U.S. Air Force Boosts Space Cybersecurity Efforts after ‘Big’ Threat in 2013
THULE AIR BASE, Greenland — U.S. Air Force leaders have begun discussing ways to prevent cyberattacks on space programs by including cybersecurity experts earlier in the program’s formulation, according to a top Space Command official.
Specifically, leaders at the Air Force’s Space and Missile Systems Center in Los Angeles, which handles much of the service’s space acquisition efforts, are working to incorporate cybertechnologies sooner into requirements.
The move follows what Brig. Gen. Kevin Wooton, director of communications and information at Air Force Space Command, described in an interview with SpaceNews as a “big” cyberthreat.
Cyber has taken on increasing importance in recent years. In 2013, Mandiant of Alexandria, Va., a top cybersecurity firm, said aerospace and telecommunications companies, including satellite firms, have been frequent targets of a group of hackers believed to have Chinese military backing.
James Clapper, the U.S. director of national intelligence, said in testimony to the Senate Armed Services’ committee Feb. 11 that he expects many countries will develop offensive cyberweapons.
Wooton added that many of the cybertechnologies are relatively inexpensive to field, but defending against them can be costly.
Thus far, he said, the effort to include cybercapabilities into acquisition discussions has been “very successful.”
“It’s an awareness that, if you wanted to attack a space system, how would you do it?” he said. “We don’t want to leave that last backdoor available and a lot of times that [door] is through the cyberworld.”
Wooton, whose career has included assignments with intelligence commands, described the impetus for the cybersecurity discussions as an evolution. But after one particularly “big” threat in 2013, he said, the service’s cyberleaders had to “grab on to those moments” to turn awareness of cyberactivities into action.
He did not provide details of the threat.
Since then, Wooton said, Air Force leaders have learned that preventive measures for cyberattacks cost about half as much as responding later in the design process.
Because space systems are often complex and include technologies that span decades from an idea to launch to end-of-life, the decision to close potential cyberweaknesses can be “a monster cost” if the service waits to act, he said.
However, “if we had made that decision earlier, we can fix that,” Wooton said.
Cybervulnerabilities can be especially acute when the Air Force buys off-the-shelf modules that include outdated software without the proper protection, he said.
He did not have a hard number on the increased costs cyber has added to the military’s space portfolio but estimated that roughly 5-10 percent of a program’s costs can be tied to measures aimed at defending against a cyberattack, a figure that would translate to tens of millions of dollars annually.
As a result, the Air Force has had to rethink how it views some of its assets, such as the Air Force Satellite Control Network at Schriever Air Base in Colorado Springs, Colo. Once considered exclusively a space asset, it now also falls under the cyber domain.
The renewed focus is also likely to translate to more business opportunities for industry. In late spring, the Air Force is expected to release one of several requests for proposals that will help the Defense Department bolster its cyberdefenses using commercial services and solutions.
Marilyn Hewson, Lockheed Martin’s chief executive, said in a Jan. 23 earnings call the company was exploring cybersecurity opportunities.
Follow Mike on Twitter: @Gruss_SN