• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • NEWS:
  • SatNews
  • SatMagazine
  • MilSatMagazine
  • SmallSat News
  • |     EVENTS:
  • SmallSat Symposium
  • Satellite Innovation
  • MilSat Symposium

SatNews

  • HOME
  • Magazines
  • Events
  • Perspectives
  • Industry Calendar
    • IN PERSON
    • VIRTUAL
  • Subscribe

The Air Force Wants You to Hack Its Satellite in Orbit. Yes, Really

April 24, 2020

 

When the Air Force asked hackers to break into a F-15 fighter jet at last year’s DEF CON security conference, the results were both eye-opening and eye-watering.

It was the first time hackers were allowed to work on the system to look for bugs. In just two days, a team of seven hackers found a ton of vulnerabilities, which if exploited in the real world could have crippled a critical aircraft data system, causing untold and potentially catastrophic damage.

It was also proof that the Air Force desperately needed help.

“I left that event thinking there is a huge national asset in this level of cyber expertise that we are lacking in full in our Air Force,” said Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics, in a call. As the acquisitions chief, all of the satellites that the Air Force builds fall under his purview. But the Air Force historically held the security of its systems and technology in absolute secrecy, fearing espionage or sabotage by the enemy. Roper said this was like being “stuck in Cold War business practices.”

“But in today’s world that’s not the best security posture. Just because you’re not telling the world about your vulnerabilities doesn’t mean you’re secure to go to war,” he said.


Dr. Will Roper

Riding the waves of last year’s success, Roper planned to bring in security researchers again at this year’s DEF CON in Las Vegas — this time hack into a real orbiting satellite, hovering miles above the Earth’s surface.

Space was once only for the brave and the well-funded. For decades, only a handful of governments had the resources to blast a satellite into space. But as private businesses fire tons of their own technology into orbit, space is more crowded than ever. Now, space isn’t just a level playing field for private enterprise, it’s also a potential future battleground for adversaries.

Miles above the Earth, satellites may seem far from harm’s way, but Roper said the risks they face are real.

“I could launch a direct ascent anti-satellite weapon that will go hit a satellite and disable it,” he said. “I could use directed energy weapons to try to blind a satellite or destroy components that allow it to collect critical information from the Earth. I could jam satellite links so that you can’t communicate whatever information needs to be relayed to other important decision makers.”

And it’s not just the satellites in orbit. The ground stations and the communication links between the Earth and the skies could be as vulnerable as the satellites themselves, Roper said.

“We don’t know the ghosts that are in our systems that come from the supply chain and the companies that assemble those and the fighters and satellites don’t either, because they don’t know to ask for them,” he said. The goal isn’t to just fix the existing bugs but also to shore up its supply chain to prevent introducing new bugs.

“We absolutely need help,” said Roper.

Working with the Defense Digital Service, which its director Brett Goldstein refers to as a “SWAT team of nerds that operates in the Pentagon,” they came up with Hack-a-Sat, a space security program that invites hackers and security researchers in to find the same bugs and flaws that the enemy wants to exploit.

It’s a massive shift from building closed and locked down systems that the Air Force is accustomed to. By switching to semi-open systems, it can open up its satellite technology to the wider community, while reserving the most classified technology to its in-house highly vetted experts and engineers.

Surprisingly, Goldstein, who reports directly to the Secretary of Defense, said convincing the folks upstairs to allow a bunch of hackers to take on a working military satellite wasn’t as difficult as it might sound. “There was enormous support for doing it and enormous support to partner with the Air Force on it,” he said. Roper agreed: “Isn’t it better to know about it prior to conflict than to naively keep our head in the sand and take that vulnerability into war at the risk of the operators who will have to use it?”

Roper and Goldstein say they want the cream of the crop to take on the satellite. In order to find the best hackers, the Air Force today launched its qualification round for the next month. The Air Force will let researchers hack a “flat-sat,” essentially a test satellite kit, which will help to weed out the right technical chops and skills needed to hack the orbiting satellite at DEF CON.

Those who qualify for the next and final round get to take on the satellite as it orbits the Earth.

“Our plan was to use a satellite that had a camera and to see if the team would be able to turn the camera to face the moon,” said Roper. “It would be a literal moonshot.”

What comes out at the other end is anybody’s guess. Both Roper and Goldstein said they want to be able to reveal the hackers’ eventual findings. But given that any findings may contain real-world security bugs of a working satellite, the Air Force may need to hold onto the key details to avoid a mid-orbit catastrophe.

At the time of writing, Black Hat and DEF CON, the two largest security conferences that run back-to-back in Las Vegas every August, say it’s business as usual. But as the coronavirus pandemic continues with no end date in sight, the Air Force team is planning for a range of contingencies. Roper and Goldstein said they are determined to plow ahead, with an eye on virtualizing the event.

Whether or not the event is held on stage or remotely from people’s homes, the duo say the show will go on. The beauty of hacking is that often it can be done from anywhere with an internet connection.

As much as they hope that the hackers succeed in hacking the satellite, Roper said the event was as much about finding and fixing vulnerabilities as it was about “shocking our system” so that the Air Force changes how it thinks about security.

“I suspect there will be a generation of airmen and space professionals that will think about working with the hacker community differently, so when they’re designing a satellite they’re not thinking,” said Roper. “If that generation comes to be, we will be in a much better cyber posture in the future to the better readiness of our forces.”

By Zack Whittaker, TechCrunch

Filed Under: News

Primary Sidebar

Most Read Stories

  • Kongsberg Defence & Aerospace Enlists NanoAvionics For Three Surveillance Satellites
  • First Structural Metal Cutting In Space Demo By Nanoracks + Maxar Will Be Aboard The SpaceX Transporter 5 Rideshare Mission
  • Boeing Starliner And Rosie The Rocketeer En Route To ISS After Reaching Planned Orbit
  • Savilis Reveals SpaceTech's Rapid Growth Likely Will Create New Global Real Estate Requirements
  • Airbus' Final Two Dispenser-Free Pléiades Neo Constellation Satellites Ready For Launch

About Satnews

  • Contacts
  • History

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020

Secondary Sidebar

x
Sign up Now (For Free)
Access daily or weekly satellite news updates covering all aspects of the commercial and military satellite industry.
Invalid email address
Notify Me Regarding ( At least one ):
We value your privacy and will not sell or share your email or other information with any other company. You may also unsubscribe at anytime.

Click Here to see our full privacy policy.
Thanks for subscribing!