Air Force Looking To Beef Up Spacecraft Network Security 31
coondoggie writes "How is spacecraft development — from the space parts supply chain to actual space operations — protected from those who would try to penetrate or disrupt the networks involved in that process? The U.S. Air Force Research Laboratory (AFRL) has put out a call for research to understand that security scenario. They say, 'we are much less concerned about information on the broader themes of cyber-security but rather those that pertain to the mission of the spacecraft, the spacecraft as a platform, the systems that constitute the spacecraft, the computers and their software, the busses and networks within, and the elements that interface to the spacecraft.'"
Does it have an antenna? (Score:4, Insightful)
If you cannot control every single aspect of the spacecraft platform they had better just plan around having been compromised already.
1st step (Score:4, Insightful)
Re:1st step (Score:4, Insightful)
This was all good and neat - until the end of the cold war and start of the public war on terror.
US air and space needs where also well served and lots of cash flowed into domestic producers. Add in the export market to 2nd/3rd world friends and NATO - US profits where good
The US was still spending but how could your average multi national get limited US spending without a made in the USA/secure/political link to the needed paper work?
Find a US state in need, local political leaders in need and a small trusted firm in need with all the local security issues filled in and buy in.
Pump out a lot of paper work at the US gov for any local mil bidding - as a multi national you have the skills - but to the US tax payer your a small 100% US firm getting 'domestic' support in very hard times.
Now some smart group at the Air Force has finally tracked the huge supply lines - secure US hardware needs are been contracted around the world like car parts.
So can a gov in South Korea, Brazil, France, Gemany, Spain, the UK, Japan
What the USA do with 99% of an advanced drone/sat/space 'thing' while waiting for news about riots/looting/flooding/banking issues at some distant industrial estate?
So the US can hope the software is safe at local producers but how much of the "spacecraft as a platform" is now arriving in the US as a box, getting unpacked and been repacked as 100% made in the USA? Joined with a few other imported products and having software loaded might just pass "Made in the USA" laws on a fancy new box to be shipped to a US base/fort/camp?
Sounds familiar ... (Score:3, Funny)
No networking... (Score:2)
The Cylons will get in and control all the systems right away if they are networked!
The NASA guys must be mad if they are even thinking about it.
We already have the security: one time pads... (Score:3)
I don't know what rad-hardened storage is out there that can be used, but if security is critical, there is always the good old fashioned one time pad.
OTPs could be consumed directly for maximum security commands, or used as a way to encrypt a Diffie-Hellman session key generation for stuff that needs less security. The session key can be used without drawing down the random number pool.
Of course the ultimate downside of OTPs are that when the number pool is exhausted, you are fscked, so trying to use the pool as little as possible is important.
Re: (Score:2)
I was very impressed by the security design for the Range Safety Device on the shuttle (the button that makes the shuttle blow up). In addition to the crypto involved, there's a mechanical lock that prevents the RSD from triggering until very close to launch:
* In order for the RSD to fire, an electrical signal is sent from the computer that authenticates the request to the actual detonation system.
* The signal path is only closed when a mechanical arm swings into place.
* The arm is swung into place right b
Re: (Score:2)
If it were possible, I'd moderate you -5 "completely misses the point'.
lol (Score:2)
How is spacecraft development â" from the space parts supply chain to actual space operations â" protected from those who would try to penetrate or disrupt the networks involved in that process?
Well, I'd start by asking Gary McKinnon... :p
Re: (Score:2)
How is spacecraft development â" from the space parts supply chain to actual space operations â" protected from those who would try to penetrate or disrupt the networks involved in that process?
Well, I'd start by asking Gary McKinnon... :p
Let's ask Aaron Swartz, oh, wait.
How about Kevin Mitnick, oh, wait.
Mars, Bitches! (Score:4, Insightful)
Somebody's looking for a big bump in military spending, I think.
I wonder how high the percentage of Air Force brass that end up working as "consultants" in the defense industry to supplement their pensions from Uncle Sam? I wonder what they're expected to "deliver" to their new employees for those fat consultancy contracts?
Re: (Score:2)
Sorry, last sentence should read "employers" not employees.
(see: Brent Wilkes)
Some ideas by me useful towards space security (Score:2)
From 2011: http://it.slashdot.org/comments.pl?sid=2368162&threshold=0&commentsort=0&mode=thread&cid=37016386 [slashdot.org]
"Twirlip: Towards a 21st Century Worldwide Public Intelligence Desktop Platform for Collaborative Sensemaking, Analysis, Risk Assessment, and Horizon Scanning"
Around them, I also put together another proposal to collect and organize stories about security issues as a modernized "Risks Digest" using software like my wife desiged my wife wrote called "Rakontu":
http://www.rakontu.org/ [rakontu.org]
Anot
keep the prefix command code secret (Score:1)
If the enemy does not know the prefix command code of our spacecraft, then they cannot remotely command it to lower its shields.
Attribution works here? (Score:2)
Don't you need a spacecraft.... (Score:2)
Don't you need a spacecraft....before you can even consider how to secure its communications?