Government, industry officials share small satellite cybersecurity concerns

by

MOUNTAIN VIEW, Calif. – Cybersecurity was a recurring theme at the SmallSat Symposium here.

Defense and intelligence agencies are eager “to leverage the capabilities that are coming out of small satellites and networks,” Fred Kennedy, former head of the Pentagon’s Space Development Agency, said Feb. 5. However, leaders of both classified and unclassified space programs are concerned about “cybersecurity and data integrity,” he added.

Government agencies have traditionally owned and operated the satellites and networks that perform critical functions like missile defense. Because they designed and operated the networks with cybersecurity in mind, they were confident outsiders could not penetrate the networks, Kennedy said.

“The fear is if they were to hand those keys over to a private-sector entity, they would no longer have control,” said Kennedy, now the vice president for future missions at launch startup Astra Space. Communications related to detection of nuclear missiles is not the type of activity government agencies “feel comfortable entrusting to anyone,” he said.

Within government agencies, there has been “a lot of solemn discussion” on this topic, Kennedy said. “So far, I’d say the outcome is decidedly on the side of being afraid to hand all this off to any commercial entity. I believe that’s a mistake because I think this community is as concerned about data integrity and cybersecurity as the Department of Defense and probably is more capable of implementing it. The challenge will be to convince folks in the defense and intelligence community that that’s a doable do.”

Gen. John “JT” Thompson, Air Force Space and Missile Systems (SMC) Commander, sounded a somewhat more optimistic note in his Feb. 4 keynote address.

The Air Force is eager to work with small businesses and companies that haven’t traditionally been government contractors to make sure their systems are “maybe not cyber proof, because I’m not sure there is such a thing, but as cybersecure as possible,” Thompson said. “The cyber threat continues to evolve and we need to build systems that through mitigation or incremental improvements can evolve with that threat to maintain their cybersecurity.”

The problem is not likely to be solved with “pages and pages of Defense Federal Acquisition Regulations guidance,” Thompson said. A more promising approach, he added, would be to “enlist the help of folks that work everyday for the banking industry, the Social Security Administration and the Internal Revenue Service. Let’s work with those companies to ensure we are building weapon systems and an architecture that is as cyber resilient as it can be against an evolving threat.”