NDG’s Childers on Improving Cybersecurity for Satellites
Chris Childers, founder and Chief Executive Officer (CEO) of the National Defense Group, is in a good position to talk about cybersecurity. His firm supports Department of Defense (DOD) prime contractors with both offensive and defensive cybersecruity capabilities. In an exclusive interview with Via Satellite, Childers points out the potential weaknesses that satellite operators must consider and how, up until recently, security has been seen as more of an afterthought.
Childers will take part in a panel titled “Fact Vs. Myth: What We Know So Far As It Relates To Cyberattacks in Aerospace and Satellite” at the CyberSat 2017 Summit on Nov. 7.
VIA SATELLITE: Could you describe how you see the cybersecurity competency of the satellite industry right now?
Childers: If you think about how long ago most of these satellites were made, we knew next to nothing about cybersecurity. [For] the industry in general, security has always been an afterthought until recently. If you don’t have people that are experts in offense and/or defense, and you’re trying to write software, you’re not really thinking about “How do I protect this 10 years from now?” That being said, the industry as a whole is almost certainly lagging.
VIA SATELLITE: What are some of the weaknesses satellite operators need to immediately address?
Childers: For instance, to the best of my knowledge, there are no Personal Security Products (PSPs) — what you would consider an antivirus program — for any kind of device we would have in space. I know if I was tasked to get into [a ground station] it wouldn’t be as hard as you would think, especially since the ground stations’ primary business is uptime, not stopping adversaries. If you’re focusing on uptime and throughput, you’re not focused on plugging holes.
Think of it in terms of an office building — if you’re so concerned with putting the building up, you’re not going to be thinking about wiring the security system inappropriately, camera placement, and where the most optimal place to put security guards would be. You see people even in physical security trying to retrofit a building, and retrofitting a building is never as secure as doing it from the ground up. It’s the same thing with this whole cybersecurity initiative.
|Don’t miss our CyberSat Summit on Tuesday, Nov. 7 and Wednesday, Nov. 8 in Tysons Corner, VA, where leading experts on cybersecurity will share the best practices for achieving end-to-end protection within the satellite ecosystem. Register now!|
VIA SATELLITE: You’ve spoken about the downsides of using Commercial-Off-the-Shelf components. What’s the risk here?
Childers: One of the first steps in reverse engineering something is getting a copy of the software or hardware and seeing how it works. Are there flaws in its software? Are there flaws in its control flow that you could somehow exploit to make it do something it wasn’t quite designed to do — like give control over to somebody else? If I can get on eBay and in a day and a half have it delivered to my house, that’s a lot easier than, say, Lockheed Martin developing an aerospace [component] in-house that I can’t get a copy of. It makes it more of a black box that’s harder to crack apart.
VIA SATELLITE: Satellite operators are hoping to become more involved in new verticals such as connected car and Machine-to-Machine (M2M) communications. What are some things they need to keep top of mind?
Childers: The very number one thing that I would say they should do that I don’t see a lot of people doing across any industry is isolating your networks from each other. If you have a network that would be a high value target to an enemy, don’t connect it to your internet network at all. Very strongly safeguard any information transfer between some external network and this high value network.
Another thing they can do is step up their network control flow. Don’t have unnecessary ports open to go from network to the other — the more attack surfaces you give someone, the easier you make it for them to attack. Don’t have unnecessary services running on a server. Reducing the amount of vulnerability you have is really the main key.
VIA SATELLITE: Could you break down one myth for us ahead of the Fact vs. Myth panel at the CyberSat 2017 Summit?
Childers: People say, “Can you make my network unhackable?” The only way you’re ever going to make a network unhackable is to unplug all the devices, in which case it’s no longer useful. It’s very much a cat-and-mouse game. It’s very similar to making it impossible to break into my house. Really, the only way to do that is to tear the whole thing down because even if you don’t put any doors or windows in it you can cut a hole in the wall. It’s all a level of effort and people don’t really look at it that way.