Embed Size (px)
Citation preview
Copyright © 2016 Digijaks 1
ALAN W. SILBERBERG DIGIJAKS FOUNDER + CEO
GLOBAL CYBER SECURITY ON EARTH + IN SPACE
US GEOINT CONFERENCE 5.18.16
Copyright © 2016 Digijaks 2
Who am I and what is Digijaks?• Alan W Silberberg• Founder of Digijaks – Boutique Cyber Security Firm• Subject Matter Expert, Cyber Security to US SBA• Member, California Governor’s Cyber Security Task Force• Former US White House aide• Former US National Archives Task Force Member• Former Executive at Paramount Pictures
• Invented technology to utilize aspects of search + social media to defend against cyber attacks.
• Invented technology to change and alter search results.
Copyright © 2016 Digijaks 3
Summary Of Areas Covered• People• Ground Stations• Ground Station Hardware + Software• Uplinked Data• Downlinked Data• Terrestrial Platforms• Threat Matrix• Threat Actors• Suggested Changes
Copyright © 2016 Digijaks 5
3, 2, 1 – Liftoff is just beginning of challenges for satellite communications
Copyright © 2016 Digijaks 6
3, 2, 1 – Liftoff is just beginning of challenges for satellite cyber security
• The challenges mount from the moment of liftoff.
• Depending on the complexity of the payload and onboard data packages cyber security risks can only increase once in space due to problems and or failures on the ground, or in space.
• Cyber Security was an afterthought until only recently, so there are many gaps where legacy systems and legacy technology are in the clear, not encrypted, and not ready for a modern cyber attack.
Copyright © 2016 Digijaks 9
Internet = Anyone Anywhere 2 Track, Identify software, do enough open source *osint research to then move on to next phase of cyber security information collection prior to attack or breach of Ground, Person, Satellite LOTS OF DATA
Copyright © 2016 Digijaks 11
People and their Devices• BYOD• Social Engineering• USBs• WALK BY Photo/Video/SMS/Social Media• Laziness• Corruptness• Leveraged by Organized Crime or Foreign Intelligence• Disregard of security protocols• Will-full destruction/cyberwar/espionage
Copyright © 2016 Digijaks 13
People and their Devices• Devices can be hacked and need to be screened or put in
lead or steel box outside prior to entry. Air gapped breaches have been proven to be actual exploits.
• Device access to Ground Station networks need to be closely controlled and monitored 24x7 including vpn, remote by proxy, late night email logins, and late night from home server logins.
• In addition to physical security concerns, BYOD devices can also insert malware, viruses, worms, and can simultaneously be used to extrifilcate DATA and transmit instantly via carrier exchanges or social media to internet + Globe.
Copyright © 2016 Digijaks 15
Ground Station Cyber Security• People. People. People.• Incoming data from other ground stations/networks• Incoming data from Internet/extranet• Incoming Data bound for Sat Payload Uplink• Outgoing Data bound from Sat Payload Downlink• Uplink Data• Downlink Data• Maintenance Level• Control Level• Security Level
Copyright © 2016 Digijaks 17
Ground Station Cyber Security• Perimeters• Attractive and Visible Physical Targets • Critical Infrastructure yet not always provided security for
such protections as needed• Easy to track and research using online OSINT for • SCADA Installs connected to Internet• SCADA Install passwords, default reset data• Real world representation of the need to blend physical
and cyber security into one force multiplier.
Copyright © 2016 Digijaks 18
Ground Station Cyber SecurityWhat does your ground station cyber posture look like from space? Probably, another satellite is spying on you as you work and as your teams go about “securing the facility”.
Copyright © 2016 Digijaks 21
But they know you: Partial List of Satellite Hacks in last few years.
• US Weather System Satellites (Non Mil) NOAA satellites penetrated (CHINESE NATION STATE THREAT ACTOR)
• Commercial Satellites have been compromised for APT use like in case of TURLA APT (RUSSIAN NATION STATE THREAT ACTOR) corrupted weak satellite protocols
• Ground Station Software + Hardware from multiple manufacturers flagged in 2014 for cyber security failures – CERT notification was issued, but only some companies have made updates to date in 2016.
Copyright © 2016 Digijaks 22
But they know you - • In 2015 CNN and many other news outlets reported on the GPS
system and satellites having been compromised and even altered. By whom? Why? What happens when that gets combined with the command and control structure for your fleet? For your bird?
• SIMPLEX network known and unknown vulnerabilities include un encrypted data transmission between ground and satellite, as well as ground to ground and satellite to satellite. In 2015 warnings were issued about organizations relying on this backbone for their comms.
• EXFIL sensitive data from government, military, diplomatic, research and educational organizations in US + EU.
• Hide command-and-control servers from law enforcement agencies.
Copyright © 2016 Digijaks 25
Terrestrial Platform Cyber Security
Several factors become weak points:A. Uplink From Ground that is un encrypted or already corrupted.B. Downlink from Bird that is sameC. Penetration and or control of data stream, redistributing FUD DATAD. EXFIL of DATAE. LOSS of bird through willful destruction, terrorism, hunter killer
satellite from opponentF. Corruption of GEO SPATIAL location and or timing for signal control
rendering the satellite(s) useless and or dangerous or both.
Copyright © 2016 Digijaks 26
Terrestrial Platform Cyber Security• Loss of Command and Control through ground infiltration
or penetration of ground station either physically or through cyber means.
• Acquisition of signals and BAND(s) data from Space by another satellite tasked with sensors/lasers to track/acquire such information without knowledge of users on ground.
• Same problems apply from ground station, ie, if any of those are triggered, then the cybersecurity of the bird is already compromised.
Copyright © 2016 Digijaks 27
Terrestrial Platform Cyber Security• Cyber Attacks are common, more common than not.
• Cyber Attacks are both from the ground and from another satellite or group of satellites.
• How can satellite or group of cube-sats be used in malicious ways against a country, or company or a person?
Copyright © 2016 Digijaks 29
Terrestrial Platform Cyber Security• Do you know who is watching from above? Or why?
• What about your cyber security – how much is already penetrated from above, let alone from the computer you are already using?
• What of your upstream and downstream DATA? How much is already FUD and or compromised.
• Is your platform being used in a Space Based DDoS attack? Or Space Based misdirection of signal/GPS/location to purposely mislead either data or physical time and space objects like people.
Copyright © 2016 Digijaks 31
Threat Matrix• Know your weaknesses• Know the weaknesses of your staff, the training and the
software and hardware.• Anticipate that you will be attacked. It is not IF but WHEN.
• Use both internal and external sources of information to stay apprised of current threats against the industry or your facility. Search for the facility name and see if it is being mentioned in social media or on chat rooms.
• Scour sites like Shodan weekly to ensure your IoT + SCADA devices are not listed, if they are make changes.
Copyright © 2016 Digijaks 32
Threat Matrix• Attacks will occur onto:• A. Ground Station Software• B. Ground Station Hardware• C. People + their devices• D. Social Engineering, Phishing, Whaling, Waterholes• E. Upstream Data• F. Downstream Data• G. Ground to Ground Data – SMS, Cell, Internet, Intranet,
Extranet, Phone/Voice/Video• F. Satellite to Satellite Attacks on both software +
hardware through lasers, sonic beams + hunter killer sats
Copyright © 2016 Digijaks 33
Threat Actors• Nation State
• China (estimated 125K+ official hackers paid by Gov)• Russia (17K+ Twitter Trolls + estimated 25K hackers paid by Gov)• Iran (1000s of Hackers + 100s of Twitter trolls + funding others)• North Korea• Vietnam• Ukraine• Romania
• Also a host of other countries with either sophisticated telecom networks or where traditional computing is taught.
• Paid hacker cartels• Paid hacker soldier of war
Copyright © 2016 Digijaks 34
Threat Actors• Corporations using technology to spy on their competition or on
their staff or clients.
• Bad actor cyber companies doing unethical work and or illegal work under cover of “helping”
• Your own people
• Your own equipment
• Your own networks
• May already be compromised, how would you know if you do not look?
Copyright © 2016 Digijaks 36
Suggested Changes• Update all software and firmware on regular basis.• Do not ignore alerts from already installed software or
monitoring services regarding breach behavior or irregular network data passing as regular flow.
• Understand relationship (emerging and growing between physical security and cyber security in both ground and terrestrial situations.
• Train employees and contractors regularly, and drill regularly in what to do when cyber attacked/ how to handle active breach / mitigation of previous breach and proactively taking steps to make changes into new paradigms.
Copyright © 2016 Digijaks 37
Suggested Changes• Install and utilize two factor authentication for every entry
or access to control of data streams / up + downlinks• Disable use of BYOD on premises of ground stations or
only in specifically marked areas.• Institute signal proof lead/steel boxes outside of
conference rooms/important areas/data centers and regulate that all personal devices be placed in one during a meeting or any grouping.
• Constantly review SHODAN.IO for your installation’s SCADA and other internet connected devices/software or firmware numbers or other identifying information, then work to make changes or remove.
Copyright © 2016 Digijaks 38
THANK YOU!!
WWW.DIGIJAKS.COM @IDEAGOV 424.442.9658
