Air Force knocking down stovepipes to shore up space cybersecurity

by

Cybersecurity is a growing concern for everyone who relies computers. The U.S. Air Force Space and Missile Systems Center (SMC) faces unique challenges, however, because it uses an extensive array of ground systems that in some cases are decades old to communicate with the individual satellites and constellations the U.S. military relies on during peacetime and conflicts. This “stovepipe” architecture is expensive to maintain and so complex people have trouble discovering all the ways the systems could be vulnerable to cyberattack.

The Space Defense Task Force coordinates three ambitious Air Force initiatives designed, in part, to remedy the problem: Enterprise Ground Services (EGS), a program that includes development of a common ground system for military satellites; the Enterprise Battle Management Command and Control System, an effort to provide a secure hardware and network infrastructure, common data standards and applications to enable space operational command and control at multiple locations including the Joint Interagency Combined Space Operations Center and the Joint Space Operations Center; and Enterprise System Engineering, which establishes policies and procedures, defines interfaces and allocates requirements across multiple SMC systems to ensure the enterprise defends U.S. space assets.

The Space Defense Task Force brings those programs together “because they are cross-cutting, horizontal-impacting efforts that affect the entire center and all the weapon systems that SMC produces,” Col. Brian Bracy told SpaceNews correspondent Debra Werner in a recent interview.

Air Force Col. Kevin Massey directs the Air Force Space Defense Task Force. Col. Brian Bracy, serves as its deputy. Bracy was previously the Satellite Operations Branch chief for Air Force Space Command’s Strategic Plans, Programs, Requirements and Analysis Directorate at Peterson Air Force Base in Colorado Springs.

What is the Space Defense Task Force’s goal? 

Our task is to ensure all those systems fit into an architecture that we are able to protect, defend and be ready to use in a war that extends into space. Our objective is if deterrence fails, to fight and win a war that extends into space through the enterprise-level efforts.

Col. Brian Bracy, Deputy, Space Defense Task Force, U.S. Air Force Space and Missile Systems Center
Col. Brian Bracy, Deputy, Space Defense Task Force, U.S. Air Force Space and Missile Systems Center

 How important is cybersecurity to protecting Air Force space capabilities?

Space is not unique to any other domain. Cybersecurity is critical for all aspects, across all domains in the Air Force. We run on IT networks just like anybody else does. Obviously, we need to protect those to enable our systems to actually work. If we don’t have cybersecurity in place and something goes wrong with our IT, we have a little bit of difficulty connecting to our space assets.

What challenges does the Air Force face in securing its satellite networks?

There is a lot of legacy, older equipment out there that was fielded without cybersecurity in mind. Getting our arms around the diversity of that equipment and how we can tailor solutions to defend each one of those architectures is not an insubstantial amount of work. The challenge is to provide something that we can defend better and then to migrate that in some way, shape or form into something that can defend the enterprise versus defending individual stovepipes with targeted solutions.

What impact does the stovepipe architecture have on cybersecurity?

Right now, when we deliver a cyber solution, it’s a point solution for a particular architecture. That costs more dollars and corresponds to more manpower. We need the ability to minimize the number of people following each weapon system and we need to aggregate the information so I can have an enterprise view of what my cyber environment looks like. We can’t do that right now with stovepipes.

As the Air Force moves toward common ground systems, what impact does that new architecture have on cyber security? 

It makes it easier to field solutions that we can monitor at an enterprise level and take actions to defend going forward.

Does it also create one big target?

The interesting thing about that is right now, our cyber surface attack area for all our stovepipes is very large. It is so large that it can be difficult to understand what’s happening within those environments with the resources we have at our disposal. By collecting them together, it does create a big, fat, juicy target, but it does allow us also to focus our resources on understand what’s happening in those environments. Right now, we are struggling to understand what’s happening.

How is the Air Force working with industry to improve cyber security of space systems? For example, do you share information on threats? 

That’s outside of what the Space Defense Task Force is supposed to do. You have to talk to the intelligence community. We have just spent a lot of time collecting information from the intelligence community. The overall intelligence community is working toward being able to identify what that cyber threat looks like and being able to push that out to us, so we can take actions towards defending against those threats.

Commercial satellite networks, including the ones the Air Force relies on for communications, are becoming parts of large terrestrial networks. Does that raise any issues or concerns?

Absolutely. If we are going to extend our networks to talk to commercial parts, we are obviously expecting them to have the same level of cybersecurity as is expected inside the DoD. There’s a push-pull relationship. On the commercial side, they feel they are doing cybersecurity very well and, in some cases, may not be willing to make the investment to meet the DoD standards we expect without seeing the return on investment. Those are some of the things we are working through right now to figure out how we can increase our resilience by reaching out to the commercial folks but still ensure that we have the same level of protection we expect.

Any other comments you would like to make about cybersecurity?

It’s a constantly evolving area. We are paying attention. We are trying to figure out what we have to do at an enterprise level to defend all the assets that we have right now. Our challenges are not unique to space. It comes with the entire Air Force from air breathing platforms, helicopters, et cetera. All of them are going through the same challenges that we are on how to defend our mission systems against the cyber threats that are out there.

This article appears in the April 10, 2017, issue with he headline “Knocking down stovepipes to shore up cybersecurity.”