Identifying vulnerabilities in space with Bigbear.ai.

A

You're listening to the N2K space network.

B

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot at Talas. They know cybersecurity can be tough and you can't protect everything, but with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more at thalesgroup.com cyber.

A

Space systems can be vulnerable software flaws, supply chain weaknesses and physical inaccessibility of satellites, all compounded by increased reliance on commercial off the shelf parts, open source components and complex ground networks. All of these issues create risks such as unauthorized access, data, interception and manipulation, denial of service attacks, and even the complete hijacking of satellites. So with all that said, what tools and technologies make it easy to perform vulnerability research on hardware components? Big Bear AI thinks that they have a sol. This is T minus Deep Space. I'm Maria Varmazas. Today's guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity research scientist at BigBear AI.

C

My name is Eric Conway. I'm the Vice President of Technology at Big Bear AI. We are an AI provider and we provide decision support to customers across the military, the Department of Defense, the Department of Homeland Security as well as in the intelligence community. My background is as a software engineer supporting cybersecurity related missions and AI related deployments for about the last 25 years. Now with Big Bear AI.

A

Fantastic. Thank you. Joe, over to you.

D

Yes, hello, I am Joe Davis. I am a cybersecurity research scientist with Big Bear AI. I've been with the company going on four years and my background is also in software engineering as well as cybersecurity vulnerability assessments quite a bit with telecommunications systems and various other domains, power control systems, scada, any kind of equipment like that is where my background has been. Since coming over to Big Bear I have switched my focus over a little bit to the space domain, which is, I think, what we're going to be talking about today.

A

Yes, indeed. We are a space show. So I'm very interested in all things space. And gentlemen, thank you both for joining me today. And my background is for years I worked in in house and cybersecurity on the comms team. So I'm always really happy when I get to do space and cybersecurity. It just makes me very, very happy. So I'm thrilled that I get to be speaking to you both today. And I would love to learn about one of the offerings that Big Bear has, Space Crest. This is fascinating. I was wondering, could you guys walk me through this?

C

Great question, Maria. Thank you. Space Crest. The CREST in Space Crest, by the way, stands for Cyber Resilience Evaluation, Security Testing, or crest. So it is a long acronym. Space Crest is a perfect example of what you just referenced. It's that intersection of cybersecurity, space, as well as artificial intelligence and data analytics. That's what spacecrest essentially is. It's a combination of all of those different techniques, but applied specifically at the challenge of helping to create more resilient space systems for our national security as well as for commercial companies that are working in space. Spacecrest originated at Big Bear AI in our Innovations Lab. People like Joe and I work in the innovations area at Big Bear AI, and we're always looking for new ways to bring together some of these skills, cybersecurity or artificial intelligence. And spacecrest evolved through a partnership with a company called Red wirespace. They have a modeling and simulation platform that I'll let Joe talk in detail about. But the hypothesis was posed, can you create a cyber range for space systems using a high fidelity physics model? So we started integration and implementation of that in our laboratories. And then now we have spacecrest. And I'll turn it over at this point to Joe to talk more in detail about what spacecrest is specifically.

D

All right, so Big Bear's space Crest is enabled by the Acorn 2.0 digital engineering platform that Eric referred to. Created by our Red Wire Space partners, ACORN allows us to create models of satellites of varying levels of fidelity based on the needs of the problems that we're trying to solve. It lets us build digital twins from models, simulators, emulators, or even real hardware that we might be able to get from these spacecraft, such as, say, star trackers, reaction wheels, power systems, or payloads of the satellites themselves. The strength of ACORN is that when we put those components into the environment, they talk to each Other as though they would on the real satellite. So if widget A sends a message to widget B and widget B then changes an actuator on the satel, that whole communication occurs within this high fidelity simulation environment. It gives us higher fidelity than just a simulator that's modeling the orbital mechanics and stuff like that. Once we have the digital twin, we can experiment with scenarios ranging from adjusting orbital parameters to injecting simulated cyber events or hacking the system in real time. ACORN has the ability to run in an accelerated mode as well, which is really important to us. That lets us build scenarios that we just couldn't even get in real time with real satellite data. So we could create hundreds, thousands, millions of scenarios and run them in an accelerated mode where we can collect that data up in a couple hours or a day and have literally 10,000 years of data in the palm of our hand.

A

Wow. Yeah. I often wonder about these kinds of simulation modes. As you mentioned, obviously there's a huge advantage in being able to do this not on the actual system. You don't want to do that, you don't want to test the production. Right. And what are the other advantages there? And that is 10,000 years of data not otherwise easily acquired. And. But that's quite amazing.

D

Yes. And at that point you're really also only limited by your own imaginations of what kind of scenarios you can come up with. So for example, we have built out scenarios for cyber attacks that have not happened in, in the real world in an unclassified sense. Right?

A

Yeah.

D

These attacks may be happening in classified environments, but you know, they're not something that you would find in the news.

A

Right. That's fascinating. I'm wondering about the remediation insights that this kind of testing would provide. Also, as you mentioned, a situation where I imagine a provider hasn't encountered a certain attack being able to test how their systems do. And that would be a really fascinating exercise.

C

That is the end goal of what Space Crest is all about. It's about trying to uncover the vulnerabilities that could affect the resilience of a space system. And then to identify and test the remediations that we could apply to try to close up those vulnerabilities. We built around this ACORN model, a full blown red teaming platform using red teaming tools, things like Kali, Linux and Metasploit. And these allow us to simulate all sorts of cyber attacks on simulated as well as hardware in the loop and software in the loop satellite systems. From that we can understand where some of those vulnerabilities might be. We can try to find ways to patch those vulnerabilities and then we can re evaluate the scenario and identify whether that remediation was effective or not. And the overall goal is to increase the resilience of that spacecraft.

A

We will be right back.

C

Does it ever feel like you're a marketing professional just speaking into the void? But with LinkedIn ads you can know you're reaching the right decision makers. A network of 130 million of them. In fact, you can even target buyers by job title, industry, company seniority, skills and did I say job title? See how you can avoid the void and reach the right buyers with LinkedIn ads. Spend $250 on your first campaign and get a free $250 credit for the next one. Get started at LinkedIn.com Campaign terms and conditions apply.

A

Ford BlueCruise Hands Free highway driving takes the work out of being behind the wheel, allowing you to relax and reconnect while also staying in control. Enjoy the drive in BlueCruise enabled vehicles like the F150 Explorer and Mustang Mach E. Available feature on equipped vehicles. Terms apply. Does not replace safe driving. See Ford.com BlueCruise for more details. I'm wondering if Eric or Joe or both really, if you can also speak to the need in the current space market for solutions like this Space Cyber, something I'm very personally interested in just to give context to this question and it has been fascinating watching it evolve in the past few years and it seems like spacecraft is coming in at a really crucial time right now.

D

In general, you're right, the industry as a whole is moving towards more and more digital engineering. Digital twins are they're not just a nice to have anymore, they're actually even being required by many government contracts. A contractor has to come in with digital engineering models, not just CAD files, but actual working models of how their system will work, how it'll integrate with other systems. One example of this is the proliferated Warfighter Space Architecture, the PWSA that's being developed by the Space Development Agency sda. It's a great example because right now they have a massive undertaking with lots of complexity, lots of different vendors and how are all those vendors going to come together and integrate well and hopefully get that sorted out and figured out well before they have built the multimillion dollar satellites. Ideally, digital engineering is how they can do that. If each of those Ve come in with models of their wares, then they could all be put together in various environments a lot like Space Crest. And not only that, they can be put under the rigor of situations that have not yet occurred, or that can be thought up and put on missions that can be thought up by the actual users of the pwsa.

A

So the next question I had was about any success stories. I always love to hear about any examples, anything that can really drive home some of the things that we've been talking about in real life situations. Anecdotes anonymously are completely understandable given the context of what we're talking about. But just any anecdotes at all would be really helpful to understand.

C

Well, let me start with a little bit of a background, and then, Joe, you can talk in whatever detail you can talk about. For some of our actual operational successes in our laboratory, we've seen a lot of success with spacecraft. We started out with the basic hypothesis I mentioned earlier, where we wanted to try to prove if we could create something akin to cyber range, where we could execute cyber attacks against a satellite system that is virtualized in this environment, we were able to prove that out. We were able to prove that there is enough fidelity in the modeling, in the simulation itself that we can get realistic enough communications and protocols into that virtual environment to actually do real evaluation of cybersecurity vulnerabilities. It also helps that the ACORN system has a very rich bridge API which allows us to integrate hardware and software into the loop and where they will function as if they're part of the purely virtualized satellite environment. And doing that, we were able to get some actual space components. In one case, a star tracker, which is a small device that uses the background sky to position the satellite in three dimensions in space. We were able to connect that into a virtualized version of a satellite. And then we were able to run cyber attacks against it that flooded it with way too many commands, for example, and essentially took it offline. It was analogous to what a denial of service attack would be on a terrestrial based system. So we were able to use that as a demonstration of how there is enough fidelity in a modeled environment to do true cybersecurity evaluation on it. We coupled that with a more traditional reverse engineer of the device, and we were able to uncover vulnerabilities in the firmware. So between the two, we could take that, and we now have a report that says to make this star tracker a little bit more secure, a little bit more resilient for avoiding those types of attacks. We can now go back to the manufacturer and we can give them that information. Doing that at scale would allow us to really address a lot of the supply chain problems that we see in the industry today. Satellites are made up of pieces of equipment that come from all over the world. It is a truly global supply chain and the provenance of all of those devices and the software that runs those devices is not always known. So having the ability to evaluate each device independently identify where the vulnerabilities are, could close up some of those supply chain issues as well. Joe, I think you have a few more examples of some successes we've had as well.

D

Yes, I'll add another really great example which comes from a current project that's ongoing and that I'm actually going to be talking about at the Value of Space Summit a little bit here in September. The project that I'm talking about is a. It's called Cyber Resilient on Orbit or crow. And it's a partnership that we have with a small business called Proof Labs. And remember I talked about the being able to create hundreds or thousands of scenarios within the spacecrest environment and being able to inject cyber events into those scenarios. Yeah, we have actually done that. We have generated thousands of scenarios with the Moonlighter satellite. We modeled a satellite after Moonlighter, which is with the satellite that was used for hack a SAT for afrl. And we generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data and we've trained now some. Some machine learning models to be able to detect those. Those different cyber attacks and classify which of those attacks is happening at which time.

A

This is a fascinating intersection of a lot of different things that I've been hearing about recently. And it's so, it's kind of geeking out a little bit. I'm like, this is really cool to hear it all being applied and it's just really fascinating knowing how it's being used in the field right now. So this has been really cool to learn about. I just want to thank you both for that because especially around the supply chain questions that I've been having. Eric, you kind of mentioned in your response something I've been wondering about for some time. So I really appreciate it. Eric and Joe, both of you, so much, walking me through so much of what you all are working on.

C

Well, thank you, Maria. We appreciate the opportunity to talk about what we're doing to bring cybersecurity and artificial intelligence as well as space together to try to create a more resilient space architecture that's only going to help our national security. So we appreciate the opportunity to talk about it. And thank you very much.

A

That's T minus Deep Space brought to you by N2K CyberWire we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like our show, please share a rating and review in your podcast app or you can send us an email. Thespace2k.com we'd love to hear from you. We're proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps space and cybersecurity professionals grow, learn and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Piltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I am your host, Maria Varmazes. Thanks for listening. We'll see you next time. Sam.