Cyber Threats Beyond Earth: Securing Manufacturing in Space
Our global society is heavily dependent on space technologies. Most of us know that spatial positioning, weather and communication systems are essential to our transportation activities. I am writing this article about an aircraft that uses GPS to route my flight safely around severe weather that has been identified by satellites. If I complete this article in flight, I will upload it for publication on Forbes via geosynchronous communications satellite.
Yet many people would be surprised to learn that modern factories also depend on satellites. Manufacturing automation systems synchronize the operations of multiple robots on their production lines using timing signals provided by GPS satellites. In fact, GPS is actually a collection of 24 orbiting atomic clocks (plus spares), each streaming time data. Your Uber is guided by tiny differences in the time signal emanating from four or more satellites, induced by the delay of the signal from your relative location. Knowing the speed of light (299,792,458 m/s) your phone calculates distances and locates you with simple trigonometry… simple for a smartphone anyway.
Modern automated manufacturing lines are not only extremely time-consuming, they are also highly interconnected, programmable, monitored and remotely controlled. Therefore, the cyber domain is an increasingly important threat space for manufacturers. Computer design stations and servers are obvious targets for hackers, but any compromised digitized manufacturing system can provide valuable proprietary data. Even printers’ programmable machine tool files can tell a lot about the products they make. Loss of this information may compromise the intellectual property of the manufacturer and its customers.
In the aerospace domain, many manufactured products are classified or fall into the broader category of controlled unclassified information (CUI) and are actively sought after by foreign adversaries. Securing industrial robots, waterjet cutters and 3D printers from state-sponsored cyber intruders is a difficult task for factory IT departments. Securing the programming files and parts of these systems during transmission is an equally important task. which is often overlooked.
The vulnerability is real. More than ten years ago, a Windows computer virus, known as Stuxnet, was designed to detect computers connected to Siemens S7 programmable logic control systems, a common manufacturing machine controller. If the controller appeared to be operating a uranium enrichment centrifuge, the records were transferred and the operations of this manufacturing process went subtly awry. Stuxnet has significantly halted Iranian production of nuclear materials. While Stuxnet is widely assumed to have been the product of a joint US-Israeli government effort, we should assume that our adversaries are actively using similar cyber weapons.
Back in space, let’s look at the cybersecurity implications for making robots in orbit. Yes, space factories are a real and emerging field. The microgravity environment allows the production of products that we cannot make on Earth. These include incredibly perfect crystals, unique and ultra-pure materials, breakthrough drugs, and even bio-printed organs. Some of these products, such as ultra-high performance fiber optic cables, offer enough value that manufacturing them in space – even at today’s relatively high flight costs – promises a pretty good profit.
NASA recognizes space manufacturing as an important technology that can benefit the agency’s own missions. It is also an essential sector of activity, along with space tourism, in the short-term development of a space economy. I recently led the review of business models for the Johnson Space Center’s In-space Production Applications (InSPA) program. As part of InSPA, NASA granted eight manufacturing teams the opportunity to fly their manufacturing project into space. NASA and the ISS National Laboratory will provide these manufacturing startups with the rack space and astronaut time needed for their trials. Winners will also receive the mass transportation required to return their manufactured goods to Earth. The goal is to give American companies a foothold in space while waiting for the commercialization of low Earth orbit (LEO).
Several companies plan to deploy commercial orbital space stations over the next few years. Their revenue models often depend on the emergence of viable space manufacturing. As you can imagine, astronaut time is expensive. NASA quotes up to $700,000 per hour. Although commercial operations will reduce this by a LOT, automation of spacecraft systems is a requirement, not an option.
The ultimate application of off-planet manufacturing is the self-sufficiency of facilities in space. When parts and tools break on a space station, it’s much more efficient to print replacements in place. This reduces costs, eliminates huge transport delays and increases resiliency. Defective parts can be recycled into new 3D printer filaments and reprinted, further reducing reliance on the Earth for raw materials. The Redwire Regolith project has taken promising steps in this direction by producing 3D-printed structures with regolith, an inorganic “dirt” from the lunar or Martian surface. Relativity Space, whose 3D-printed Terran rocket is preparing to launch from Cape Canaveral, plans to one day print entire rockets to the Moon on Mars, using locally sourced materials. One of the key benefits of automated manufacturing in space is the ability to transmit designs and updates from Earth rather than materials. This is also a serious cybersecurity issue.
Secure transfers of these files and other communications are critical as space systems have been known targets for cyberattacks. An hour before invading Ukraine, Russia launched a space cyberattack on Viasat’s KA-SAT network, disconnecting users in Ukraine and elsewhere in Europe. The exponential proliferation of small satellites currently launched into orbit will provide new attack surfaces for enemy states and non-state actors alike.
Last year, I had the honor of serving as an external examiner for the doctoral defense (PhD thesis) of James Pavur, a Rhodes Scholar studying computer science at Oxford. Dr. Pavur’s work on space cybersecurity has revealed that space communication technologies are remarkably vulnerable to interception. Satellite communication protocols prioritize extracting the best performance from low-bandwidth connections and are plagued with latency, delays induced by radio signals traversing space-sized distances, even at the speed of light. These factors can make traditional security technologies, like VPNs, impractical, and many space communications are simply unencrypted. Dr. Pavur and others have shown that it is even possible to insert new data into communication streams for potentially nefarious reasons. Such an attack could damage the product or the manufacturing system itself. It could even potentially sabotage a spacecraft or habitat and put space travelers at risk. Given the interdependence of modern systems, damage inflicted on any space asset would have a ripple effect, potentially causing severe financial losses for businesses and individuals completely unaware of their reliance on vulnerable space systems.
Solutions emerge. In my role as a visiting professor at the Institute of Security Science and Technology (ISST) at Imperial College London, I came across a UK-based startup that was tackling this problem. DEFEND3D has developed a secure streaming transfer protocol that enables secure digital re-provisioning of partial data to remote locations without the need for file transfers, eliminating the security risk associated with transmitting the entire 2D asset or 3D. This is accomplished using continuous, dynamic streaming to a wide variety of manufacturing devices with bandwidths as low as 3 kbps. This enabling technology could provide the foundation for safe remote manufacturing in extraterrestrial environments and will enable rapid design prototyping, iteration and testing on the ISS, future commercial stations and the lunar surface.
The future of manufacturing in space is incredibly bright, but vigilance is in order. We need to integrate cybersecurity into manufacturing in space early on, before we have a “bad day”, not in reaction to one.