William Allington, Ferris State University; Abigail Peterson, Ferris State University; Kyle Bowen, Ferris State University
Keywords: Space cybersecurity, SSA, SDA, threat modeling
Abstract:
The purpose of this research is to describe a proposed model of development and operations for systems designed to capture, organize, and communicate data collected in the pursuit of Space Domain Awareness. More specifically, this framework is intended to support the secure usage of communication channels for SDA information between stakeholders that are reliant on the safe operation of space-based assets. The current scarcity of SDA vendors and data repositories (Pavur & Martinovic, 2021) will be taken as an opportunity to lay the groundwork for future organizations to balance effectiveness with security, while remaining within the bounds of national security concerns. A framework that integrates cybersecurity into all levels of SDA operations will contribute to the advancement of space industries by providing space vehicle operators with assurance that the information needed to avoid collisions will be trustworthy and available.
The research methodology used throughout this paper will be primarily based on qualitative multivariate analysis of data collected through secondary sources (Bartlett, 1947). Our research focus will also be partly comparative. We will be required to identify systems that are roughly analogous to our subject, in part due to the scarcity of extant research on SDA security. These findings will be combined with publicly available information on deployed SDA systems. This combined research will be used to make well-founded inferences describing a likely attack surface for connected subsystems within an SDA network. Forming an understanding of an attack surface is a prerequisite to creating a generally applicable threat model for future SDA programs.
The set of subsystems to be included within the scope of our threat model accord with the three levels of situational awareness described in the Endsley model (1995) The shaping of a threat model for SDA will lay the groundwork for embedding security controls across trust boundaries. Threat modeling will be approached using the Process for Attack Simulation and Threat Analysis (PASTA) methodology (UcedaVelez & Morana, 2015). This framework is well suited to our research due to its focus on protecting assets through risk reduction. Vulnerable points on the attack surface will be described according to their risk level and categorized based on their potential impact to the confidentiality, integrity, or availability of SDA assets. These three categories of threat impact are known in cybersecurity as the CIA Triad.
When proposing the implementation of security controls, we will do so without prescribing specific products or vendors. Security controls will be implemented within a categorical schema to support clarity of purpose. All proposed controls will be defined within a classification scheme of three levels. All security controls will be further categorized within this schema according to their intended function. An effective control must contribute to the security of a system in at least one of four ways. A control may detect, prevent, mitigate, or deter a threat action.
The primary design of this research will be the proposed integration of security controls into a hypothetical deployment of a confederated model for interconnected SDA systems. A confederated SDA system may be described as a hypothetical model of ownership for an SDA vendor. This vendor would be maintained as a collaborative hub operated by a group of stakeholder entities in possession of space-domain assets. The purpose of such an organization would be the management of communication channels for SDA data, with the aim of preventing collisions between orbiting space assets. Arbitrating the use of orbit-space in a manner which can reliably avoid collisions is a public good that can be supported by organizations within the space domain.
There are other potential models of deployment for future SDA programs, but we believe that a confederated model serves as the best example for the purpose of shaping an attack surface within an SDA system. The interconnectivity of agents within a confederated system can be viewed as a middle-ground between a distributed system of SDA, such as in a crowd-sourced solution, and the highly centralized structures that govern operations for current SDA systems. Information security practices are especially suited to maintain trust in such an environment. The complications inherent to a system where competitors agree to self-interested collaboration generate a requirement for internal mechanisms that retain those trust relationships. For example, digital signatures are an accepted means of injecting non-repudiation into zero-trust communication channels. The ability to designate actors as accountable for their actions will be critical in enforcing trust boundaries within a confederated system.
The goal of our research is to propose an integrated framework that can serve the SDA community as a point of reference for building security controls in all layers of operation. Our hope is that this framework can be further developed as SDA technologies are made accessible through innovation, and as SDA needs continue to grow in the New Space Age. Achieving this will require this framework to be flexible and applicable to all models of SDA organization.
References:
Bartlett, M. S. (1947). Multivariate analysis. Supplement to the journal of the royal statistical society, 9(2), 176-197.
Endsley, M. R. (1995). Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors, 37(1), 3264. https://doi.org/10.1518/001872095779049543
Pavur, J., & Martinovic, I. (2021). On Detecting Deception in Space Situational Awareness. ASIA CCS 2021 – Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, 280291. https://doi.org/10.1145/3433210.3453081
UcedaVelez, T., & Morana, M. M. (2015). Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.
Date of Conference: September 19-22, 2023
Track: Space Domain Awareness