Laying the IT Groundwork for a Crowded Space Economy
Private companies from OneWeb, Boeing, and Amazon to SpaceX are busy flooding Low-Earth Orbit (LEO) with thousands of small satellites to deliver high-speed internet and other services to the most remote corners of Earth. Add to that dozens of more specialized mini-constellations that track anything from ship movements to natural catastrophes and greenhouse gas emissions. In short, we are wrapping our planet with a novel type of nervous system that can detect minute events or disturbances with a resolution down to a few meters or feet.
While these boom times thrill launch companies and hardware and software developers, most discussions around the impending traffic jam miss a crucial point. If we want to make sure the space economy takes off, we must lay a reliable terrestrial groundwork now. That means putting an IT architecture in place that’s simple, safe, secure, and scalable to accomplish several objectives simultaneously.
As the industry keeps growing, hundreds of startups — plus aerospace incumbents —will add thousands of employees to deal with design, testing, launches, and operations, plus analyzing the rich data streams those satellites generate and which companies want to monetize. Companies need to manage a rapidly growing workforce, prevent unauthorized access and intrusions and be ready to add new services as their portfolio will almost certainly expand.
Based on my company’s work with satellite clients such as GHGSat, Momentus, and High Precision Devices (now part of FormFactor), I have seen that all segments of the industry — from builders and operators to the designers of sensor packages — face very similar challenges.
These companies have grown quickly and had to find a way to consolidate their IT operations without slowing down the launch preparations. This is not an easy task if you’re constantly adding new employees who have to be onboarded and whose rights and permissions have to be carefully managed to make sure they only work with apps and data sets they’re supposed to see or manipulate.
The reality is that most companies’ systems have been cobbled together over the years, with some parts on-premise and some in the cloud. Departments often add new services and servers, which eventually leads to a tangled mess. For instance, engineers have to remember multiple sign-on ID and password combinations, which wastes time and creates unnecessary tech support issues when someone is accidentally locked out.
What’s worse, the ID and password mess increases the risk of intruders gaining access for mischief, espionage, or sabotage. Most attacks still are carried out by social engineering tricks or using a human vector to get into a target system. Managing such a jumble of IT components, multiple operating systems and servers, and confusing user roles is the bane of every startup coping with plenty of other growing pains. It’s even more relevant for highly sensitive and costly aerospace operations, where access to, sometimes classified, data is highly compartmentalized.
Imagine what inventive hackers could do, for instance, if they were able to tap into the satellite feeds and analytics stream around the greenhouse gas emissions of a large oil and gas company or the maintenance schedule of a satellite constellation.
Many companies have found a way to simplify their terrestrial ops by “battening down the hatches.” They deploy a unified system with a single sign-on across all parts of the organization and maintain a centralized local database of their users. It lets them manage the roles and permissions for every team member on their own server instead of entrusting it to a big cloud provider. In fact, even installing that ID server is usually handled by internal staff only, not outside contractors.
Going that route has several benefits. It makes onboarding of new employees and managing existing staff easier, thereby hardening the whole IT architecture. The same goes for a clear and clean audit trail, often mandatory for regulatory and government compliance. If a satellite company has everything on one system and in one dashboard in-house, there’s little wiggle room when questions come up about who had access to what data or apps at what times and made what changes.
Localizing terrestrial ops has another advantage. It lets companies maintain better control over all their data, starting with the seemingly innocuous metadata. While the proprietary files themselves may be encrypted in transit and/or at rest with a cloud provider, the metadata wrappers around them, from timestamps to IP addresses or locations, rarely are and can, in fact, be sold to third parties.
Logging in at a certain location or joining a corporate Wi-Fi network can provide outsiders with valuable intelligence as to which company is negotiating the next big deal with whom. Aerospace startups are therefore well advised to check with their IT providers how they handle metadata. Again, a local, open-source option is in many cases the safer bet.
As programs for small and cubesats proliferate and the cost of launching one keeps dropping, the danger of data breaches in this industry is both real and growing. These hacks will have costly consequences long before a mishap in space garners headlines. It’s high time to think about safety on the ground before you hit the launch button.
Kevin Korte is the President of Univention North America, where he is responsible for the US team and helps clients use open source identity management systems.