In my last two posts, I touched upon the importance of ground systems in different scenarios. Often the only points of contact with the satellites, they grow ever more critical as we venture deeper into space. I was intrigued by this irony and decided to dig a bit deeper into it. I landed on a quote, “We are in a phase in which we need to mitigate the risks by simplifying the necessary controls, using time-based methods for analyzing controls, and instigating proactive cybersecurity mechanisms on new systems in order to provide data assurance.” This is a fancy way of saying that we aren’t doing s#!t, and need to do a lot more. Ground Systems have been the victim of an increasing number and sophistication of attacks in recent years, with different vulnerabilities being exploited in each instance. We require security models that not only subjectively address threats but quantify what controls to provide and what risk to be assessed. The Time-based Security method is one such framework to measure the effectiveness of security through a simple mathematical formula: Protection Time > Detection Time + Response Time.
This model provides a method for evaluating successive multiple controls. A high-level example could test the time it takes attackers to gain access to the base network, the satellite control network, and finally the console. Leaders can then make risk-based decisions on whether they can afford additional protections. The major issue of a quantitative time-based model becomes the requirement for granular testing of every security control on an existing system. It is important for system designers to consider security at the outset of design to avoid being overwhelmed. This is exactly why quantitative models are the key to bolstering existing systems. Threat elements release new risks of attacks on a daily basis, and it is critical that security operations adapt in a sustainable way. Having an established framework that will react fast and effectively is mandatory at this stage.
Original article: https://spacegeneration.org/cybersecurity-risk-mitigation