Published on May 20, 2016
1. ALAN W. SILBERBERG DIGIJAKS FOUNDER + CEO GLOBAL CYBER SECURITY ON EARTH + IN SPACE US GEOINT CONFERENCE 5.18.16 Copyright © 2016 Digijaks 1
2. Who am I and what is Digijaks? • Alan W Silberberg • Founder of Digijaks – Boutique Cyber Security Firm • Subject Matter Expert, Cyber Security to US SBA • Member, California Governor’s Cyber Security Task Force • Former US White House aide • Former US National Archives Task Force Member • Former Executive at Paramount Pictures • Invented technology to utilize aspects of search + social media to defend against cyber attacks. • Invented technology to change and alter search results. Copyright © 2016 Digijaks 2
3. Summary Of Areas Covered • People • Ground Stations • Ground Station Hardware + Software • Uplinked Data • Downlinked Data • Terrestrial Platforms • Threat Matrix • Threat Actors • Suggested Changes Copyright © 2016 Digijaks 3
4. Copyright © 2016 Digijaks 4
5. 3, 2, 1 – Liftoff is just beginning of challenges for satellite communications Copyright © 2016 Digijaks 5
6. 3, 2, 1 – Liftoff is just beginning of challenges for satellite cyber security Copyright © 2016 Digijaks 6 • The challenges mount from the moment of liftoff. • Depending on the complexity of the payload and onboard data packages cyber security risks can only increase once in space due to problems and or failures on the ground, or in space. • Cyber Security was an afterthought until only recently, so there are many gaps where legacy systems and legacy technology are in the clear, not encrypted, and not ready for a modern cyber attack.
7. 25 years ago there were dozens….. Copyright © 2016 Digijaks 7
8. And 1000s of Satellites now in Space Copyright © 2016 Digijaks 8
9. Internet = Anyone Anywhere 2 Track, Identify software, do enough open source *osint research to then move on to next phase of cyber security information collection prior to attack or breach of Ground, Person, Satellite LOTS OF DATA Copyright © 2016 Digijaks 9
10. People and their Devices Copyright © 2016 Digijaks 10
11. People and their Devices • BYOD • Social Engineering • USBs • WALK BY Photo/Video/SMS/Social Media • Laziness • Corruptness • Leveraged by Organized Crime or Foreign Intelligence • Disregard of security protocols • Will-full destruction/cyberwar/espionage Copyright © 2016 Digijaks 11
12. People and their Devices Copyright © 2016 Digijaks 12
13. People and their Devices Copyright © 2016 Digijaks 13 • Devices can be hacked and need to be screened or put in lead or steel box outside prior to entry. Air gapped breaches have been proven to be actual exploits. • Device access to Ground Station networks need to be closely controlled and monitored 24x7 including vpn, remote by proxy, late night email logins, and late night from home server logins. • In addition to physical security concerns, BYOD devices can also insert malware, viruses, worms, and can simultaneously be used to extrifilcate DATA and transmit instantly via carrier exchanges or social media to internet + Globe.
14. Ground Station Cyber Security Copyright © 2016 Digijaks 14
15. Ground Station Cyber Security Copyright © 2016 Digijaks 15 • People. People. People. • Incoming data from other ground stations/networks • Incoming data from Internet/extranet • Incoming Data bound for Sat Payload Uplink • Outgoing Data bound from Sat Payload Downlink • Uplink Data • Downlink Data • Maintenance Level • Control Level • Security Level
16. Ground Station Cyber Security Copyright © 2016 Digijaks 16
17. Ground Station Cyber Security Copyright © 2016 Digijaks 17 • Perimeters • Attractive and Visible Physical Targets • Critical Infrastructure yet not always provided security for such protections as needed • Easy to track and research using online OSINT for • SCADA Installs connected to Internet • SCADA Install passwords, default reset data • Real world representation of the need to blend physical and cyber security into one force multiplier.
18. Ground Station Cyber Security Copyright © 2016 Digijaks 18 What does your ground station cyber posture look like from space? Probably, another satellite is spying on you as you work and as your teams go about “securing the facility”.
19. You do not know who your attacker is. Copyright © 2016 Digijaks 19
20. But …. They know you Copyright © 2016 Digijaks 20
21. But they know you: Partial List of Satellite Hacks in last few years. Copyright © 2016 Digijaks 21 • US Weather System Satellites (Non Mil) NOAA satellites penetrated (CHINESE NATION STATE THREAT ACTOR) • Commercial Satellites have been compromised for APT use like in case of TURLA APT (RUSSIAN NATION STATE THREAT ACTOR) corrupted weak satellite protocols • Ground Station Software + Hardware from multiple manufacturers flagged in 2014 for cyber security failures – CERT notification was issued, but only some companies have made updates to date in 2016.
22. But they know you - Copyright © 2016 Digijaks 22 • In 2015 CNN and many other news outlets reported on the GPS system and satellites having been compromised and even altered. By whom? Why? What happens when that gets combined with the command and control structure for your fleet? For your bird? • SIMPLEX network known and unknown vulnerabilities include un encrypted data transmission between ground and satellite, as well as ground to ground and satellite to satellite. In 2015 warnings were issued about organizations relying on this backbone for their comms. • EXFIL sensitive data from government, military, diplomatic, research and educational organizations in US + EU. • Hide command-and-control servers from law enforcement agencies.
23. But they know you - Copyright © 2016 Digijaks 23
24. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 24
25. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 25 Several factors become weak points: A. Uplink From Ground that is un encrypted or already corrupted. B. Downlink from Bird that is same C. Penetration and or control of data stream, redistributing FUD DATA D. EXFIL of DATA E. LOSS of bird through willful destruction, terrorism, hunter killer satellite from opponent F. Corruption of GEO SPATIAL location and or timing for signal control rendering the satellite(s) useless and or dangerous or both.
26. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 26 • Loss of Command and Control through ground infiltration or penetration of ground station either physically or through cyber means. • Acquisition of signals and BAND(s) data from Space by another satellite tasked with sensors/lasers to track/acquire such information without knowledge of users on ground. • Same problems apply from ground station, ie, if any of those are triggered, then the cybersecurity of the bird is already compromised.
27. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 27 • Cyber Attacks are common, more common than not. • Cyber Attacks are both from the ground and from another satellite or group of satellites. • How can satellite or group of cube-sats be used in malicious ways against a country, or company or a person?
28. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 28
29. Terrestrial Platform Cyber Security Copyright © 2016 Digijaks 29 • Do you know who is watching from above? Or why? • What about your cyber security – how much is already penetrated from above, let alone from the computer you are already using? • What of your upstream and downstream DATA? How much is already FUD and or compromised. • Is your platform being used in a Space Based DDoS attack? Or Space Based misdirection of signal/GPS/location to purposely mislead either data or physical time and space objects like people.
30. Threat Matrix Copyright © 2016 Digijaks 30
31. Threat Matrix Copyright © 2016 Digijaks 31 • Know your weaknesses • Know the weaknesses of your staff, the training and the software and hardware. • Anticipate that you will be attacked. It is not IF but WHEN. • Use both internal and external sources of information to stay apprised of current threats against the industry or your facility. Search for the facility name and see if it is being mentioned in social media or on chat rooms. • Scour sites like Shodan weekly to ensure your IoT + SCADA devices are not listed, if they are make changes.
32. Threat Matrix Copyright © 2016 Digijaks 32 • Attacks will occur onto: • A. Ground Station Software • B. Ground Station Hardware • C. People + their devices • D. Social Engineering, Phishing, Whaling, Waterholes • E. Upstream Data • F. Downstream Data • G. Ground to Ground Data – SMS, Cell, Internet, Intranet, Extranet, Phone/Voice/Video • F. Satellite to Satellite Attacks on both software + hardware through lasers, sonic beams + hunter killer sats
33. Threat Actors • Nation State • China (estimated 125K+ official hackers paid by Gov) • Russia (17K+ Twitter Trolls + estimated 25K hackers paid by Gov) • Iran (1000s of Hackers + 100s of Twitter trolls + funding others) • North Korea • Vietnam • Ukraine • Romania • Also a host of other countries with either sophisticated telecom networks or where traditional computing is taught. • Paid hacker cartels • Paid hacker soldier of war Copyright © 2016 Digijaks 33
34. Threat Actors • Corporations using technology to spy on their competition or on their staff or clients. • Bad actor cyber companies doing unethical work and or illegal work under cover of “helping” • Your own people • Your own equipment • Your own networks • May already be compromised, how would you know if you do not look? Copyright © 2016 Digijaks 34
35. Constant Actions + Energy Needed 24x7 Copyright © 2016 Digijaks 35
36. Suggested Changes • Update all software and firmware on regular basis. • Do not ignore alerts from already installed software or monitoring services regarding breach behavior or irregular network data passing as regular flow. • Understand relationship (emerging and growing between physical security and cyber security in both ground and terrestrial situations. • Train employees and contractors regularly, and drill regularly in what to do when cyber attacked/ how to handle active breach / mitigation of previous breach and proactively taking steps to make changes into new paradigms. Copyright © 2016 Digijaks 36
37. Suggested Changes • Install and utilize two factor authentication for every entry or access to control of data streams / up + downlinks • Disable use of BYOD on premises of ground stations or only in specifically marked areas. • Institute signal proof lead/steel boxes outside of conference rooms/important areas/data centers and regulate that all personal devices be placed in one during a meeting or any grouping. • Constantly review SHODAN.IO for your installation’s SCADA and other internet connected devices/software or firmware numbers or other identifying information, then work to make changes or remove. Copyright © 2016 Digijaks 37
38. THANK YOU!! WWW.DIGIJAKS.COM @IDEAGOV 424.442.9658 Copyright © 2016 Digijaks 38
Tag: Cyber Security on Earth Global Cyber Security On ... , Cybersecurity, ... Security Tags Cyber Security in Space, Cyber Security on Earth, ...
Space cybersecurity ... infrastructure on Earth ... of cyber security in space. Currently there is no global organization responsible for ...
Embed slide. Repository for embed slide from slideshare, speakerdeck or using HTML framework like reveal.js, desk.js, ... We are not responsible for the ...
Space Mission Solutions Innovation in Space. From cybersecurity to earth monitoring and ... but have become critical to global infrastructure. Space ...
... Magellan Satellites And Planet Earth. ... space and cybersecurity regime" comprised ... the whole of the global space ...
Thales Alenia Space is a leader in Earth observation, ... which provides high-resolution images of the Earth ... to meet the needs of a booming global ...
Global Cyber Space Conference ... The Global Conference on Cyberspace 2015 will bring stakeholders from various backgrounds together to discuss these ...
Posts about US National Cyber Defense written by Alan W. Silberberg. ... Global Cyber Security On Earth + in Space ... Cybersecurity, cyberwar, Digital ...