WASHINGTON: Two prominent aerospace industry groups are cooperating in the exchange of cyber information, awareness, education and dissemination to improve the security of space operations.
The agreement between the American Institute of Aeronautics and Astronautics and the Space Sharing Information and Analysis Center comes at a time when recent cyber incidents in other industries have revealed a deficit in information sharing. The apparent lack of exchange of information has recently been raised numerous times by Congress and others, in addition to having been addressed to defense contractors and federal entities in the recent computer executive order.
This agreement is remarkable because the space industry is proactively advancing the sharing of cyber information rather than expecting the government to be forced to act through laws or regulations. There is a broad consensus in the cybersecurity industry, key federal agencies (e.g., CISA), and Congress on the need and benefits of improving cyber information exchange, but these initiatives may remain in place. restricted points of how to do it, precisely. This partnership could serve as a model for what is possible for other industries in terms of exchanging, raising awareness, educating and communicating information on cybersecurity.
“One of the things we’re thinking in terms of advancing aerospace art and science is that the exchange of information about cybersecurity is happening at much more fundamental levels,” said Steve Brea Lee, manager senior cybersecurity and new AIAA product development in an interview. “We often talk to each other,” he said, noting the importance of things like shared vocabulary when communicating about cybersecurity.
The collaboration expands the efforts of both organizations. Space ISAC will provide cyberspecific information and resources directly applicable to the aerospace industry. AIAA will contribute with sector-specific knowledge, as well as industry, education and publishing reach.
Space ISAC, launched in 2019, is one of 25 newest national ISACs created since the 1990s to help U.S. federal agencies work with industry to frustrate and recover from cyberattacks by sharing information about vulnerabilities, mitigation measures, and answer options. As Breaking D readers recall, space ISAC was a key priority for the last administration’s National Security Council.
AIAA is the largest aerospace technical society in the world. In addition to this partnership, AIAA is running other space-focused cybersecurity programs, such as a flag-capturing event at this week’s RSA conference – the largest in the cyber industry – and the aerospace village. at DEFCON, one of the oldest conferences for cyber professionals. AIAA also has a similar agreement with Aviation ISAC.
AIAA and Space ISAC members include aerospace defense contractors as well as incipient private space industry companies.
“Space ISAC is in the cyber trenches. It just makes sense that we have our legacy in science and research related to professionals, ”said Lee.
Space ISAC Executive Director Erin Miller said in a press release that the two groups working together “is a wonderful complement. We are now formalizing our partnership and anticipate that the impact will be seen through efforts in the workforce development, education, space sector cybersecurity awareness and more. “
Breaking Defense turned to Space ISAC for additional comments, but learned nothing prior to the post.
Many people may think of cybersecurity only in relation to computers, servers, and terrestrial networks, but the space industry faces unique threat vectors, such as satellite hacking. There are also some shared threats, vulnerabilities and risks, and the space industry can learn from cyber incidents in other industries, Lee noted.
“We’re all watching” these cyber incidents, Lee said. “We don’t have a parish vision, thinking that because it happened there [in that industry], can’t happen here [in the space industry]. When we think of cyber, we don’t just think of space resources. Obviously, we live in a connected way ”.
Lee said two of his main concerns for the cybersecurity of the space industry are similar to those faced by other industries.
“I think the main type of concerns and issues related to space cybersecurity is the interface between enterprise IT and [operational technologies] to control releases and systems, “Lee said. As readers of Breaking D know, the NSA recently advised all industries to review their OT security. The cyber incidents of the Colonial Pipeline and Florida Oldsmar Water Treatment Plant highlights OT safety concerns in other industries.
“The other thing is the supply chain,” Lee said. “What are the chips, gadgets, and code in our systems? It’s a growing concern.” And space supply chain risks are becoming increasingly complex as the industry grows. “It’s like being a victim of our own success,” Lee said. “When things were smaller, it was easier to keep the bad ones out.”
Lee noted that people in the space industry often focus on design and development, cybersecurity usually occurs only as a result of later thinking, which is not too different from many industries. He wants to see this change. “From conceptualization, in the same way that we think about security, we should also think about cybersecurity,” he said. “We would never design and build anything mature without a solid conversation between the people who build wings and engines and the people who design the bus.”
Both organizations have collaborated in the past. In 2020, Space ISAC and AIAA teamed up in a cyber desktop exercise at the AIAA ASCEND conference, which brought together 3,000 aerospace professionals from around the world. The plan is to build on past efforts and expand them into the future.
“This is a long game,” Lee said. “It will take time for this to gain strength.”