A

You're listening to the Cyberwire network, powered by N2K.

B

Welcome to a very special Thanksgiving encore of T minus Deep Space. Today's crossover episode sits at the thrilling intersection of space, national security and cutting edge tech. BigBear AI is leading the way with AI machine learning and computer vision to defend critical operations and give leaders a decision advantage. Our guests are Eric Conway, VP of Technology and Joe Davis, Cybersecurity research scientist at BigBear AI. We hope that you enjoy this encore of T minus Deep Space. Thanks for listening and for those celebrating, have a safe and happy Thanksgiving.

C

What's your 2am Security worry? Is it do I have the right controls in place?

D

Maybe.

C

Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

E

Space systems can be vulnerable software flaws, supply chain weaknesses and physical inaccessibility of satellites. All compounded by increased reliance on commercial off the shelf parts, open source components and complex ground networks. All of these issues create risks such as unauthorized access, data interception and manipulation, denial of service attacks, and even the complete hijacking of satellites. So with all that said, what tools and technologies make it easy to perform vulnerability research on hardware components? BigBear AI thinks that they have a solution.

D

Foreign.

E

This is T minus Deep Space. I'm Maria Varmazes. Today's guests are Eric Conway, Vice President of Technology and Joe Davis, Cybersecurity Research scientist at BigBear AI.

D

My name is Eric Conway. I'm the Vice President of Technology at Big Bear AI. We are an AI provider and we provide decision support to customers across the military, the Department of Defense, the Department of Homeland Security, as well as in the intelligence community. My background is as a software engineer supporting cybersecurity related missions and AI related deployments for about the last 25 years. Now with Big Bear AI.

E

Fantastic.

A

Thank you.

E

Joe, over to you.

F

Yes, hello, I am Joe Davis. I am a cybersecurity research scientist with Big Bear AI. I've been with the company going on four years and my background is also in software engineering as well as cybersecurity vulnerability assessments quite a bit with telecommunications systems and various other domains. Power control systems, scada, any kind of equipment like that is where my background has been. Since coming over to Big Bear, I have switched my focus over a little bit to the space domain, which is, I think, what we're going to be talking about today.

A

Yes, indeed, we are a space show. So I'm very interested in all things space. And gentlemen, thank you both for joining me today. And my background is for years I worked in in house and cybersecurity on the comms team. So I'm always really happy when I get to do space, space and cybersecurity. It just makes me very, very happy. So I'm thrilled that I get to be speaking to you both today. And I would love to learn about one of the offerings that Big Bear has, Space Crest. This is fascinating. I was wondering, could you guys walk.

E

Me through this Great question, Maria.

D

Thank you. Space Crest. The CREST in Space Crest, by the way, stands for Cyber Resilience Evaluation, Security testing or crest. So it is a long acronym. You know, spacecrest is a perfect example of what you just referenced. It's that intersection of cybersecurity, space, as well as artificial intelligence and data analytics. That's what spacecrest essentially is. It's a combination of all of those different techniques, but applied specifically at the challenge of helping to create more resilient space systems for our national security as well as for commercial companies that are working in space. Spacecrest originated at Big Bear AI in our Innovations lab. People like Joe and I work in the innovations area at Big Bear AI and we're always looking for new ways to bring together some of these skills, cybersecurity or artificial intelligence. And spacecrest evolved through a partnership with a company called Red wirespace. They have a modeling and simulation platform that I'll let Joe talk in detail about. But the hypothesis was posed, can you create a cyber range for space systems using a high fidelity physics model? So we started integration and implementation of that in our laboratories. And then now we have spacecrest. And I'll turn it over at this point to Joe to talk more in detail about what spacecrest is specifically.

F

All right, so Big Bear's Space Crest is enabled by the Acorn 2.0 digital engineering platform that Eric referred to. Created by our Redwire space partners, ACORN allows us to create models of satellites of Varying levels of fidelity based on the needs of the problems that we're trying to solve. It lets us build digital twins from models, simulators, emulators, or even real hardware that we might be able to get from these spacecraft, such as, say, star trackers, reaction wheels, power systems, or payloads of the satellites themselves. The strength of ACORN is that when we put those components into the environment, they talk to each other as though they would on the real satellite. So if widget A sends a message to widget B and widget B then changes an actuator on the satellite, that whole communication occurs within this high fidelity simulation environment. It gives us higher fidelity than just a simulator that's modeling the orbital mechanics and stuff like that. Once we have the digital twin, we can experiment with scenarios ranging from adjusting orbital parameters to injecting simulated cyber events, or hacking the system in real time. ACORN has the ability to run in an accelerated mode as well, which is really important to us. That lets us build scenarios that we just couldn't even get in real time with real satellite data. So we could create hundreds, thousands, millions of scenarios and run them in an accelerated mode where we can collect that data up in a couple hours or a day and have literally 10,000 years of data in the palm of our hand.

C

Wow.

A

Yeah. I often wonder about these kinds of simulation modes. As you mentioned, obviously there's a huge advantage in being able to do this not on the actual system. You don't want to do that, you don't want to test the production. Right. And what are the other advantages there? And that is 10,000 years of data not otherwise easily acquired. But that's quite amazing.

F

Yes. And at that point, you're really also only limited by your own imaginations of what kind of scenarios you can come up with. So, for example, we have built out scenarios for cyber attacks that have not happened in the real world in an unclassified sense. Right. These attacks may be happening in classified environments, but they're not something that you would find in the news.

E

Right.

A

That's fascinating. I'm wondering about the remediation insights that this kind of testing would provide. Also, as you mentioned, a situation where I imagine a provider hasn't encountered a certain attack being able to test how their systems do. And that would be a really fascinating exercise.

D

That is the end goal of what Space Crest is all about. It's about trying to uncover vulnerabilities that could affect the resilience of a space system, and then to identify and test the remediations that we could apply to try to close up those vulnerabilities. We built around this ACORN model, a full blown red teaming platform using red teaming tools, things like Kali, Linux and Metasploit. And these allow us to simulate all sorts of cyber attacks on simulated as well as hardware in the loop and software in the loop satellite systems. From that we can understand where some of those vulnerabilities might be, we can try to find ways to patch those vulnerabilities and then we can re evaluate the scenario and identify whether that remediation was effective or not. And the overall goal is to increase the resilience of that spacecraft.

E

We will be right back.

C

From phishing to ransomware Cyber threats are constant. But with NORD layer your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwiredaily with code CYBERWIRE28 that's nordlayer.com cyberwire daily code CYBERWIRE28 that'S valid through December 10th, 2025. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, stop unknown executables cold. With ring fencing you control how trusted applications behave. And with threat locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

A

Foreign. I'm wondering if Eric or Joe or both really, if you can also speak to the need in the current space market for solutions like this. Space Cyber is something I'm very personally interested in just to give context to this question and it has been fascinating watching it evolve in the past few years and it seems like spacecraft is coming in at a really crucial time.

F

Right now in General, you're right. The industry as a whole is moving towards more and more digital engineering. Digital twins are. They're not just a nice to have anymore, they're actually even being required by many government contracts. A contractor has to come in with digital engineering models, not, not just CAD files, but actual working models of how their system will work, how it'll integrate with other systems. One example of this is the proliferated Warfighter Space Architecture, the PWSA that's being developed by the Space Development Agency sda. It's a great example because right now they have a massive undertaking with lots of complexity, lots of different vendors. And how are all those vendors going to come together and integrate well and hopefully get that sorted out and figured out well before they have built their the multimillion dollar satellites? Ideally, digital engineering is how they can do that. If each of those vendors come in with models of their wares, then they could all be put together in various environments, a lot like Space Crest. And not only that, they can be put under the rigor of situations that have not yet occurred or that can be can be thought up and put on missions that can be thought up by the actual users of the pwsa.

A

So the next question I had was about any success stories. I always love to hear about any examples, anything that can really drive home some of the things that we've been talking about in real life situations. Anecdotes anonymously are completely understandable given the context of what we're talking about. But just any anecdotes at all would be really helpful to understand.

D

Well, let me start with a little bit of a background and then Jode, you can talk in whatever detail you can talk about. For some of our actual operational successes in our laboratory, we've seen a lot of success with Space Crest. We started out with the basic hypothesis I mentioned earlier, where we wanted to try to prove if we could create something akin to cyber range, where we could execute cyber attacks against a satellite system that is virtualized in this environment. We were able to prove that out. We were able to prove that there is enough fidelity in the modeling, in the simulation itself, that we can get realistic enough communications and protocols into that virtual environment to actually do real evaluation of cybersecurity vulnerabilities. It also helps that the ACORN system has a very rich bridge API which allows us to integrate hardware and software into the loop where they will function as if they're part of the purely virtualized satellite environment. And doing that, we were able to get some actual space Components. In one case, a star tracker, which is a small device that uses the background sky to position the satellite in three dimensions in space. We were able to connect that into a virtualized version of a satellite, and then we were able to run cyber attacks against it that flooded it with way too many commands, for example, and essentially took it offline. It was analogous to what a denial of service attack would be on a terrestrial based system. So we were able to use that as a demonstration of how there is enough fidelity in a modeled environment to do true cybersecurity evaluation on it. We coupled that with a more traditional reverse engineer of the device and we were able to uncover vulnerabilities in the firmware. So between the two, we could take that, and we now have a report that says to make this star tracker a little bit more secure, a little bit more resilient for avoiding those types of attacks. We can now go back to the manufacturer and we can give them that information. Doing that at scale would allow us to really address a lot of the supply chain problems that we see in the industry today. Satellites are made up of pieces of equipment that come from all over the world. It is a truly global supply chain. And the, the provenance of all of those devices and the software that runs those devices is not always known. So having the ability to evaluate each device independently identify where the vulnerabilities are, could close up some of those supply chain issues as well. Joe, I think you have a few more examples of some successes we've had as well.

F

Yes, I'll add another really great example which comes from a current project that's ongoing and that I'm actually going to be talking about at the Value of Space Summit a little bit here in September. The project that I'm talking about is, it's called Cyber Resilient on Orbit or crow. And it's a partnership that we have with a small business called Proof Labs. And remember I talked about the being able to create hundreds or thousands of scenarios within the spacecraft environment and being able to inject cyber events into those scenarios. We have actually done that. We have generated thousands of scenarios with the Moonlighter satellite. We modeled a satellite after Moonlighter, which is the satellite that was used for hackasat for afrl. And we generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data and we've trained now some machine learning models to be able to detect those different cyber attacks and classify which of those attacks is happening at which time.

A

This is a fascinating intersection of a lot of different things that I've been hearing about recently and it's kind of geeking out a little bit. This is really cool to hear it all being applied and it just really fascinating knowing how it's being used in the field right now. So this is, this has been really cool to learn about. I just want to thank you both for that because especially around the supply chain questions that I've been having. Eric, you kind of mentioned in your response something I've been wondering about for some time. So I really appreciate it. Eric and Joe, both of you, so much, walking me through so much of what you all are working on.

D

Well, thank you, Maria. We appreciate the opportunity to talk about what we're doing to bring cybersecurity and artificial intelligence as well as space together to try to create a more resilient space architecture that's only going to help our national security. So we appreciate the opportunity to talk about it. Thank you very much.

E

That's T minus Deep Space brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like our show, please share a rating and review in your podcast app or you can send us an email. Thespace2k.com we'd love to hear from you. We're proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps space and cybersecurity professionals grow, learn and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Piltzman. Our executive producer is Jennifer Ivan. Peter Kilpie is our publisher and I am your host, Maria Varmazes. Thanks for listening. We'll see you next time.

G

Hey, Ryan Reynolds here wishing you a very happy half off holiday because right now Mint Mobile is offering you the gift of 50% off unlimited. To be clear, that's half price, not half the service. Mint is still premium unlimited wireless for a great price. So that means a half day. You know, give it a try@mintmobile.com Switch.

E

Upfront payment $45 for three month plan equivalent to 15 per month. Required new customer offer for first three months only. Speed slower 35 gigabytes of network spizzy. Taxes and fees extra. See mint mobile.com.