The Final Frontier of Security: The State of Space Security with Tim Fowler

Summary:

Timothy De Block and Tim Fowler, CEO and founder of Ethos Labs LLC, strap in to discuss the critical, rapidly escalating threats in space security. Tim explains that space is now an extension of the internet, where security has historically been ignored due to "organizational inertia" and a perceived "veil of obscurity". The discussion covers the real-world impact of GPS timing disruption on terrestrial infrastructure (like power grids and financial systems) , the danger of unencrypted space communications , and the urgent need for a holistic security approach that integrates security testers directly with development teams. They conclude with a debate on the role of AI in anomaly detection versus critical human decision-making in space.

The State of Space Security and Major Threats

  • Security is a Low Priority: Historically, security was not a priority for systems in space, often operating under a "veil of obscurity". This is slowly changing, with an uptick in security engineering roles this year, moving beyond just GRC/cyber assurance.

  • Unencrypted Communications: A core challenge is the widespread use of unencrypted signals between bases and satellites, which can be easily intercepted and read. Tim estimates that less than 50% of signals are encrypted due to operational challenges.

  • Encryption is Not Enough: Encryption only addresses confidentiality. An encrypted signal can still be captured and replayed, and the satellite may process it if integrity is not addressed.

  • The Ground Segment Threat: Even encrypted space communications can be nullified if the ground network is compromised (e.g., stealing a FIPS-compliant encryption module), necessitating a holistic security approach.

  • Repeating History: Space security is currently experiencing a situation analogous to the internet's early days (ARPANet) or the ICS/OT SCADA world 12-15 years ago, focusing on getting things operational before securing them.

Real-World Impact on Terrestrial Life

  • GPS Timing is Critical: Critical infrastructure—including pipelines, power grids, and financial systems—all rely on GPS timing for synchronization.

  • Disruption Affects Everyone: Disrupting GPS timing can cause widespread outages. Examples include:

    • The London Stock Exchange going down in 2012 due to a localized GPS jamming attack that wasn't even targeting them.

    • A US Navy testing incident that caused widespread outages in San Diego, affecting ATMs and pharmacies for days.

  • Space is the New Internet: Partnerships like T-Mobile's direct-to-cell with Starlink demonstrate that space is becoming an extension of the internet, increasing connectivity but also the attack surface.

Strategy and Getting Involved

  • Integrating Security: The best model for moving decisions closer to security on the operations-to-security spectrum is to physically place security testers (like penetration testers) directly within development teams (DevSecOps).

  • Train Developers to Attack: A highly effective proactive security measure is to teach developers how to attack their own software; they magically stop writing vulnerable code.

  • Space is a Culmination of Niches: Space security is the culmination of all security specializations (cloud, network, web application, ICS/OT, physical security). There is a place and a need for experts from every niche.

  • Resources for Getting Started:

    • Check local security conferences for the Aerospace Village (a non-profit that hosts hands-on labs).

    • Read books like Space Cyber Security by Dr. Jacob Oakley.

    • Attend specialized conferences like Hackspace Con.

    • "Just Google it": Use your existing security expertise (e.g., "cloud security") and research how it applies to the space industry.

AI in Space: Augmentation vs. Autonomy

  • Anomaly Detection is Ideal: AI (machine learning) is tailor-made for high-speed computation and sensor analysis, making it excellent for anomaly detection in early warning systems.

  • The Human Decision-Maker: Tim Fowler insists that human involvement is essential for critical decision-making and validating AI output (to determine if an alert is a false positive). He argues that an autonomous AI decision in space could quickly escalate into a hostile international incident.

  • Scalability Debate: Timothy De Block questioned the scalability of relying on humans for every decision, using traffic light management as an example of where AI could safely and efficiently augment processes. Both agreed AI should handle "busy work" and augment human capabilities, not perform autonomous functions in sensitive situations.

ETHOS LAbs Links and Resources:

ETHOS LABS Website

Connect with Tim Folwer on Linkedin

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]