Podcast Summary: T-Minus Space Daily – "Should Space Be Designated as Critical Infrastructure?"

Episode Details:

• Title: Should Space Be Designated as Critical Infrastructure?
• Host/Author: N2K Networks
• Release Date: March 29, 2025
• Guest: Jake Braun, Executive Director of the Cyber Policy Initiative at the University of Chicago, former White House Principal Deputy National Cyber Director, and Chairman of DEFCON Franklin.

Introduction

In this episode of T-Minus Space Daily, host Maria Varmazes engages in a deep and insightful conversation with Jake Braun, a seasoned expert in cyber policy and former White House cyber director. The discussion centers around the critical question: Should space be designated as critical infrastructure? The dialogue explores the increasing reliance on space assets, the existing vulnerabilities, and the geopolitical implications of cyber threats targeting space.

The Importance of Designating Space as Critical Infrastructure

Maria Varmazes opens the conversation by highlighting the growing dependency on commercial spacecraft, citing that as of March 5, 2025, there are 11,833 active satellites, over 60% of which are commercial. This reliance underscores the pressing need to consider space as critical infrastructure.

Jake Braun elaborates on the government's role in this designation:

“...so much of our lives are governed by the satellites that are up in space. And the obvious example is GPS, but also a million other things.” ([05:13])

Braun explains that while there has been some opposition from the space industry due to potential increased regulations, the benefits of official designation include greater government support, such as funding for cybersecurity assessments and threat intelligence sharing.

Key Points:

• Government Support: Official designation would enable access to resources like cybersecurity assessments and threat intelligence via agencies like CISA.
• Industry Hesitation: Increased regulation and scrutiny are primary concerns for the space industry.
• Consensus on Importance: Even without formal designation, there is widespread agreement on the critical nature of space infrastructure.

Understanding the Attack Surface in Space

Maria probes deeper into whether the threats to space infrastructure are unique or similar to terrestrial threats.

Jake Braun responds emphatically:

“Absolutely not. They don't got it. And that's not their fault, like no one does.” ([09:32])

He draws parallels between cyber threats on Earth and those targeting space assets, emphasizing that traditional cyber attack methods are applicable to satellites and other space-based systems. Braun cites the example of Defcon's Annual Report, where hackers successfully executed a signal injection attack on VSAT modems using software-defined radios from Earth, demonstrating the vulnerability of space communication systems.

Key Points:

• Similarity of Threats: Cyber attacks on space infrastructure mirror those on terrestrial systems, including SQL injections and zero-day exploits.
• Example of Vulnerability: Hackers' ability to manipulate VSAT modems underscores the ease with which space assets can be compromised.
• Nation-State Capabilities: Countries like China, Russia, Iran, and North Korea possess the resources and expertise to exploit vulnerabilities in space infrastructure.

The Nature of Cyber Threats in the Space Domain

The conversation delves into the specific nature of cyber threats unique to the space sector.

Jake Braun explains the concept of zero-day vulnerabilities:

“A zero day refers to basically a new vulnerability that nobody knew about before... once we use it or release it, that'll be kind of the first time it was ever used and thus a zero day.” ([15:56])

He warns that nation-state actors meticulously search for and exploit these unknown vulnerabilities to gain unauthorized access to satellite systems, posing significant risks to global security and infrastructure.

Key Points:

• Zero-Day Exploits: Unpatched vulnerabilities can be weaponized by adversaries to disrupt space operations.
• Nation-State Threats: Advanced persistent threats from countries with significant cyber capabilities are a major concern.

Mitigating Cyber Risks: Best Practices for Space Companies

Maria raises the issue of how space companies, both large and small, can protect themselves against these cyber threats.

Jake Braun offers actionable advice:

1. Join the Space Information Sharing and Analysis Center (Space ISAC):

   “Even if you're a small company... it's worth it.” ([17:33])

2. Hire a Chief Information Security Officer (CISO):

   “If you don't have a CISO, hire a CISO. That's really important.” ([17:33])

3. Invest in Cyber Workforce Development:

   “Think about how they could bring on folks and do that are maybe not super duper cyber experts... but somebody who they can do on the job training.” ([19:50])

Braun emphasizes the importance of collaboration, information sharing, and developing a robust cybersecurity team to safeguard space assets effectively.

Key Points:

• Information Sharing: Participation in Space ISAC facilitates threat intelligence exchange.
• Leadership in Cybersecurity: A dedicated CISO is crucial for overseeing and implementing security measures.
• Workforce Training: Enhancing the cybersecurity capabilities of existing staff through training and certifications.

Geopolitical Context: The New Great Game

In his closing remarks, Jake Braun draws a parallel between historical geopolitical struggles and the current cyber and space domain conflicts:

“We're in the middle of a new great game... it's over the Internet and really it's between authoritarian countries... and democracies and space is clearly one of the main parts of the terrain...” ([21:06])

He underscores that the battle for cyberspace and space is a defining conflict of our time, with implications for global security and the free and secure functioning of societies.

Key Points:

• Historical Parallel: The struggle mirrors the "Great Game" between Russia and Britain, now transferred to the cyber and space arenas.
• Authoritarian vs. Democracies: The conflict is framed as a battle between authoritarian regimes and democratic nations over control and security in cyberspace and space.
• Long-Term Implications: This geopolitical tension is expected to shape international relations and security strategies for the foreseeable future.

Conclusion

The episode concludes with Maria Varmazes thanking Jake Braun for his valuable insights. Braun reiterates the importance of collective action in protecting space infrastructure from cyber threats and urges listeners to recognize their role in this ongoing geopolitical struggle.

Notable Quotes

• Jake Braun on Space as Critical Infrastructure:

  “So much of our lives are governed by the satellites that are up in space. And the obvious example is GPS, but also a million other things.” ([05:13])

• Jake Braun on Cyber Threats:

  “Absolutely not. They don't got it. And that's not their fault, like no one does.” ([09:32])

• Jake Braun Explaining Zero-Day Vulnerabilities:

  “A zero day refers to basically a new vulnerability that nobody knew about before... once we use it or release it, that'll be kind of the first time it was ever used and thus a zero day.” ([15:56])

• Jake Braun on Mitigation Strategies:

  “If you don't have a CISO, hire a CISO. That's really important.” ([17:33])

• Jake Braun on the New Great Game:

  “We're in the middle of a new great game... it's over the Internet and really it's between authoritarian countries... and democracies and space is clearly one of the main parts of the terrain...” ([21:06])

Final Thoughts

This episode of T-Minus Space Daily provides a comprehensive analysis of the critical intersection between space infrastructure and cybersecurity. Jake Braun's expertise sheds light on the vulnerabilities that underpin our reliance on space-based assets and the strategic measures necessary to mitigate these risks. As space becomes increasingly integral to global infrastructure, the conversation emphasizes the urgent need for collaborative defense mechanisms and robust cybersecurity frameworks to safeguard our celestial assets.

For more information and to listen to the episode, visit N2K Networks.