Pwned in Space

so i would like to go ahead and welcome our next speaker to the stage paul coggin from he is a cyber sme at new systems inc his expertise includes space systems service provider and ics scada network infrastructure attacks and defenses as well as large complex network design and implementation paul is experienced in leading network architecture reviews vulnera vulnerability and analysis and penetration testing engagements for service provider enterprise space systems and tactical networks paul is a regular instructor at international conferences teaching networking hacking and forensic courses he has a bs in math computer science ms in systems management msn information assurance and security and ms in computer information systems paul is currently pursuing his msn space

systems in addition he holds numerous industry network and security certifications so please welcome paul to the stage with pwned in space thank you jane it's great to be back here in the cayman this is my second time to visit the cayman islands it's a it's beautiful it's one of my favorite places to visit in the world the island is so beautiful food the people the scenery as you well know the beaches it's uh the reefs are just amazing here being able to see all the stingrays and starfish it's just uh it's an amazing place you have here so this talk we're going to talk about space systems and cyber security and we're not i'm going to not do a

focus on the ground system we're going to focus on events that have actually happened in space primarily around cyber because there's so much in the news these days when you have with uh ukraine spacex biosat there's a lot of conversation about that in the news and then all the satellites that are going up in space providing internet services from space all the new launch capabilities i wanted to go and put some coverage on what what's been happening in the past up to this point with uh space and cyber but but focused on the satellite portion of it and and i'm going to talk about the space station as well but so when we talk about space

if you come from an enterprise background or telco service provider background you're familiar with a network operations center your security operations center where you're monitoring the health and status of your network infrastructure maybe you have it in the cloud where you you're collecting all your telemetry data and you know the health and status of the network infrastructure your apps your servers etc well similarly for uh for systems that are in orbit in space organizations similar similarly to say nasa here in this example they have ground stations around the world located so that they can can continuously monitor no matter where the spacecraft is in orbit they can always go in uh send commands to pull health and status maybe send

commands to change orbit pull information imaging from a payload that's on a spacecraft satellite so that's called the ground station ground system for the spacecraft now what's really interesting now is everybody's talking about the cloud i mean everyone is moving to the cloud well similarly space systems are as well and it's called and what that's commonly referred to in the marketing is ground station as a service but i've read the other day where they're talking about space as a service as well is a new acronym that you're going to probably hear more about but ground station as a service is where instead of having these private ground stations similar to having you know your own

private network operations center or a private security operations center the all these new space 2.0 these new space commercial organizations that are coming online many of them are pushing those services to the cloud where amazon aws google i was reading that google is going to provide the services to spacex for the startling satellites and so they may eventually offer additional commercial services but and then microsoft azure they have their orbit solution that they're offering cloud-based space services and there's a company called kubos they have a application that they run in aws called major time and uh and then there's a leaf space out of italy and there's another one i can't recall the name of that i've read about

recently out of portugal that is going to offer a cloud-based service so space is going to the cloud so it's really interesting what's happening there but also call out image to you might find of interest is that the cloud is also moving up into orbit there's a company called leo cloud where they're going to put cloud-based services in space so that they can do processing and analysis in space before they send data to the ground and other similar services and i was reading where hp has designed a new server for space and they have to be special servers and computers have to be specially designed for space because it's there's actually weather in space due to

the atmosphere and the sun because it's sending all kinds of radiation and particles into space that can affect the computer systems and we'll talk about that and mess it up so those the hp server is specially designed to provide a server in space and then i was reading there's another company called aim ramos out of israel and they provide they've designed a two terabyte hard drive uh storage system for space here just recently so that's going so now we're going to have cloud in space eventually which is going to open up a lot of ideas of how you do forensics incident response things that we would do on the ground get that that's hard enough on

the cloud on the ground but now we're going to do it in space so it's going to be a lot of interesting activities in the future with cyber it's going to be really exciting a lot of opportunities so when we talk about orbits spacex and uh what uh some of the other companies are doing that you read about most frequently with the small satellites the cubesats is in leo the low earth orbit and and that's up to like 2 000 kilometers that's good that's what you're predominantly reading about uh all the frequent launches that uh the spacex is sending up with their rockets most of those satellites are going up into the leo orbit and that's where

like space station is located in leo it's closer to the earth and it spins roughly those satellites are rotating around the earth about about every four hours roughly they're rotating spinning around the earth but when you go to geo that is the satellites that you're probably familiar with when you get cable tv services some of your voice services those type of services are those satellites are pointing directly at the same spot same region of the earth and in italy orbits as the earth orbits up in geo and then you have mio and keo the high earth orbit the medium earth orbit but primarily what you're reading about in the news is the low earth orbit

and then the geo orbit so from a threat standpoint again everything in the news here lately if you've been following with the activities in ukraine there was the recent attack they expect they said that the that the russians attacked via side and took out the user terminals for for uh for the viasat internet terminals like 5000 plus or 5 million might have been the number of user terminals and they got in through a through the network management network for the user terminals and so they were able to degrade and deny service for those end users and they weren't able to use the spacecraft but that happened on the user part of the network but there's other

attacks like a deception where somebody might be spoofing information uh and uh say you know messing with gps messing with timing and location where where you uh lose track of where you are and say like if you're a ship floating around you might be getting your information spoofed so you don't you're not showing up where you're supposed to be uh and then this there could be temporary disruptions like lasers microwave some kind of directed energy attack in like a electronic warfare where it's it's jamming the signal and the signal it will be jammed and unusable but then it comes back as soon as the power is removed and so it'll be a temporary disruption there's been a lot a lot of talk here

lately about the asad attacks where that's been tested where's actually a missile shot at the at the satellite and taking out the uh the spacecraft which ends up causing a great deal of debris and that just totally destroys the spacecraft but also create adds to the debris field that is a lot of people scientists are worried about that eventually could cause what they call a kessler syndrome that if the debris field in space keeps developing like it is that eventually there could be a chain reaction where a piece of debris hits a spacecraft or another large piece of of debris and it just starts a chain reaction of debris creating crashing into debris creating additional debris until the whole low

earth orbit is unusable and that's called kessler syndrome and there's because of the complete destruction of spacecraft there's a concern about there and plus there's junk that's just been left up there like rockets and satellites that have not fallen from space yet and then and then there's other attacks like i think i mentioned you know lasers and in the microwave but primarily what we're going to talk about with this talk though is like i mentioned jamming electronic warfare the the field of electronic warfare and cyber are converging together where where somebody might be trying to jam your uh your radio frequency channel with with high power jammers uh malware i've got some examples of malware in space you might be surprised

with their malware is in space and the spoofing and going after the the control system payload because the satellite is going to have two components typically there's going to be the computer portion of the satellite that controls how the satellite is flown and the overall health and status of that satellite and keeping it in orbit and then there's the payload that is the computer system that controls what the mission is of that satellite you know if it's taking imagery if it's communications what have you that would be in the payload and then we're going to talk about attacks like replay and being able to do hijacking and eavesdropping which is uh a lot easier than you may realize

because there's a there's a lot of misconception that everything is encrypted it is not all encrypted and i will talk about some real-world examples of that so again what we're showing in this slide is when we start talking about attacks against space systems if it's like electronic warfare things like that it might be easily to recover from those attacks because the the rf the radio frequency energy is applied it jams the signal and when it go in it goes away once that signal is removed and we've been reading a lot about it then in the news here lately but when as you move to the right you start getting into kinetic attacks maybe a microwave attack

a microwave attack a high energy directed energy microwave attack could possibly damage permanently damage the spacecraft or lasers could have a really strong laser that gets pointed to the spacecraft and totally disable some of its capabilities or maybe do and do irreparable damage to it or of course shooting a missile at it there's like four countries right now that have proven that they can hit a mis hit a satellite in space india china the u.s and russia are the four that have actually been been able to destroy a satellite in space so hopefully we'll get some treaties in place that we'll quit doing that in adding debris to the to the leo space some of the threat actors

the threat actors span the gamut similar similar to other critical infrastructure industries whether it's you know a foreign military some kid sitting at home on their parents internet connection with you know this time and i'm in the high iq and a lot of curiosity all the way up to terrorist uh there's a there's a great deal of talk that i've been reading here recently where russia and china are watching and seeing what's happened you know where they were able to affect viasat but then spacex and starling stepped in and overcame the attacks that were used against viasat and have been able to bring the internet back up in ukraine that's got a lot of people's attention

that that now hey what are we going to do when we want to go and you know exert influence over a battlefield that how we're going to deal with these thousands of satellites that elon is putting up in space so there's that's and that's going to get into all those different uh different attacks like the lasers the microwave etc but then there's but one of the top attacks of a concern is cyber because if they can find a way through the supply chain if they get into the supply center chain you know from your chips and software all the way through the process that's a broad attack surface that somebody might be good to but

but there's also all the way down to the in to some kid sitting at home on internet connection because a lot of legacy satellite communications are unencrypted like a like everything here on the ground it's best practices to use use your own encryption and verify but uh it's not always encrypted and the reason being is uh because of space weather and we'll dive more into that so you so you can set up you can actually go and get a software-defined radio if you're a hobbyist and passively look at network traffic we'll go into some examples of that so that space threat actors it's a pretty broad capability there to just passively or actively engage now i spent many years working on

red teams doing penetration testing i got involved penetration testing in like 99 the early 2000s i got interested in doing attack trees as a way to develop a strategy for the team and for for reporting so i like to i like to use a whole attack tree mind mapping to layout strategy so a real real simple example if you're going to go after somebody's satellite you know you're maybe you want to go after the ground station look at uh you know you want to now analyze your threats you know what is the insiders you know some you know what is the likelihood of one of your insiders your engineers i t people janitor someone getting turned

decided to work for the bad guys you know what what is those trust relationships out to the internet that's kind of like what happened with my understanding with viasat the net the firewall vpn had a mis-configuration so some they were able to come in over the internet get a whole get through the firewall vpn and then upload some bad code that got distributed to all the user terminals so going through the ground station it's theoretical that they could might be possible at some point to do a satellite to satellite in space attack that's purely theoretical i've not been able to read anywhere where that's actually happened but i've i have seen where a couple papers where people are speculating on

satellite to satellite type attacks in the future or someone that's more sophisticated has more resources might be able to go and bring up their own unauthorized ground station but typically what you're going to see is someone is going to try to find a way into the existing ground station whether it's a private ground station or which i think is going to make it a lot easier somebody's cloud ground station because you know if they put it to the cloud most most likely they're going to have remote internet access into it and that's going to open up a whole big broader attack services as this group would know and understand to export that trust relationship and

gain access to the spacecraft i found this really interesting i started doing this research about known spacecraft attacks but apparently there's a it's heavily speculated that when stuxnet attacked the iranian nuclear program many years ago that when stuxlet was spreading that it actually somehow got got into the ground station of a cable tv company satellite company in india and took out the inside 4b satellite and what what what is stated is that the inside 4b system was actually using the same siemens plc controller for uh for uh the solar panels to rotate and turn the solar panels that was using the same poc and it had the wind cc system on the ground so it was able to

turn the satellite so that that uh it could destroy that spacecraft and disabled it and so they lost service now on the encrypted satellite communications the reason the reason that they're it's all not encrypted is because there's this space weather like there's solar storms in space the sun is constantly spewing out particles ions electrons protons all this stuff that you probably just studied in modern physics it's shooting that out across space and it goes back to einstein uh equation the equivalency square it's got enough energy that those little tiny particles have enough energy to fly when it was it is headed toward uh out into the solar system toward earth etcetera it hits those spacecraft

that not only can it degrade economic and cause uh it can degrade the material properties of a spacecraft depending on how what the materials are used on that spacecraft but if it can get in there it could also inject itself into the electronics and it can do what what they call a a single upset event where it can make the ones and zeroes in an electronic board change and flip so it might have been should have been a one but it flips to zero and you know in this room everybody understand encryption you start changing ones and zeroes and flipping things well what have we done we broke encryption we've killed our encrypted connection now we've got to reset it we gotta do we

gotta reboot you don't want to have to be rebooting your computer in space because you know you ain't like you can walk down the hall to the data center and and hard boot it when they don't boot up clean right a little bit more complicated when it's you know in leo or geo so that's the reason not everybody does encryption now you can use encryption and it is heavily used by some organizations but it drives up the cost of hardening that equipment against the radiation the hostile space weather you got to go and put a special shielding around that equipment and manufacture it so that it can survive at space at that level so and there's a lot of things out in

the open source where it's talked about its best practices it's recommended but they don't do it specifically because of that because they don't want to lose that the people who control the satellites do not want to lose access to their satellites due to a loss of encryption which makes sense so so some do it sometimes the lesson learned out of this where we're going with this is if you're dependent if your business or you know your home network is using uh satellite internet if it's sensitive traffic if you're under some kind of regulatory regulation like you know health care privacy information financial privacy information you're using satellite internet i'd be making sure it's encrypted don't don't believe the sales

guys i'd be encrypting my own traffic an example of uh some real world examples of unencrypted traffic is in this case the navy had a satellite was using uhf and some creative uh radio people down in brazil discovered it and they used the open unencrypted satellite that the navy was using for their radio communications they turned it into a cb radio network for themselves and by the and eventually at some point they found 39 people across six states in brazil that were utilizing it apparently after they rested that bunch more people came online and started using it because everybody knew about it and it was real easy to hack because it was out there open you know if you

didn't want people to use it should had it encrypted now here's an example for malware with this again showing that despite what all the you know your isp might be telling you that it's encrypted here's a real world example where it's not encrypted some of it may be but not all of it in this case we have a piece of malware where you know the malware's got its uh command control got that two-way handshake of signaling between the uh the bot that's been infected and the command control server well these guys are pretty smart this is a sophisticated attack i wish i was smart enough to think about this to come up with this idea

they would they would the bot operators had their command control server they would go put their server out on somewhat some satellite internet network and just uh steal somebody's ip space put it out there on somebody's ip space just out there and squat out there in like southern europe north africa region middle east they would put that put their server out there using whatever arbitrary ip addresses that the satellite internet company was using and it would just wait for uh they bought whoever got infected to phone home and then whenever they got a signal that from a uh from somebody's computer that had been infected it would get sprayed down broadcast from the satellite to everyone in that region of

the world and then the the c2 server the malware server would would send a connection back to that infected user over a wire line so it was an async communication so you've got you know you're out there trying to do threat hunting you're out there trying to monitor and catch the bad guys you're only going to see one wave signal one signal is going to go over a wire line and one signal is going to go over the they coming in over the satellite really really hard to detect so and that would not work if they were using encryption so it just that's a good example of proving it ain't it's not all encrypted and if it ain't encrypted

and you're using satellite internet you know better be using some encryption or somebody's gonna be sitting out there and looking at it i can tell you it's a it's a lot easier there's a there's a couple papers out on black hat as well and on that on slideshare where it broke down many years ago a gentleman first published it i forget his name and then it was published again a couple years ago by another gentleman from they graduated oxford university recently i forget their names they published there's a lot of information out there about how to use salt like software fire radio really really cost effectively as a hobbyist bring up a capability to to monitor

passively just passively just sit there and listen like wire sharp on a you know set up there on your switch uh sit there and passively monitor the satellite traffic it's floating around in space so you need to make sure your stuff is encrypted because i've got a project where we're throwing something up like that and just seeing what's out there and what's all the noise and it's really it's really amazing to see here's another example during the iraq war there was insurgents they were able to intercept communications and decode satellite communications they were unencrypted and i mentioned earlier about that this is this is something i believe is going to be that we'll read about in the

future i haven't there's nothing out there to say it's happened yet it's purely theoretical but i'm thinking that eventually we're going to be reading about a satellite to satellite attack in space it's probably going to be it's going to be easier to do with rf with the radio frequency because that's more broader in nature the signaling but more and more which is a good thing more and more the communications are going to move to optical where it's where they're using free space optics where the lasers are going to you're going to point lasers in space at the spacecraft spacecraft the spacecraft so it's going to be inner side it's going to be optical and then

the spacecraft to the ground will be optical and that's going to be a huge improvement for security when it goes optical because you won't be able to jam it like as he's messed with it like you can with a radio frequency because it's a laser it's a braiding so free space optics is going to make it really really hard but i'm just interested to see if if that ever gets reported is actually occurring here's a a real world example of a satellite this this rosat satellite was created to look into deep space it was you know the scientists were trying to go and study deep space see what's going on out in out in the solar

system and someone was able to find a way into a ground system and get from that ground system that they they exploited trust relationships and found their way into were able to get go from the ground system up to that satellite and turn that satellite toward the sun and damage the satellite's capability which this kind of talk always drives me crazy because it's like scada industrial control systems scada you know ot why is this stuff accessible from the internet to begin with i mean who designs this stuff i mean that should never have been able for someone to get remote access into that sensitive network but that's another that's just another rant for later another example is a landsat 7 satellite

in 2007 2008 it was hacked for uh like 12 minutes whoever the attackers were when they got it when they got into the satellite apparently they had full control they had access they had access to do whatever they want to do basically like root level access equivalent but it's that's about like me getting root level access on a vms vax box you could you could give me give me you could log me into that vms box but i don't know dcl i don't know what i'm doing with vms vax some of y'all might be too young to remember vms uh or uh or something you know or some other obscure operating system so the actors

when they got into the satellite they they did not know what they were doing so the good guys were able to take control of their satellite back but the hack happened twice so my and one one another presentation i'm working on is to go into the details of how these systems are built in the components and there is a very large number of operating systems there's a large number of operating systems and protocols and command languages for these satellites so my speculation is is someone got got access probably through the ground system and they got in there they were able to export that initial trust relationship and got into the system but once they got in there they were not

familiar with the command language and the operating systems and they didn't know what they had and how to operate in that environment because it was just something they were not familiar with because there is a lot of different command languages and os's another one's this uh terra satellite it got hit in uh 2000 in june 2008 and then again in october 2008 they believed it was the same actors they they were able to get able to get in somehow but they were not able to maintain access and really do any damage because they didn't it did my speculation based on all the research i've done my speculation is is they probably didn't know the command language the syntax and

the os environment that they had gotten into they got the access through whatever trust relationship they were on the ground system but they didn't know what they were doing now here's one this is noah noah in the us is a government agency that does weather in the u.s and apparently in 2014 the chinese it's attributed to the chinese with this one that they were able to get control of that satellite we were able to take back control of the satellite but there for a while the chinese apparently had taken control of this weather satellite this was a really interesting one i found apparently in the uk there's a there was a satellite constellation called skynet

and sky network is composed of four satellites and uh and someone was able to gain access back in 99 and took control of one of the satellites and it speculated that they helped they took control and they held it for ransom so that's pretty interesting there wasn't ransomware but they held it for ransom i'm really it's going to be really interesting to see how long with all the thousands and thousands of satellites that are being put into orbit about how at what point may we eventually see a ransomware attack in space because i read i read some statistics here recently that whenever spacex launches a rocket that has 28 satellites that there's roughly 4 000 linux

computers on that rocket when with 28 satellites that's a lot of linux now they have really good really good security they know what they're doing and they're very strict in their engineering processes very disciplined but but you know but uh with all the cube sites that everyone's throwing up and uh that are may not have a real strict devops def psych ops program it's going to be interesting to see how long we might be before we start hep c and say ransomware of a satellite the international space station it's been infected a few times with ransomware it's been it's not not ransomware but malware hasn't been no ransomware but just malware there was malware introduced through usb

thumb drive at one point and also malware introduced to space station via infected laptops that were brought on to space station now the the the flight control system for space station was not under threat this was a different network where they were plugged in and the malware was infected on the system but but it made it to space on the space station it was pretty interesting uh there's an organization called the consultative committee for space data systems they come up with all the standards for space systems satellite systems and the best practices of how satellite systems should be built and designed and it's just including encryption but like i said not you know you can write the documents but

you can't make somebody use it this is you don't want to read this if you want these slides i'll give them to you with all these references but there's a lot of there's a lot of work going on to document best practices for securing the spacecraft securing the ground systems securing the end user terminals nist nist is doing a great deal of work they just they recently published a draft document nist 8270 for commercial space they just released another document 8401 for ground system security aerospace corporation is publishing a great deal of work minor mit lincoln labs there was a as a result of the biosite hack the cisa in the u.s they just published some best practices

recommendations for securing satellite networks and including the user terminal stuff and then the there's the federal comm communications commission and noaa who monitors the weather they they have their best practices they basically point you to the cyber security then this cyber security framework and recommend using encryption and then there's some others like the orbital security alliance they have some best practices for commercial space systems to consider using there's a lot out there it's just it's like everything somebody's got to read it and actually put a program together and implement it throughout the whole design process the whole life cycle which leads into as these new commercial space space systems come online really need to get

defsat ops type processes involved and start with the whole supply chain with all the coding and from the very beginning designing these systems uh to be secure is like you know like a lot of it is moving to the cloud and then the cloud is moving into space itself to get this they get these uh systems locked down from the very beginning uh and use crypt encryption look at hardening the uh the systems for whatever is required at the uh the orbit that they're going to be and get them hardened for uh the radiation and the hostile space weather all the solar flares etc that are going on in space the plasma et cetera now something that's new

is what is i've been reading a lot is satellites now are going to a software-defined model software-defined radio is going to be used which is going to help with jamming and electronic warfare because somebody starts hitting you on a frequency you can through software-defined radio you can change your frequencies change your radio frequency uh configuration quickly since it's in the software-defined radio but also which y'all might find interesting i found very interesting is it it's also moving to using virtual machines and containers in space and that makes it really interesting and which which uh which enables the new idea of what we're familiar with for many years in our enterprise and other organizations is being able to put an

intrusion prevention system and put logging and maybe put some machine learning in ai so that we have we can able to we're able to baseline what is normal how do our engineers our technicians when they communicate with satellites what are the commands we expect them to send what order the command's coming in you know the timing et cetera it's probably going to be automated we're probably going to have pre-engineered and pre-scripted and what is going to be that timing that those commands are going to be set and what's expected and be able to apply uh machine learning ai to that and so we can quickly detect hey somebody somebody's figured out how to get access and they're sending

commands out of order and maybe we need to maybe we need to go and boot up a different payload os or payload container to take over that's more hard and more trusted and more secure until we figure out what's happening because we obviously we got we may have somebody trying to help us manage our sites so so that is being tested i was reading aerospace corporation is about to launch a satellite to test some of these capabilities so that so that's good that they were headed there and like i said you know you've got to do the really strict configuration management of the system and know what version of the container or vm you're on and be able to restore

back to a known good uh you know in case you have an issue then you need to get back to a point of a trusted trusted system so now we're going to containers and vms this is going to be a whole lot easier to do maybe we don't have to reboot the whole satellite computer system maybe we just we can just go and pull back go back to a trusted vm or contrusted container in the configuration management but that's what i had to share uh today uh i appreciate the b-sides uh cayman's team uh inviting me to come come back and uh to besides and and share with y'all i really enjoyed uh visiting the island

again hope to come back again soon but y'all have any uh questions or anything yes sir

he's gonna give you a microphone hi um you mentioned that they don't do any um encryption between ground stations and the satellites because of the interference from sun particles um but so so is that really because um of the limited bandwidth because of the interference and re-transmissions and i would assume they would use some type of um frequency hop-in to to do the transmissions so is that sufficient to keep the bandwidth up uh to allow encryption and aside from that is there any kind of um hashing that is done between the ground station and the satellite to ensure the integrity of data well the the encryption is not that's used on the satellites everything i've read it

is uh i've been reading here very recently it's on the fcc website yeah they uh they've decided that they're not going to force an encryption standard on the commercial satellite industry so however they choose to do the key exchange the hashing etc that's all up to the individual satellite companies it's not a fourth standard like everybody's going to use aes 512 what have you so i have no need to know i don't work for the organizations and if i did i would be under ndas where i couldn't disclose it right so i just all i can do is just like yourself go out and do a lot of googling and read what's been published in the

open source right and uh do my own reductive reasoning well this is seems to be what happened but on the uh i like i like your idea about the uh changing the spectrum and i think that you can do some really creative things with software-defined radio and i think uh i don't know for i don't know personally but like in the case of what we're seeing in ukraine where the russians started interfering with starlink and then spacex sent a code update and fixed it and now they don't have a problem so i think you can with software-defined radios you can start changing frequencies and you can work around issues but encryption it's just you know it's just that it

depends on what the vendors want to whoever you know owns the sas what they implement and okay you know cool it's interesting it's a interesting domain to study yeah yeah um but that was that was the idea the idea is that is it that they don't do the encryption or they stay away from it because of the bandwidth limitations i don't know if it's a bandwidth i've read i've read where one individual talked about about it being a bandwidth concern but everything that i've read it's more to do with the space weather because it's from the space weather the solar flares all the the protons neutrons the ions ionization it's going flowing through space like solar flare right and

that is the biggest issue of disrupting uh doing the single event upsets and flipping bits right and because of that because of that they would have a lot of retransmissions because of the interference right so that would then affect the overall bandwidth yeah that could yeah yeah so that's what yeah they'd have to be re-exchanging keys getting things reset and the connection would be up and down they would lose control of the satellite uh being able to manage it because of all the key constant key exchanges maybe you get one command but you didn't get the second or third command were you at in your command sequence right because of all the exchanges yeah it could be disruptive but that's where

you had to start using uh hardened hardened communications gear that's that's uh designed to survive space okay but but that drives up the cost yeah and if you're you know if you're a university and a researcher on a real cheap uh budget you don't have a lot of budget for you know you're using raspberry pies and bagel bones you got to do the best you can do right you just want to accept the risk that somebody's going to be able to listen to your traffic right okay thanks which is really interesting uh if you're not aware a lot of the computers uh raspberry pi's and beaglebones are uh used for like a lot of these cubesats

any more questions

good purposes yeah it is yeah it's all good i mean uh it's great it's just you know everybody's wanting to get into commercial space and i want and i'm interested it's like okay where does the baseline what has actually happened with space over the years and is everyone starts all these new startups it's like silicon valley you know the whole internet crazed back in the late 90s early 2000s everybody's running into space now we need to go and secure these systems like we needed to go and secure the internet and harden web servers and databases back you know we need to do it with space too what what would be the the commercial value to the small guy

here i mean it's one thing to have infrastructure in space that's probably communicating quickly with satellites and doing storage compute type things but what's what's the guy in the cayman islands going to use it for let's say well your uh your the the weather they uh say if there's computing in space one of the reasons they're going one of the primary applications for putting computing resources in space is a there's weather weather satellites that could be collecting imagery in space or be looking at certain parts of the island watching for erosion et cetera and be able to pre-process the imagery and instead of sending everything that is collected down and using all the bandwidth to send just

everything and overworking analysts that are already very busy the if you if you have the storage in space if you have the computing power then the computer in space can pre-process apply analytics but you know play the ai do all the image analysis get all that automated so that the imagery is pre-processed and only what you need is sent down uh so you know so you're uh so your military your uh whoever your environmental whoever is watching the environment and protecting the environment the national parks et cetera can be getting only the imaging that they really need the best imaging where they can focus instead of having to look at you know terabytes of data and

keeping their bandwidth and running up their cost they can just use what they need and so there's a lot of applications though that are going to come about as a result of that storage being in space and only going to be limited by the creativity but the image analysis is what comes to my mind first uh that's the easy one any more questions uh i'll i will tell you i don't i don't have a slide for it but if you hit if you hit me on linkedin if you want the slides i'll send you the slides uh or twitter i'll send you the slides if you like them share i'll give them to the conference

but if you're interested in playing with uh satellite software you can mock up especially like you know if you have children that are interested in space and and learning about the systems there is a lot of capabilities available in the open source community and all you need is the power of a raspberry pi or a beagle bone you don't have to have a high-end computer run this there's a open sat kit open s-a-t kit from nasa freaking nasa it's going to work it works good in the inside of nasa instead of the open in the openstack kit they have cfs core flight software which is cubesat software that actually flies and then it includes ball aerospaces

cosmos which is a ground system software and then they have another tool that they give you this is all free called 42 that is an orbit simulator it's very nice there's sat nogs there's one called that's a s-a-t-n-o-g-s check that out there's uh also nasa has called nos 3 nos3 that's another free resource another one is artemis check out artemis uh and this is all open source and you can go and uh you can boot up like i said you can boot up you can build satellites on your table on your you know kitchen table with raspberry pi's and beaglebone running core flight software and maybe this stuff will run in containers runs in vms

so if you want to if you're interested in learning it you know more it's good it's just a great stuff to take back to you know local schools and help the kids start playing with see if they can touch it and also for security research but anyway if you if you're curious about anything that i can send you send you lots of links and all this like i said it's all out there on the net any more questions but if nothing i appreciate you all letting me come and speak and uh i appreciate all the hospitality of the island everything's been great the food oh my god i've eaten so much good food met so many nice people it's been

awesome thank you