Startups Demo Cutting Edge Cybersecurity Tech in Colorado Springs
Storing data as photons in motion using ultra-wideband lasers and employing asymmetric encryption to protect a type of computer part widely used in military, aviation, and space systems were among eight cutting edge cybersecurity technologies showcased by the Space Force Accelerator Program Nov. 19.
The virtual demonstration day was the culmination of a three-month program for eight start-ups at the Catalyst Space Accelerator in Colorado Springs, Colo.—all working on ways to secure U.S satellites and other space systems against hackers and cyberspies.
“Our advanced space systems are basically linked computers flying through space, the harshest environment known to man,” Brig. Gen. D. Jason Cothern, vice commander of the Space and Missile Systems Center, told the online audience in opening remarks.
The agile procurement models the Space Force is pursuing make it essential that, “We bake cybersecurity into our systems and not bolt it on afterwards,” he said.
The eight-company cohort spent their 12-week virtual program networking with potential customers in the Department of Defense and being educated about government acquisition processes.
“For some of these startups from the private sector, they have no background in selling to the government,” AFRL’s Capt. Keith Hudson, the government lead for the accelerator cohort, told Air Force Magazine, “This is our chance to explain all the acronyms.” So-called Sherpas—experts from big systems integrators and government agencies—work with the companies to “help them find the right partners,” Hudson said.
The Colorado accelerator, launched in January 2018, is one of several run as public-private partnerships by the Space Vehicles Directorate of the Air Force Research Laboratory. This cohort was their sixth overall, but the first one focused on cybersecurity.
LyteLoop, a startup based in Great Neck, N.Y., protects data by keeping it constantly in motion, storing it as a pattern of photons in an ultra-wideband laser beam. Its current, terrestrial-bound technology creates an artificial vacuum and bounces the laser around inside a box the same size as a conventional rack mount server unit, but using about a third the power, CEO Ohad Harley said.
“The way we store data today is the same way we’ve been storing it for decades … Call it cloud, … call it whatever, it’s still bits stored on a hard drive,” he said. LyteLoop wants to change all that by putting its lasers into the hard vacuum of outer space. A 300-strong satellite constellation could store an unimaginably large two exabytes of data that way—if a gigabyte was the size of the earth, an exabyte would be the size of the sun.
Such a “hyperscale data center” would enjoy legal as well as technological advantages, Harley added. Satellites are subject to the jurisdiction of the nation that launched them, but the cold, hard vacuum between them—which is where LyteLoop’s technology actually stores the data—is as bereft of law as it is of heat and light. “The laws that apply to [any] data [you store that way] are the laws that apply to the user because no one has jurisdiction over space,” Harley said, adding he planned to start launching in three years.
Another member of the cohort, Vitrio, is focussed on protecting a single kind of computer part. MIL STD 1553 is a standard that defines the requirements for a bus—the part of a computer system that routes messages from one component to another. These 1553 buses are used in almost every major NATO weapons systems and every modern commercial airliner—as well as in satellites and other space systems. The standard is built for reliability, not security, and researchers have demonstrated that its vulnerabilities can be exploited. In particular, there’s no way to authenticate command and control messages—the critical traffic that does things like set coordinates for targeting, control engines, or fire weapons.
Vulnerabilities in the 1553 standard present “a clear and present danger to our warfighters and the equipment they depend on,” Vitro CEO David Goodman said in his presentation. It’s not just a theoretical problem, either. Hunting for an open source emulator—a cheap way to set up a test bed to experiment on 1553 vulnerabilities—Vitro coders found one. And noticed that the documentation was all in Russian.
“They had done exactly what we were trying to do, built a software emulator that would help them understand how the bus works” and even try out attacks, Goodman told Air Force Magazine.
Current approaches to securing the 1553 bus against such hacking attacks involve filtering all the traffic flowing to and from it through a complex, customizable computer chip called a Field Programmable Gate Array, or FPGA, Goodman explained. FPGA’s cost upwards of $20,000 each.
“We’re using $20 [worth] of commercial off the shelf hardware parts to create authentication for command and control messages … just filtering for the [C2] messages that are critical to the operation of remote equipment,” he said, “There are huge opportunities for cost savings.”
The company uses asymmetric encryption, in the form of a public key infrastructure. But in line with current Zero Trust principles, it doesn’t attempt to secure the messages in transit, but rather to check them when they arrive and ensure they are genuine and haven’t been tampered with. “We use PKI to secure the integrity of the data, not to secure the communications channel,” Goodman said, adding that the company’s product was at Technology Readiness Level 6, or “ready for demonstration.”
Shifting authentication to the remote equipment in the field, creates “a last line of digital defense for the warfighter,” he concluded.
Like most of the technologies showcased, Vitro didn’t set out to solve a space cyber problem, but as Hudson observed, satellites are “cyber-physical systems” that combine computers with real-world technology, just like the Internet of Things, which was Vitro’s first target market.
When it comes to cybersecurity in space, Hudson added, “There are many things that are different, but there are some things that are the same” as in terrestrial systems.