WASHINGTON: Two major aerospace industry groups are cooperating on cybernetic information sharing, outreach, education and awareness to improve the safety of space operations.
The agreement between the American Institute of Aeronautics and Astronautics and the Space Information Sharing and Analysis Center comes at a time when recent cyber incidents in other industries have highlighted an information-sharing deficit. The apparent lack of information sharing has recently been raised numerous times by Congress and others, and addressed for defense contractors and federal entities in the recent Cyber ââEnforcement Executive Order.
This deal is remarkable because the space industry is proactively moving forward on sharing e-information instead of waiting to be forced to act by government through law or regulation. There is a broad consensus within the cybersecurity industry, major federal agencies (e.g. CISA) and Congress on the need and benefits of better sharing of cyber information, but such initiatives can stall. on sticking points about how exactly to do it. This partnership could serve as a model of what is possible for other industries in cybersecurity information sharing, awareness raising, education and communication.
âOne of the things we think about in advancing the art and science of aerospace is that sharing cybersecurity information occurs at much more fundamental levels,â said Steve Lee, senior director of cybersecurity and new product development at AIAA. Break the defense in an interview. âWe often talk to each other one after another,â he said, stressing the importance of things like shared vocabulary when communicating about cybersecurity.
The collaboration expands the efforts of both organizations. Space ISAC will provide cyber-specific information and resources directly applicable to the aerospace industry. The IAA will bring industry-specific specialist knowledge, as well as the reach of industry, education and publishing.
Space ISAC, launched in 2019, is one of the most recent of 25 national ISACs established since the 1990s to help US federal agencies work with industry sectors to counter and recover from cyber attacks by sharing information on vulnerabilities, mitigation measures and response options. As Break D readers may recall that ISAC space was a key priority of the National Security Council of the last administration.
AIAA is the world’s largest technical aerospace company. In addition to this partnership, the IAEA runs other space-focused cybersecurity programs, such as a Capture the Flag event at this week’s RSA conference – the largest in the cybersecurity industry – and Aerospace Village at DEFCON, one of the industry’s longest-running conferences for cyber pros. The IAEA also has a similar agreement with Aviation ISAC.
The members of the IAEA and Espace ISAC include aerospace defense entrepreneurs, as well as companies in the growing private space industry.
âThe ISAC space is in the cyber trenches. It makes sense that we have our heritage in science and research tied to practitioners, âsaid Lee.
Space ISAC Executive Director Erin Miller said in a press release that the two groups working together âis a wonderful complement. We are currently formalizing our partnership and expect its impact to be seen through workforce development efforts, education, space sector cybersecurity awareness, etc.
Break the defense contacted Space ISAC for further comment, but did not receive a response until publication.
Many people may think of cybersecurity only in relation to computers, servers, and terrestrial networks, but the space industry faces unique threat vectors, such as satellite hacking. There are also common threats, vulnerabilities and risks, and the space industry can learn from cyber incidents in other sectors, Lee noted.
âWe are all monitoringâ these cyber incidents, Lee said. âWe don’t have a parish vision, thinking that because it happened there [in that industry], it can’t happen here [in the space industry]. When we think of cyber, we don’t just think of space assets. We obviously live in a connected way. “
Lee said two of his top cybersecurity concerns in the space industry were similar to those other industries face.
âI think the biggest type of concerns and issues related to space cybersecurity is the interface between corporate IT and [operational technologies] to control launches and systems, âLee said. As Break D as readers know, the NSA recently advised all industries to review their OT security. Cyber ââincidents at the Colonial Pipeline and Oldsmar Wastewater Treatment Plant in Florida highlight OT safety concerns in other industries.
âThe other thing is the supply chain,â Lee said. âWhat are the chips, gadgets and code that are inside our systems? It is a growing concern. And the risks associated with the space supply chain are becoming increasingly complex as the industry grows. âIt’s like we’re victims of our own success,â Lee said. “When things were smaller, it was easier to keep the bad guys away.”
Lee noted that people in the space industry often focus on design and development, with cybersecurity usually only happening after the fact – which isn’t too different from many industries. He wants to see this change. âFrom conceptualization, the same way we think about security, we should also think about cybersecurity,â he said. âWe would never have designed and built anything mature without a solid conversation between the people who build the fenders and the engines and the people who design the bus.â
The two organizations have worked together in the past. In 2020, Space ISAC and AIAA partnered with a cyber-focused tabletop exercise at the AIAA ASCEND conference, which brought together 3,000 aerospace professionals from around the world. The plan is to build on past efforts and expand them into the future.
âIt’s a long game,â Lee said. “It will take time for this to materialize.”