T-Minus Space Daily: Space Vulnerabilities with the Aerospace Corporation Hosted by Maria Varmazes | Released on April 19, 2025

Introduction: Changing Perceptions in Space Cybersecurity

In this episode of T-Minus Space Daily, host Maria Varmazes delves into the evolving landscape of space cybersecurity. The discussion centers around the growing recognition that space assets are not immune to cyber threats, challenging the longstanding belief in the inherent security of space-based objects due to their physical separation from terrestrial systems.

Guest Introduction: Jim Myers of the Aerospace Corporation

Maria welcomes Jim Myers, the lead of the Civil Systems group at the Aerospace Corporation. With a rich background spanning satellite design, cybersecurity business management, and extensive experience in the aerospace defense sector, Myers brings invaluable insights into the current state of space cybersecurity.

Jim Myers:
"I'm the lead for what we call our Civil Systems group, spanning customers in the civil, federal space as well as commercial and international sectors."
[02:10]

Evolving Awareness of Cyber Threats in Space

Myers highlights a significant shift in cybersecurity awareness within the space industry. Fifteen years ago, many organizations underestimated their vulnerability, often dismissing potential threats with an overreliance on the perceived "air gap" in space. However, recent years have seen a paradigm change, with senior leaders acknowledging that "Space systems will be the next front of the cyber conflict."
[04:30]

Maria echoes this sentiment, noting the persistent challenge of moving away from the complacent "we're fine" mentality. Myers attributes the growing acknowledgment of cyber threats to increased sophistication among aerospace customers and the Aerospace Corporation's trusted, independent relationship with them.

Challenges in Protecting Space Assets

Myers discusses the inherent vulnerabilities in space systems, especially those with extended operational lifespans. Many satellites, designed decades ago, lack built-in cybersecurity protections because such threats were not considered during their creation.

Jim Myers:
"You just don't have any protections built in, because nobody was having that conversation with you 25 years ago. It wasn't anywhere in the requirements."
[10:10]

He emphasizes that modern satellites, especially those part of large constellations like Kuiper, OneWeb, and Starlink, present unique challenges. The interconnected nature of these systems means a single vulnerability can potentially compromise an entire network of satellites.

Defense in Depth and Cyber Hygiene

A cornerstone of effective cybersecurity, as discussed by Myers, is the concept of "defense in depth." This involves implementing multiple layers of security to protect assets, ensuring that if one layer is breached, others remain intact to prevent a full-scale intrusion.

Jim Myers:
"Whatever you would define as traditional cybersecurity for space-based assets... it isn't defense in depth and you need that."
[23:18]

He advocates for integrating cybersecurity measures at the system architecture level, ensuring that protection is built into the very foundation of space systems rather than being an afterthought.

Aerospace Corporation's Tools and Solutions

Myers provides an overview of the Aerospace Corporation's suite of cybersecurity tools designed to enhance the security of space assets:

• Space Cop (formerly Starshield): An intrusion detection system deployed on a cubesat, utilizing early AI applications to differentiate between legitimate signals and potential intrusions.

• Sparta: A tool focused on identifying and mitigating cyber threats in space environments.

• Dark Sky: A training range dedicated to cybersecurity training, ensuring that teams are well-prepared to handle cyber threats.

Jim Myers:
"We have Sparta, Dark Sky, and the DARs detection and reporting System, which is another prototype."
[13:36]

These tools are continuously evolving, informed by real-world incidents such as the Viasat hack, to provide robust protection and proactive threat management for their clients.

Understanding the Threat Landscape

Addressing the current threat landscape, Myers notes that federal customers like the Department of Commerce, NASA, and DHS are highly attuned to cybersecurity risks. However, legacy systems remain vulnerable due to their age and the absence of initial cybersecurity considerations.

Jim Myers:
"If we were just talking about those three organizations, Kuiper, OneWeb, and Starlink, my intuition is they know what to do there."
[21:02]

He underscores the importance of continuous monitoring and updating of cybersecurity measures to protect both existing and new space assets, especially as missions expand to include lunar operations and beyond.

Advice for Private Industry

When addressing private sector stakeholders, Myers offers pragmatic advice:

1. Integrate Cybersecurity from the Outset:
   "Build cyber into your requirement set. That's the best advice I can give."
   [18:01]

2. Consider the Unique Challenges of LEO Constellations:
   The proliferation of low Earth orbit (LEO) satellites necessitates robust cybersecurity measures to prevent vulnerabilities from cascading across entire constellations.

3. Maintain Cyber Hygiene Despite Design Constraints:
   Balancing the need for lightweight, cost-effective satellites with the imperative of cybersecurity is crucial to prevent threats from exploiting system interconnectivity.

Myers emphasizes that even in mass-produced satellite systems, maintaining a high standard of cybersecurity is essential to safeguard against potential widespread impacts.

Final Thoughts: Securing the Future of Space Operations

In his concluding remarks, Myers reiterates the necessity of embedding cybersecurity into the architectural design of space systems. He highlights the Aerospace Corporation's commitment to supporting customers in designing secure and resilient systems, ensuring their longevity and reliability.

Jim Myers:
"The way you get cyber right is at the system architecture level... setting your requirements and getting those requirements right."
[23:18]

He remains optimistic about the industry's progression, noting that proliferated LEO constellations are becoming smarter and more secure through continuous design evolution. Myers looks forward to ongoing collaborations aimed at enhancing the security and resilience of space assets.

Key Takeaways

• Shift in Perception: The space industry's view on cybersecurity is evolving from complacency to proactive protection.
• Legacy Vulnerabilities: Older satellites often lack built-in cybersecurity measures, posing significant risks.
• Defense in Depth: Implementing multiple security layers is crucial for protecting space assets.
• Proactive Tool Development: The Aerospace Corporation is developing and refining tools like Space Cop and Sparta to enhance space cybersecurity.
• Private Sector Advice: Integrate cybersecurity from the beginning, especially for large satellite constellations, to mitigate widespread vulnerabilities.
• Continuous Evolution: The space industry's security measures must adapt continuously to counter emerging threats effectively.

This episode underscores the critical importance of cybersecurity in the rapidly expanding domain of space operations. Through insightful discussions with experts like Jim Myers, listeners gain a comprehensive understanding of the challenges and solutions essential for safeguarding the future of space exploration and utilization.