Identifying vulnerabilities in space with Bigbear.ai.

T-Minus Space Daily: Identifying Vulnerabilities in Space with BigBear.ai

Date: September 13, 2025
Host: Maria Varmazas (N2K Networks)
Guests: Eric Conway (VP of Technology, BigBear.ai), Joe Davis (Cybersecurity Research Scientist, BigBear.ai)

Episode Overview

This episode spotlights the intersection of cybersecurity and space technology, focusing on the challenges of securing modern space systems. Maria Varmazas welcomes Eric Conway and Joe Davis from BigBear.ai to discuss how their Space Crest platform helps identify vulnerabilities in satellite hardware and software. The conversation explores digital engineering, simulation, real-world use cases, and how emerging tools can bolster space system resilience against cyber threats.

Key Discussion Points

1. The Vulnerability Landscape in Space Systems

Security Risks:
- Space systems face threats from software flaws, open-source and COTS component use, supply chain weakness, and physical inaccessibility.
- Increased complexity and reliance on commercial technologies heighten the risk of unauthorized access, data manipulation, DoS attacks, and satellite hijacking.
  
  “All of these issues create risks such as unauthorized access, data, interception and manipulation, denial of service attacks, and even the complete hijacking of satellites.” — Host, Maria Varmazas [01:39]

2. Introduction to Space Crest

What Is Space Crest?
- Space Crest stands for Cyber Resilience Evaluation, Security Testing.
- It integrates cybersecurity, space systems, AI, and data analytics to assess and enhance the resilience of satellites.
- Developed in partnership with Red Wire Space, leveraging their ACORN 2.0 digital engineering platform.
  
  “Space Crest is a perfect example of ... that intersection of cybersecurity, space, as well as artificial intelligence and data analytics.” — Eric Conway [04:43]

3. Simulating Satellites with the ACORN Platform

Digital Twins & High-Fidelity Simulations:
- ACORN 2.0 creates digital models of satellite components with varying fidelity and integrates both virtual and real hardware (e.g., star trackers, reaction wheels).
- These models simulate full satellite behaviors and interactions, not just isolated functions.
  
  “The strength of ACORN is that when we put those components into the environment, they talk to each other as though they would on the real satellite.” — Joe Davis [06:25]
- Simulation can be accelerated — allowing for “10,000 years of data” to be generated quickly, enabling exploration of attack scenarios not seen in the real world.
  
  “We can create hundreds, thousands, millions of scenarios ... and have literally 10,000 years of data in the palm of our hand.” — Joe Davis [06:25]

4. Cybersecurity Testing and Red Teaming in Space

Red Teaming in the Simulated Environment:
- The Space Crest platform incorporates offensive cybersecurity tools (e.g., Kali Linux, Metasploit) to test satellite defenses against a wide range of attacks.
- Real and simulated satellite systems can be attacked, observed, patched, and re-evaluated to measure the effectiveness of remediation efforts.
  
  “We built around this ACORN model, a full blown red teaming platform ... to simulate all sorts of cyber attacks on simulated as well as hardware in the loop and software in the loop satellite systems.” — Eric Conway [09:45]

5. The Industry’s Move Towards Digital Engineering

Mainstreaming Digital Twins:
- U.S. government contracts increasingly require digital engineering models (not just static CAD files).
- Large programs, like the Space Development Agency’s Proliferated Warfighter Space Architecture (PWSA), rely on digital modeling for integrating myriad vendor systems pre-launch.
- Digital engineering enables collaborative, stress-tested system design before building costly hardware.
  
  “Digital twins are they're not just a nice to have anymore, they're actually even being required by many government contracts.” — Joe Davis [12:25]

6. Real-World Use Cases & Success Stories

Lab Demonstrations:
- Integration of actual hardware (e.g., a star tracker) with simulated satellites proved the capability to perform realistic cyber assessments:
  
  “We were able to connect that into a virtualized version of a satellite. And then we were able to run cyber attacks against it that ... essentially took it offline. ... It was analogous to what a denial of service attack would be on a terrestrial based system.” — Eric Conway [15:43]
- Vulnerability findings (from simulation + reverse engineering) led to actionable security recommendations for hardware manufacturers, potentially improving supply chain resilience.
Ongoing Projects:
- Project CROW (Cyber Resilient on Orbit) in partnership with Proof Labs:
  - Simulated thousands of scenarios on a digital twin of the Moonlighter satellite (used in Hack-A-Sat by AFRL).
  - Data from these simulations trained machine learning models to detect and classify cyber attacks.
  “We generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data and we've trained ... machine learning models to be able to detect those ... attacks and classify which ... is happening at which time.” — Joe Davis [17:24]

7. Supply Chain Security Implications

Space systems’ global supply chain complicates provenance and security.
Evaluating and remediating each component via simulation helps mitigate these risks at scale.

“Doing that at scale would allow us to really address a lot of the supply chain problems ... the provenance of all of those devices and the software that runs those devices is not always known.” — Eric Conway [16:55]

Notable Quotes & Memorable Moments

On Simulation Power:

“Once we have the digital twin, we can experiment with scenarios ranging from adjusting orbital parameters to injecting simulated cyber events or hacking the system in real time.” — Joe Davis [07:16]
On the Future of Satellite Security:

“The overall goal is to increase the resilience of that spacecraft.” — Eric Conway [10:35]
On the Value to National Security:

“We’re bringing cybersecurity and artificial intelligence as well as space together to try to create a more resilient space architecture that’s only going to help our national security.” — Eric Conway [19:15]

Key Timestamps for Important Segments

01:39 — Introduction of Space System Vulnerabilities
04:43 — Overview of Space Crest Platform
06:25 — Detailed Explanation of the ACORN 2.0 Simulation Platform
09:45 — Red Teaming and Remediation Testing in Simulated Environments
12:25 — Industry Adoption of Digital Twins & Use in Major Programs
15:43 — Success Story: Simulated Star Tracker DoS Attack
17:24 — Project CROW and Training ML Models with Simulated Satellite Attacks
16:55 — Tackling Supply Chain Security with Digital Testing

Conclusion

This episode offers a deep dive into how platforms like Space Crest are transforming space cybersecurity. By leveraging high-fidelity digital twins and comprehensive red teaming, BigBear.ai is empowering industry and government alike to detect, understand, and remediate vulnerabilities—before real-world failures occur. The conversation underscores the increasing necessity for digital engineering in space and highlights how these innovations are already making space infrastructure safer and more secure.

T-Minus Space Daily: Identifying Vulnerabilities in Space with BigBear.ai

Date: September 13, 2025
Host: Maria Varmazas (N2K Networks)
Guests: Eric Conway (VP of Technology, BigBear.ai), Joe Davis (Cybersecurity Research Scientist, BigBear.ai)

Episode Overview

Key Discussion Points

1. The Vulnerability Landscape in Space Systems

Security Risks:
- Space systems face threats from software flaws, open-source and COTS component use, supply chain weakness, and physical inaccessibility.
- Increased complexity and reliance on commercial technologies heighten the risk of unauthorized access, data manipulation, DoS attacks, and satellite hijacking.
  
  “All of these issues create risks such as unauthorized access, data, interception and manipulation, denial of service attacks, and even the complete hijacking of satellites.” — Host, Maria Varmazas [01:39]

2. Introduction to Space Crest

What Is Space Crest?
- Space Crest stands for Cyber Resilience Evaluation, Security Testing.
- It integrates cybersecurity, space systems, AI, and data analytics to assess and enhance the resilience of satellites.
- Developed in partnership with Red Wire Space, leveraging their ACORN 2.0 digital engineering platform.
  
  “Space Crest is a perfect example of ... that intersection of cybersecurity, space, as well as artificial intelligence and data analytics.” — Eric Conway [04:43]

3. Simulating Satellites with the ACORN Platform

Digital Twins & High-Fidelity Simulations:
- ACORN 2.0 creates digital models of satellite components with varying fidelity and integrates both virtual and real hardware (e.g., star trackers, reaction wheels).
- These models simulate full satellite behaviors and interactions, not just isolated functions.
  
  “The strength of ACORN is that when we put those components into the environment, they talk to each other as though they would on the real satellite.” — Joe Davis [06:25]
- Simulation can be accelerated — allowing for “10,000 years of data” to be generated quickly, enabling exploration of attack scenarios not seen in the real world.
  
  “We can create hundreds, thousands, millions of scenarios ... and have literally 10,000 years of data in the palm of our hand.” — Joe Davis [06:25]

4. Cybersecurity Testing and Red Teaming in Space

Red Teaming in the Simulated Environment:
- The Space Crest platform incorporates offensive cybersecurity tools (e.g., Kali Linux, Metasploit) to test satellite defenses against a wide range of attacks.
- Real and simulated satellite systems can be attacked, observed, patched, and re-evaluated to measure the effectiveness of remediation efforts.
  
  “We built around this ACORN model, a full blown red teaming platform ... to simulate all sorts of cyber attacks on simulated as well as hardware in the loop and software in the loop satellite systems.” — Eric Conway [09:45]

5. The Industry’s Move Towards Digital Engineering

Mainstreaming Digital Twins:
- U.S. government contracts increasingly require digital engineering models (not just static CAD files).
- Large programs, like the Space Development Agency’s Proliferated Warfighter Space Architecture (PWSA), rely on digital modeling for integrating myriad vendor systems pre-launch.
- Digital engineering enables collaborative, stress-tested system design before building costly hardware.
  
  “Digital twins are they're not just a nice to have anymore, they're actually even being required by many government contracts.” — Joe Davis [12:25]

6. Real-World Use Cases & Success Stories

Lab Demonstrations:
- Integration of actual hardware (e.g., a star tracker) with simulated satellites proved the capability to perform realistic cyber assessments:
  
  “We were able to connect that into a virtualized version of a satellite. And then we were able to run cyber attacks against it that ... essentially took it offline. ... It was analogous to what a denial of service attack would be on a terrestrial based system.” — Eric Conway [15:43]
- Vulnerability findings (from simulation + reverse engineering) led to actionable security recommendations for hardware manufacturers, potentially improving supply chain resilience.
Ongoing Projects:
- Project CROW (Cyber Resilient on Orbit) in partnership with Proof Labs:
  - Simulated thousands of scenarios on a digital twin of the Moonlighter satellite (used in Hack-A-Sat by AFRL).
  - Data from these simulations trained machine learning models to detect and classify cyber attacks.
  “We generated thousands of scenarios worth of data with several different cyber attacks. And then we took that data and we've trained ... machine learning models to be able to detect those ... attacks and classify which ... is happening at which time.” — Joe Davis [17:24]

7. Supply Chain Security Implications

Space systems’ global supply chain complicates provenance and security.
Evaluating and remediating each component via simulation helps mitigate these risks at scale.

“Doing that at scale would allow us to really address a lot of the supply chain problems ... the provenance of all of those devices and the software that runs those devices is not always known.” — Eric Conway [16:55]

Notable Quotes & Memorable Moments

On Simulation Power:

“Once we have the digital twin, we can experiment with scenarios ranging from adjusting orbital parameters to injecting simulated cyber events or hacking the system in real time.” — Joe Davis [07:16]
On the Future of Satellite Security:

“The overall goal is to increase the resilience of that spacecraft.” — Eric Conway [10:35]
On the Value to National Security:

“We’re bringing cybersecurity and artificial intelligence as well as space together to try to create a more resilient space architecture that’s only going to help our national security.” — Eric Conway [19:15]

Key Timestamps for Important Segments

01:39 — Introduction of Space System Vulnerabilities
04:43 — Overview of Space Crest Platform
06:25 — Detailed Explanation of the ACORN 2.0 Simulation Platform
09:45 — Red Teaming and Remediation Testing in Simulated Environments
12:25 — Industry Adoption of Digital Twins & Use in Major Programs
15:43 — Success Story: Simulated Star Tracker DoS Attack
17:24 — Project CROW and Training ML Models with Simulated Satellite Attacks
16:55 — Tackling Supply Chain Security with Digital Testing

wavePod

Powered by Wave AI

Summary

T-Minus Space Daily: Identifying Vulnerabilities in Space with BigBear.ai

Episode Overview

Key Discussion Points

1. The Vulnerability Landscape in Space Systems

2. Introduction to Space Crest

3. Simulating Satellites with the ACORN Platform

4. Cybersecurity Testing and Red Teaming in Space

5. The Industry’s Move Towards Digital Engineering

6. Real-World Use Cases & Success Stories

7. Supply Chain Security Implications

Notable Quotes & Memorable Moments

Key Timestamps for Important Segments

Conclusion

Summary

T-Minus Space Daily: Identifying Vulnerabilities in Space with BigBear.ai

Episode Overview

Key Discussion Points

1. The Vulnerability Landscape in Space Systems

2. Introduction to Space Crest

3. Simulating Satellites with the ACORN Platform

4. Cybersecurity Testing and Red Teaming in Space

5. The Industry’s Move Towards Digital Engineering

6. Real-World Use Cases & Success Stories

7. Supply Chain Security Implications

Notable Quotes & Memorable Moments

Key Timestamps for Important Segments

Conclusion