The National Reconnaissance Office (NRO) is looking to enhance the cyber security of its myriad of space systems by incorporating a zero trust/defense in depth cyber protection schemata, according to an NRO official quoted by Satellite Today.com.
The new push is due not only to the propensity of cyber threats but also because “We’re approaching a convergence of that terrestrial and space-based transport,” a NRO official said. “It used to be that encrypting your mission link, encrypting your band link was pretty hot stuff. Those days are long gone. Viewing our space assets as IT systems means we’re adopting the zero-trust, defense in depth mantra. Perimeter defense is going to fail because you have to assume that somebody will get through the perimeters, if they keep banging on the doors. That leads to a defense in depth.” The NRO official also noted “there’s a lack of supply chain traceability, in some cases, and so we’ve really got to start treating our space architecture and production the same as we do our ground architectures and production where we have full traceability and bake in those cyber security tenets up front in manufacturing and production and not try to bolt them on later.”
Cybersecurity implications: Obviously the adoption of a zero trust architecture for satellite systems that are vital to the national defense is a rare “win” for the cybersecurity of space systems. The adoption of zero trust will make it harder from an intruder to tamper with a NRO system even if they are able to breech perimeter network defenses. Interestingly, the NRO credits a “marriage” of the ATT&CK and SPARTA tools for “shedding all kinds of new light on threats to our space IT systems and mitigation techniques to prevent the adversary owning our satellites,” the very same tools we have talked about in this course.