Identifying vulnerabilities in space with Bigbear.ai.

[MUSIC] Space systems can be vulnerable, software flaws, supply chain weaknesses, and physical inaccessibility of satellites, all compounded by increased reliance on commercial off-the-shelf parts, open-source components, and complex ground networks. All of these issues create risks such as unauthorized access, data interception and manipulation, denial of service attacks, and even the complete hijacking of satellites. So with all that said, what tools and technologies make it easy to perform vulnerability research on hardware components? Bigbear.ai thinks that they have a solution. [MUSIC] [MUSIC] This is T-minus Deep Space. I'm Maria Varmazis. [MUSIC] Today's guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity Research Scientist at bigbear.ai. My name is Eric Conway. I'm the Vice President of Technology at Big Bear AI. We are an AI provider and we provide decision support to customers across the military, the Department of Defense, the Department of Homeland Security, as well as in the intelligence community. My background is as a software engineer, supporting cybersecurity related missions and AI related deployments for about the last 25 years now with Big Bear AI. Fantastic. Thank you. Joe, over to you. Yes. Hello. I am Joe Davis. I am a cybersecurity research scientist with Big Bear AI. I've been with the company going on for years and my background is also in software engineering, as well as cybersecurity, vulnerability assessments, quite a bit with telecommunications systems and various other domains, power control systems, SCADA. Any kind of equipment like that is where my background has been. Since coming over to Big Bear, I have switched my focus over a little bit to the space domain, which is I think what we're going to be talking about today. Yes, indeed. We are a space show, so I'm very interested in all things space. Gentlemen, thank you both for joining me today. My background is for years I worked in in-house and cybersecurity on the comms team. I'm always really happy when I get to do space and cybersecurity. It just makes me very, very happy. I'm thrilled that I get to be speaking to you both today. I would love to learn about one of the offerings that Big Bear has, Space Crest. This is fascinating. I was wondering, could you guys walk me through this? Great question, Maria. Thank you. Space Crest, the Crest in Space Crest, by the way, stands for Cyber Resilience Evaluation Security Testing, or Crest. So it is a long acronym. Space Crest is a perfect example of what you just referenced. It's that intersection of cybersecurity space, as well as artificial intelligence and data analytics. That's what Space Crest essentially is. It's a combination of all of those different techniques, but applied specifically at the challenge of helping to create more resilient space systems for our national security, as well as for commercial companies that are working in space. Space Crest originated at Big Bear AI in our innovations lab. People like Joe and I work in the innovations area at Big Bear AI, and we're always looking for new ways to bring together some of these skills, cybersecurity or artificial intelligence. And Space Crest evolved through a partnership with a company called Redwire Space. They have a modeling and simulation platform that I'll let Joe talk in detail about, but the hypothesis was posed. Can you create a cyber range for space systems using a high-fidelity physics model? So we started integration and implementation of that in our laboratories, and then now we have Space Crest. And I'll turn it over at this point to Joe to talk more in detail about what Space Crest is specifically. All right, so Big Bear's Space Crest is enabled by the ACORN 2.0 digital engineering platform that Eric referred to, created by our Redwire Space partners. ACORN allows us to create models of satellites of varying levels of fidelity based on the needs of the problems that we're trying to solve. It lets us build digital twins from models, simulators, emulators, or even real hardware that we might be able to get from the spacecraft, such as, say, Star Tracker's reaction wheels, power systems, or payloads of the satellites themselves. The strength of ACORN is that when we put those components into the environment, they talk to each other as though they would on the real satellite. So if widget A sends a message to widget B, and widget B then changes the an actuator on the satellite, that whole communication occurs within this high fidelity simulation environment. It gives us higher fidelity than just a simulator that's modeling the orbital mechanics and stuff like that. Once we have the digital twin, we can experiment with scenarios, ranging from adjusting orbital parameters to injecting simulated cyber events or hacking the system in real time. ACORN has the ability to run in an accelerated mode as well, which is really important to us. That lets us build scenarios that we just couldn't even get in real time with real satellite data. So we can create hundreds, thousands, millions of scenarios and run them in an accelerated mode where we can collect that data up in a couple hours or a day. And have literally 10,000 years of data in the palm of our hand. Wow. Yeah, I often wonder about these kinds of simulation modes. As you mentioned, obviously there's a huge advantage in being able to do this not on the actual system. You don't want to do that. You don't want to test the production, right? And what are the other advantages there? And that is 10,000 years of data, not otherwise easily acquired. But that's quite amazing. Yes. And at that point, you're really also only limited by your own imaginations of what kind of scenarios you can come up with. So for example, we have built out scenarios for cyber attacks that have not happened in the real world in an unclassified sense, right? Yeah. These attacks may be happening in classified environments, but they're not something that you would find in the news. Right. That's fascinating. I'm wondering about the remediation insights that this kind of testing would provide also. As you mentioned, a situation where I imagine a provider has an encounter, a certain attack, being able to test how their systems do, and that would be a really fascinating exercise. That is the end goal of what SpaceCrest is all about. It's about trying to uncover vulnerabilities that could affect the resilience of a space system, and then to identify and test the remediations that we could apply to try to close up those vulnerabilities. We built around this ACORN model a full-blown red teaming platform using red teaming tools, things like Kali Linux and Metasploit. And these allow us to simulate all sorts of cyber attacks on simulated as well as hardware in the loop and software in the loop, satellite systems. From that, we can understand where some of those vulnerabilities might be. We can try to find ways to patch those vulnerabilities, and then we can reevaluate the scenario and identify whether that remediation was effective or not. And the overall goal is to increase the resilience of that spacecraft. [Music] We will be right back. I'm wondering if Eric or Joe or both really, if you can also speak to the need in the current space market for solutions like this. SpaceCyber is something I'm very personally interested in, just to give context to this question. And it has been fascinating watching it evolve in the past few years. And it seems like SpaceCrest is coming in at a really crucial time right now. In general, you're right. The industry as a whole is moving towards more and more digital engineering. Digital twins are not just a nice to have anymore. They're actually even being required by many government contracts. A contractor has to come in with digital engineering models, not just CAD files, but actual working models of how their system will work, how it will integrate with other systems. One example of this is the proliferated warfighter space architecture, the PWSA, that's being developed by the Space Development Agency, SDA. It's a great example because right now they have a massive undertaking with lots of complexity, lots of different vendors. And how are all those vendors going to come together and integrate well, and hopefully get that sorted out and figured out well before they have built their multi-million-dollar satellites? Ideally, digital engineering is how they can do that. If each of those vendors come in with models of their wares, then they could all be put together in various environments, a lot like Space Crest. And not only that, they can be put under the rigor of situations that have not yet occurred or that can be thought up and put on missions that can be thought up by the actual users of the PWSA. So the next question I had was about any success stories. I always love to hear about any examples, anything that can really drive home some of the things that we've been talking about in real-life situations. Anecdotes, anonymously, are completely understandable given the context of what we're talking about, but just any any anecdotes at all would be really helpful to understand. Well, let me start with a little bit of a background. And then, Joe, you can talk in whatever detail you can talk about for some of our actual operational successes. In our laboratory, we've seen a lot of success with Space Crest. We started out with the basic hypothesis I mentioned earlier, where we wanted to try to prove if we could create something akin to a cyber range, where we could execute cyber attacks against a satellite system that is virtualized. In this environment, we were able to prove that out. We were able to prove that there is enough fidelity in the modeling, in the simulation itself, that we can get realistic enough communications and protocols into that virtual environment to actually do real evaluation of cybersecurity vulnerabilities. It also helps that the ACORN system has a very rich bridge API, which allows us to integrate hardware and software into the loop, where they will function as if they're part of the purely virtualized satellite environment. And doing that, we were able to get some actual space components, in one case a Star Tracker, which is a small device that uses the background sky to position the satellite in three dimensions in space. We were able to connect that into a virtualized version of a satellite, and then we were able to run cyber attacks against it that flooded it with way too many commands, for example, and essentially took it offline. It was analogous to what a denial of service attack would be on a terrestrial-based system. So we were able to use that as a demonstration of how there is enough fidelity in a modeled environment to do true cybersecurity evaluation on it. We coupled that with a more traditional reverse engineer of the device, and we were able to uncover vulnerabilities in the firmware. So between the two, we could take that, and we now have a report that says to make this Star Tracker a little bit more secure, a little bit more resilient for avoiding those types of attacks. We can now go back to the manufacturer, and we can give them that information. Doing that at scale would allow us to really address a lot of the supply chain problems that we see in the industry today. Satellites are made up of pieces of equipment that come from all over the world. It is a truly global supply chain, and the provenance of all of those devices and the software that runs those devices is not always known. So having the ability to evaluate each device independently, identify where the vulnerabilities are, could close up some of those supply chain issues as well. Joe, I think you have a few more examples of some successes we've had as well. Yes, I'll add another really great example, which comes from a current project that's ongoing, and that I'm actually going to be talking about at the Value of Space Summit a little bit here in September. The project that I'm talking about is called Cyber Resilient On-Orbit, or CRO, and it's a partnership that we have with a small business called Proof Labs. Remember, I talked about being able to create hundreds or thousands of scenarios within the spacecraft environment, and being able to inject cyber events into those scenarios. We have actually done that. We have generated thousands of scenarios with the Moonlighter satellite. We modeled a satellite after Moonlighter, which is the satellite that was used for HACASAT for AFRL, and we generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data, and we've trained now some machine learning models to be able to detect those different cyber attacks and classify which of those attacks is happening at which time. This is a fascinating intersection of a lot of different things that I've been hearing about recently, and it's kind of geeking out a little bit. This is really cool to hear it all being applied, and it's just really fascinating knowing how it's being used in the field right now. This has been really cool to learn about. I just want to thank you both for that, because especially around the supply chain questions that I've been having, Eric, you kind of mentioned in your response something I've been wondering about for some time. So I really appreciate it. Eric and Joe, both of you, so much walking me through, so much of what you all are working on. Well, thank you, Maria. We appreciate the opportunity to talk about what we're doing, to bring cybersecurity and artificial intelligence as well as space together to try to create a more resilient space architecture that's only going to help our national security. So we appreciate the opportunity to talk about it, and thank you very much. That's T-Minus Deep Space, brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like our show, please show our rating and review in your podcast app, or you can send us an email, thespace@n2k.com. We'd love to hear from you. We're proud that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K helps space and cybersecurity professionals grow, learn, and stay informed. As the nexus for discovery and connection, we bring you the people, the technology, and the ideas, shaping the future of secure innovation. Learn how at N2K.com. N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Tre Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I am your host, Maria Varmazis. Thanks for listening. We'll see you next time. [Music] [Music] [BLANK_AUDIO]