CyberWire Daily x T-Minus Deep Space: Identifying Vulnerabilities in Space with BigBear.ai

Date: November 27, 2025
Host: Maria Varmazes (N2K Networks)
Guests: Eric Conway (VP of Technology, BigBear.ai), Joe Davis (Cybersecurity Research Scientist, BigBear.ai)

Episode Overview

This special crossover episode dives into the intersection of space, national security, artificial intelligence (AI), and advanced cybersecurity. The spotlight is on BigBear.ai’s work to improve cyber resilience in space systems through innovation, simulation, and rigorous vulnerability testing. Eric Conway and Joe Davis walk through their Space CREST platform, digital engineering, and real-world success stories, illustrating how advanced simulations inform both cyber defense and supply chain resilience in the fast-moving space industry.

Key Discussion Points and Insights

Space Systems’ Growing Cyber Vulnerabilities

• Modern satellites and ground networks face unique risks due to use of commercial off-the-shelf components, open source code, and complex supply chains ([01:56]).
  • Vulnerabilities include software flaws, unauthorized access, denial-of-service, and potential for satellite hijacking.

Introducing Space CREST

• Definition: CREST stands for Cyber Resilience Evaluation, Security Testing ([05:01]).
• Purpose: Designed to combine AI, cybersecurity, and high-fidelity simulation to test and strengthen space system resilience for both national security and commercial players ([05:01]).
  • Space CREST integrates AI-driven analytics and cyber red-teaming in simulated environments in partnership with Redwire Space.

Quote:

“Spacecrest is a perfect example of what you just referenced. It's that intersection of cybersecurity, space, as well as artificial intelligence and data analytics.”
— Eric Conway [05:01]

The Power of Digital Twins and Simulation

• The ACORN 2.0 platform (developed by Redwire Space) builds detailed digital twins of satellites, emulating real spacecraft behavior from communications to orbital mechanics ([06:42]).
  • Digital twins incorporate virtual hardware (e.g., star trackers, reaction wheels) and real components where possible.
• Accelerated Simulation:
  • Enables millions of simulated “years” in hours, stress-testing scenarios not yet seen in the real world ([07:58]).
  • Facilitates injection and study of novel cyberattacks without compromising actual systems.

Quote:

"We could create hundreds, thousands, millions of scenarios and run them in an accelerated mode... and have literally 10,000 years of data in the palm of our hand."
— Joe Davis [08:47]

Red-Teaming and Vulnerability Remediation

• Builds attack scenarios using real red-teaming tools (Kali Linux, Metasploit) in the digital twin environment ([10:02]).
• Tests effectiveness of mitigations (patches, architecture changes) on satellite resilience ([10:02]).

Quote:

"It's about trying to uncover vulnerabilities that could affect the resilience of a space system, and then to identify and test the remediations."
— Eric Conway [10:02]

Impact on the Space Industry

• Digital engineering is now mandated or highly encouraged by major government contracts; digital twins allow for full-system rehearsals before hardware deployment ([13:51]).
  • Example: Proliferated Warfighter Space Architecture (PWSA) leverages such models for complex, multi-vendor integration ([14:26]).

Quote:

"Digital twins are... not just a nice to have anymore, they're actually even being required by many government contracts."
— Joe Davis [13:56]

Notable Success Stories & Use Cases

Star Tracker Cyberattack Simulation ([15:45])

• BigBear.ai connected a real star tracker (positional hardware) to its virtual satellite simulation.
• Simulated a denial-of-service by overwhelming the tracker with commands, causing it to go offline—analogous to terrestrial cyberattacks.
• Combined reverse engineering of the firmware to identify vulnerabilities, then reported fixes to the manufacturer, demonstrating practical supply chain security impact ([17:31]).

Quote:

"We were able to use that as a demonstration of how there is enough fidelity in a modeled environment to do true cybersecurity evaluation on it."
— Eric Conway [17:03]

Large-Scale Training Data & AI Models ([18:51])

• Ongoing project: CROW (Cyber Resilient On Orbit), in partnership with Proof Labs ([18:51]).
• Using the Moonlighter satellite (known from Hack-A-Sat competitions), they simulated thousands of cyberattack scenarios to generate data for training machine learning models for real-time threat detection ([19:11]).

Quote:

"We generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data and we've trained now some machine learning models to be able to detect those different cyber attacks and classify which of those attacks is happening at which time."
— Joe Davis [19:42]

Industry Trends & Supply Chain Security

• The future of satellite development is digital-first, with models and cyber-resilience being integrated from the design stage ([13:51], [14:26]).
• The global nature of the satellite supply chain makes independent validation of hardware and software components crucial ([18:08]).

Quote:

"Doing that at scale would allow us to really address a lot of the supply chain problems that we see in the industry today."
— Eric Conway [18:08]

Memorable Moments & Quotes

• On Simulation Power & Creativity:

  "At that point, you're really also only limited by your own imaginations of what kind of scenarios you can come up with."
  — Joe Davis [09:15]

• On Real-World Application:

  "It's a truly global supply chain. And the provenance of all of those devices and the software that runs those devices is not always known. So having the ability to evaluate each device independently, identify where the vulnerabilities are, could close up some of those supply chain issues as well."
  — Eric Conway [18:08]

• On the State of the Industry:

  "Right now, the industry as a whole is moving towards more and more digital engineering... not just CAD files, but actual working models of how their system will work, how it'll integrate with other systems."
  — Joe Davis [13:56]

Important Timestamps

• 1:56 — Overview of satellite cyber threat landscape
• 5:01 — Introduction to Space CREST and its genesis
• 6:42 – 8:54 — Deep-dive into ACORN, digital twin capabilities, and benefits of simulation
• 10:02 – 11:11 — Red-teaming, attack injection, and patch testing
• 13:51 – 15:25 — Digital engineering’s rising role & industry examples
• 15:45 – 18:51 — Success stories: Star tracker attack; CROW project and data-driven machine learning
• 18:08 — Supply chain vulnerability and security evaluation highlights
• 19:42 — Training AI models with simulated attack data

Episode Tone

The episode is informative, collaborative, and enthusiastic, blending technical depth with clear, accessible explanations for space and cybersecurity professionals as well as interested generalists.

Summary

BigBear.ai’s Space CREST platform demonstrates how high-fidelity simulation, AI, and rigorous red-teaming are transforming vulnerability discovery and cyber resilience in space systems. Via digital twins, accelerated scenario testing, and real hardware integration, the company is driving both innovation and practical, actionable improvements—helping the space sector address emerging vulnerabilities and supply chain complexities before they manifest in orbit.

Closing Thought:
The intersection of space and cybersecurity is no longer theoretical—BigBear.ai’s work shows that digital engineering, simulation, and advanced analytics are now essential tools for safeguarding the rapidly expanding space ecosystem.