ArchiveCyberOODA Original

The Cyber Threat To NASA’s Artemis Program

NASA is enabling another giant leap for humanity. With the Artemis program, humans will return to the Moon in a way that will enable establishment of gateways to further exploration of not just the Moon but eventually the entire solar system. The initial expenses of the program will return significant advances for scientific understanding and tangible economic returns. As Artemis continues, the project will eventually deliver improvements for humanity that as of yet have only been dreamed of. 

But there are threats to the Artemis program. The chief threats are from hostile nations and organized criminals who would seek to attack and exploit NASA and commercial partners for financial gain. Other nations may seek to degrade and disrupt Artemis for strategic geo-political reasons.

A significant avenue of attack for these threats is is through the interconnected IT of cyberspace. This special report provides an overview of the threats to Artemis likely to come via cyberspace. It also provides an outline of defensive measure we recommend be put in place early on in the program.

Background on the Cyber Threat

Every organization across every industry in the nation is now a target. So is every government organization at federal, state and local levels. Every citizen also has data at risk. We should all be concerned with this growing threat. But there is good news to be had. The good news is we are all so aware of the existence of a cyber threat that it should be easier to mount defensive measure to counter the threat. Other good news is that there are lessons from threat mitigation that apply across sectors that can inform Artemis defenses.

That said, over the last decade the cyber threat to space systems (both on orbit and ground components) has grown significantly. There is a great deal of hard work to be done to ensure cyber threat risks are mitigated for Artemis to succeed.

The State Of The Hack

Advanced computing architectures (the software and hardware of our interconnected IT), has been great for efficiency and innovation in every sector of the economy, including space. But the benefits of IT come with risk and new vulnerabilities that must be mitigated. 

Since Artemis faces a wide range of very capable, highly automated adversaries, it is important to understand the threat so mitigation plans can be optimized.

The current reality is one where:

  • Motivated attackers have no reason to stop. They will continue to innovate and attack.
  • Adversaries are automating their approach as fast or faster than their targets are. Adversaries are leveraging advanced coding skills and deep knowledge of artificial intelligence, encryption and ubiquitous computing to innovate.  
  • Automated malicious code is evolving at a rapid pace. Most organizations supporting Artemis, including public and private, globally, have ongoing infections with malware, including ransomware.
  • Attackers frequently get into target systems fast and remain undetected for months.
  • There are attacks that organizations cannot stop alone. Everyone, no matter how big, requires help from others from time to time.
  • Raising defenses (including improving system design and configuration as well as monitoring) can significantly reduce risk, but history shows we all have to prepare for surprise.

Who Are The Attackers?

Studying the likely Artemis attackers can help build better strategic defenses before an attack and help in operational defenses during attack. Attackers can be categorized and studied by type: Nation States, Organized Crime, Terrorists/Extremists, Hackers, and then the special category of malicious insiders. These are displayed along with typical motives and targets in the table below:

ActorMotive To Attack ArtemisTargets
Nation StatesEconomic, Political, Geo-Strategic, IP theftOn-orbit, in-flight and lunar elements. Enterprise IT
Organized CrimeFinancial GainEnterprise systems
Terrorists/ExtremistsCause SupportHighly visible targets
Hackers/HacktivistsPublicityAnything
Trusted InsidersRevenge, Financial GainData

 

How Will Adversaries Attack Artemis?

The tools and techniques of attackers are also important to study. Tracking these attack patterns can help plug holes in defenses and reduce risk. Doing so can also raise the cost of attack to adversaries and force them to take more risks themselves.

There are many attack patterns studied by the community and adversaries can use complex combinations in their attacks. Security professionals leverage detailed frameworks like the MITRE Att&ck framework to track threat tactics with high fidelity. For executive level awareness and discussion we list five attack patterns in the table below, along with high level lessons.

 

MethodSummaryLessons
EspionageHuman-guided tools to find and extract informationPrioritize, classify and protect data
Web Application AttacksBreaking into Internet exposed appsLeverage best design practices and watch systems closely
Malicious CodeViruses, Worms, RansomwareBuild in automatic detection and remediation
Exploit Poor ConfigurationTake advantage of bad designUnderstand vulnerabilities and prioritize patching
RF AttacksUnauthorized comms to space elementsEnsure ability to return to known good state

The most sophisticated cyber threats against Artemis are posed by nations that also have kinetic cyber attack programs. China, Russia and others now have stated military doctrine and advanced capabilities that can disrupt space services.  

This is the topic of a new report by the Defense Intelligence Agency (DIA) titled “Challenges to Security in Space” which provides some key insights into the counter space capabilities of nations. DIA released this report with a goal to “support a deeper public understanding of key space and counterspace issues and inform open dialogue and partner engagement on these challenges.”

The report states that: “The advantage the U.S. holds in space—and its perceived dependence on it—will drive actors to improve their abilities to access and operate in and through space,” the report states. “These improvements can pose a threat to space-based services across the military commercial and civil space sectors.” Russia and China are the leading named threats, with half of the report focused on covering the capabilities and threats posed by each country, but the report also underscores Iran and North Korea’s space-based offensive capabilities.

To underscore what this means, Russia, China, DPRK and Iran not only have abilities to conduct cyber attacks against Artemis, but can attack with their own space weapons as well.

The articulation of adversaries and attack patterns above is provided for strategic context and to point out that actions can be taken to raise defenses and reduce risk. But as will be seen below, raising defenses and reducing risk does not mean the job is done.

Insights for Artemis

It is clear that when adversaries have objectives they will fight to achieve them. But with design and good practice, risk can be mitigated and adversaries can be contained. Which leads to an important insight: static cyber defenses for Artemis are going to fail. Artemis faces dynamic adversaries, and our defenses must not only be raised, but should be informed by new information on the changing threat.

Since adversaries will keep trying to get in, it is not enough to simply try to stop them with technology alone. Technology is important in defense, and the IT leadership plays a critically important role, but every employee has a role in cyber defense. For Artemis, every employee of every commercial firm and every employee of every partner government will need to understand their role in cyber defense. And every leader, not just the IT leaders, needs to know their role in mitigating digital risks. When an organization recognizes that digital risk is not just an IT issue great improvements in security posture can be made.

We have also seen first-hand the power of collaboration with other organizations in mounting a defense. Organizations can take advantage of several information sharing mechanisms to learn more about threats and to discuss best approaches in mitigating them.

Another lesson learned in mitigating threats is that compliance with security mandates, while very important and absolutely mandatory, is not sufficient. No matter what the sector of the economy is and no matter what regulations or policies are followed, adversaries learn the compliance regimes quickly. They will always be looking for another way in.

Recommendations for Artemis

Based on the above and our deep experience countering advanced threat actors like those that will attack Artemis, we have the following recommendations:

  1. Ensure Leaders Lead Preparations for Cyber Defense: The NASA Administrator should receive periodic status updates on the cyber threat to Artemis to ensure appropriate attention is being placed on this critical issue. Briefings for all partner nations and industry partners should be done and senior coordination mechanisms put in place to ensure appropriate leadership.
  2. Establish a dedicated organization and a senior leader for Artemis to track threats and to track best practices for resilience of systems. This leader should be charged to focus on cyber threat intelligence to continuously assess the dynamic cyber threats facing Artemis.
  3. Coordinate Early: We most strongly recommend early coordination with providers of cyber threat intelligence including federal law enforcement and DHS. Public sector organizations like Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) are also critical parts of a comprehensive cyber threat intelligence system (there is an Air and Space ISAO that should be a good fit for sharing of Artemis related cyber threat intel). It is important to build bonds of trust before an incident and coordinating early is key to that. Coordination with international partners and commercial partners is also key.
  4. Assess and Understand: Know what data, systems and capabilities are critical to the Artemis mission. Automate your awareness so any anomalies can be acted upon.
  5. Enhance Defenses (but prepare for breach): The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize when required. Even with this continual defense, history proves that the adversaries eventually surprise us. Preparing for incident response is critical.
  6. Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. Well-designed systems slow the spread of malicious code.
  7. Ensure Backup: Backup plans including alternate communications should be in place. Every critical system must have a backup. When there are paths with no easy backup for communications, exercises should be conducted to ensure all parties know how to operate in an outage. This includes the space-based components of the system including the manned mission units
  8. Seek Outside and Independent Assessments: Assistance visits to assess and provide campaign planning support to your leadership team provides much needed external inputs on best practices which can enhance your overall approach to risk mitigation.
  9. Leverage Your Greatest Resource: The greatest strength of an organization is the employees. By training them to watch for anomalous activity they can help spot attempted cyber-attacks and mitigate them early. Employees also form a critical early warning detector in the rare chance of the insider threat. For Artemis, the employee base will span multiple continents and include public and private sector organizations. All need to be part of a comprehensive cyber threat awareness program.

Concluding Comments:

Every company across every industry in the nation, including all who are supporting Artemis and every supplier to them, are under cyber attack. So is every part of the US government participating in Artemis as well as the 15 partner nations participating. Defenses are possible and risk can be mitigated, but history makes it clear, the defense you put in place must be agile and even then you should prepare for incident response. Do not be surprised if you are surprised.

Human exploration of space is something that we all dream will be done in a way that is collegial and collaborative across all nations. But history has shown that dreaming of peace is easier if we have a strong defense. This is especially true around the operational cybersecurity program around Artemis.

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes OODALoop.com. Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency. Find Bob on Defcon.Social