Time for Infosec Professionals’ Imaginations to Stretch to Outer Space

On Friday, April 16, NASA announced that it had selected SpaceX to move forward in building the first modern human landing system (HLS), returning humans to the surface of the Moon for the first time in nearly 50 years.

This marks a dramatic step toward sustainable lunar exploration and preparation for the ultimate journey of a human-crewed mission to Mars. 

NASA stated: “The exploration of the Moon and Mars is intertwined. The Moon provides an opportunity to test new tools, instruments and equipment that could be used on Mars, including human habitats, life support systems, and technologies and practices that could help us build self-sustaining outposts away from Earth."

Interplanetary exploration will rely on a complex supply-chain network from terrestrial/on-ground to low earth orbit onto the Moon, Mars and beyond. This new interplanetary supply chain will exploit the same emergent technologies that have given rise to the disruptive forces that mark our entrance to the 4th Industrial Revolution. Cloud, artificial intelligence, blockchain and additive manufacturing are already forming the core foundational components of the architectures that enable space technologies to be delivered and funded turnkey "as a service," allowing for democratization of space and space data access, significantly lowering the barrier to entry. Bank of America expects the space industry to triple to a US$1.4 trillion market within a decade, forecasting the industry's revenue growth by 230% – from about $4.2 billion in 2019 to about $1.4 trillion in 2030. 

For the space economy to exploit its full potential, a scalable, extensible, resilient and secure infrastructure of orbital communication and transportation services is being created, giving rise to the “space for space” economy where goods and services are built “in space for space.”

Yet, with all advancements, there is risk. The value of the digital and physical cargo to be transported is immense. Assets mined on planets and small bodies may be worth more than the total value of the Earth’s current economy. The intellectual property digitally transported across these complex supply chains will provide nations and companies with an incalculable competitive advantage. And the same architectures that support terrestrial-based digital supply chains will be just as exploitable as those in space.

With disruption comes opportunity, and attackers are better and faster than us at adapting to, leveraging and exploiting disruption. In a future where speed and agility are defining factors, they have the edge.   

Currently, there is a race to develop offensive space capabilities designed to intercept, deny service or alter satellite communications. Organized underground groups will be ready, armed, and able to execute cyber-attacks against space transportation systems to enable the hijacking of cargo, abducting people and holding them for ransom or intercepting and stealing digital-based intelligence.  

The cloud-based architectures that will underpin interplanetary commercial transportation and services will be exploitable by a range of different threat actors. And while countries and corporations alike are developing capabilities to detect, predict and defend against these attacks, they lack a consistent and comprehensive framework.

In 2020, the US government published the policy directive, Cybersecurity Principles for Space Systems, that outlined five main principles: 

  1. All space ecosystems should be designed and operated using risk-based, cybersecurity-informed engineering
  2. Space ecosystem owners should develop and implement cybersecurity plans that protect against unauthorized access to critical space vehicle functions, reduce the vulnerabilities of a space vehicle's command, control, and telemetry receiver systems, protect and defend against communications-based attacks and anticipated threats during the entire mission lifetime, and manage the supply chain risks that affect cybersecurity of space systems
  3. Codify these principles through rules, regulations, and guidance to ensure enhancement of space system cybersecurity
  4. Collaborate with other space system owners to promote the development of best practices to the extent permitted by applicable law
  5. Security measures should be designed to be effective while enabling space system owners and operators to manage appropriate risk tolerances and minimize the undue burden 

While these principles and the resultant application of information security frameworks such as NIST, ISO 27001, or SOC 2 Type 2 across the entirety of space supply chains is a good first step, the design for how we approach security around these systems will need to transform. We will need to be better, faster and more adaptable. And, while the use of artificial intelligence and thinking systems will be prevalent, we will need to be prepared to see cybersecurity and defense personnel aboard spacecraft.

Information security and GRC professionals need to expand our knowledge and, quite frankly, imagination to include the applied sciences involved in space. We have to become more experienced in life safety systems. AI needs to be foundational to all cybersecurity and GRC professionals’ training as we will be working alongside thinking systems in harsh environments where there are microseconds between life or death.  

Which brings me to diversity. We have no real idea what type of person will be best suited for interplanetary travel or outpost settlements. Make no mistake – one we leave this planet for another's destination, we will begin to evolve and evolution requires diversity.

If we are to protect and defend the people, companies, and countries in our charge, we will need racial, gender, identity, physical and neuro-diversity.  

There is a high degree of likelihood that the attributes that make someone successful here on Earth may not be well-suited on another planet. People who think outside of the box may be the ones to thrive.  

Leaders and futurists have predicted we may see the first human on Mars in the next 5-10 years, with colonization to happen soon thereafter. We sit at the dawn of interplanetary travel. As we embark on this next phase in human history, it is critical that we consider the end-to-end risks involved in the development of these new economies and the diversity in our workforce necessary to help protect and defend the people, goods and services that comprise the new space ecosystems.

What’s Hot on Infosecurity Magazine?