcasts like T-Minus are part of the daily routine of many of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. This episode was produced by Alice Carruth, mixing by Elliott Peltzman and Tre Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Brandon Karpf. Our chief intelligence officer is Eric Tillman. And I'm Maria Varmazis. Thanks for listening. Have a great weekend.
[ Music ]
