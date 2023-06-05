



At 11:47 a.m. Monday at the Kennedy Space Center in Florida, SpaceX and NASA sent a satellite into low earth orbit for the first time in hopes of being hacked.

SpaceX rockets launched for resupply missions to the International Space Station were fitted with several small square satellites called cubesats. One of these cubesats, “Moonlighter”, is used as an “hacking sandbox”. Security researchers plan to use the sandbox as part of a competition at the annual DEF CON hacking conference in Las Vegas later this year. The team attempts to penetrate everything in order to identify satellite vulnerabilities in order to improve space cybersecurity.

A collaboration between Aerospace Corporation, the Air Force Research Laboratory, and the United States Space Systems Command, Moonlighter represents the latest in the Hack-A-Sat competition. The Air Force has hosted Hack-a-Sat since 2020 in a multi-year effort to enhance collaboration with cybersecurity researchers, but the past three Capture the Flag contests have all been simulations. rice field.

This year they wanted to take the competition to a whole new level. “We wanted a vehicle whose sole purpose was to understand how to conduct cyber operations in space,” said Aaron Myrick, senior project engineer at Aerospace Corporation.

Securing space systems has become an increasing focus for the space industry and the Biden administration as experts become more wary of new commercial off-the-shelf products with potential vulnerabilities. Just last week, experts in the field launched a global effort through the Institute of Electrical and Electronics Engineers to create voluntary technical standards to improve the design safety of commercial products.

“We take cyber security operations seriously, and how we do it on systems where hardware and software are starting to become more commoditized, but which are also very remote. said Myrick. “You can’t just go in there and flip the power switch or change the hard drive. It’s a very difficult problem.”

Moonlighter is featured on Hack-A-Sat. Image credit: Aerospace.

Earlier this year, the White House hosted a space cybersecurity summit with several major companies. In addition, CSC 2.0, a continuation of the Congressional Cyberspace and Solarium Committee, called for designating space systems as critical infrastructure.

Cyberattacks against space systems may not be common, but the potential impact of an attack was recently seen when state-sponsored hackers launched a Russian invasion targeting the satellite modems of U.S.-based Viasat Corp. was taken. The attack was intended to influence Ukrainian command and control at the start of the invasion, but also included cascading effects that spread to thousands of German wind farms and satellite internet connections across Europe.

Myrick said the space industry understands many of the physical risks associated with space, such as extreme radiation levels, but there are still many challenges in cybersecurity that experts are only beginning to solve. rice field. Simulating a cyberattack in a real-world environment is helpful, Myrick explained, but it doesn’t answer all questions about how an attack would affect a satellite outside of the test environment. Did.

“Moving into orbit actually involves a lot of challenges, but it removes a lot of the shims that were built in,” Myrick said. For example, the satellites actually spend a lot of time disconnected from the operations center and are fairly automated, Myrick said, adding to the complexity. Operators may not have sufficient knowledge of what is affecting these space systems at any given time period.

Testbeds such as Hack-A-Sat allow researchers to discover how hackers target networks in unfamiliar space systems. This network maps to a space-centric attack framework called SPARTA.

There are limits to how far Hack-a-Sat participants can go. They can hack the Moonlighter’s cyberpayload in orbit, but they cannot change its orbit.

“We basically design the flight software for the cyber payload to be fully operational, so it will be able to turn the vehicle around,” Myrick said. “There is no trajectory change. It’s all pretty modified, but the ability exists where the vehicle is pointed.”

Myrick said Moonlighter has an oversight layer that can intercept cyberpayloads, and if something “inevitably” goes wrong, “we can figure out what went wrong and how we can fix it.” .

Five teams made it to the finals at DEF CON this August, competing for a prize pool of $50,000.

