BSidesSF 2026 - Securing Space: The Next Frontier for Security Engineers (Anshu Gupta)

All right folks, thank you for joining for this session. Uh if you thought security was just on earth, think again. So we got Anu Gupta uh talking about securing space. Uh get your question into Slido and let's launch over to you. >> Very nice. Can everyone hear me? All right. Amazing. So I think when I was developing this session you know uh my goals were one I would say educate you know make people aware of all the keywords and the third one is inspire which is like this is something super exciting and you know I just feel that people don't know about it I mean we have been doing traditional security you know everyone knows about cloud apps IoT

security and so on and now AI is all the rage but I think this is one area which I feel there's a little bit lack of awareness about the very very interesting testing things uh that can be done and especially it's uh interesting because up till now it was primarily the government which was uh active in this sector. So if you think of you know satellites being launched, space station was primarily NASA and maybe a few smaller players who were uh like Boeing and others but it was not really wide open but now there tons and tons of companies which are coming into the space. So there just too many opportunities. So I think this is the right time to get in

and you know I hope like you know we don't miss the board on this one. So if you look at uh satellites I mean the is fundamental to civilization. So we depend on what's called pnt. So positioning, navigation, timing. So literally you know in this day and age we simply can't live without GPS. You need connectivity you know beat your uh there quite a few like starling quer and these are like private uh constellations which are providing internet connectivity all over the world. Um so everyone was aware of like uh some of the role you know they have played in the geopolitical conflict. Um and for climate this has been forever for wildfire monitoring for climate

monitoring changes which are happening due to uh you know global warming intelligence earth observation. Uh we have constellation we're constantly imaging like you know are the forests shrinking and so on. The bottom line is this is very fundamental for us as a human race how we using uh space and then but the interesting thing is nothing magical like there's like literally it's all just code plus hardware and if you think of satellites I mean I think of them as IoT devices with solar panels that's what they are but the interesting thing especially from a security perspective is they're operating in a highly contested domain. It's almost like uh you know the Arctics. Everyone is like you know I'm

going to put my flag in there now I own the place you know all the minerals and everything belongs to me. So that's why security becomes very very important that how do you secure the assets that you have put out there in the space and there was very interesting uh conversation happening you know the ger who's the creator of Python he's like oh what language actually you use do you use python Mr. It's a must price. No, no, no. We use C C C C C C C C C C C C C C C C C C C C C++ which is very interesting. They're still using C C++ even for SpaceX. They're not using the latest

memory safe languages like Rust or Go and say, oh, we use Python whenever uh runtime performance is less important. Uh so it's very interesting. I think there was another conversation going on where we said you know when we have AI writing code maybe we'll write code which is straight u you know bits and bites and not like high level languages because you can exactly tell what to do you don't need a middle layer because not humans not writing code so can we just get instructions and you know have uh code written which is directly working at the bits and by level so you have uh you can get done exactly what you need to be

So the other interesting thing is pretty much every single Fortune 500 company has a space strategy now which is like how can we use this asset as new uh technology advances and it's very interesting you can you personally can send a a small sat like you know like hey you know I'm not going to make a down payment for the next house my summer vacation home I'm going to like you know get my name in history and you know launch a small satellite with my kid maybe that high school project he'll help him into good good get into some good college or whatever. So for uh 50 uh for 50 kilos you just need 300k. So

if you have like a you know some pocket change maybe you can send your own satellite but it's interesting it's cheap that's the bottom line 300k for 50k uh it's not millions of dollars it's just 300k for 50k 50 kilos and if you look at just the number of startups and companies which have come across uh yc funded 55 of them uh if you look at the companies on the left astrofor force karm they're all into mineral exploration someone saying we're going to go to asteroids some are saying we're going to go near earth asteroids some are like we'll go to the moon and they're raising real money so they're going to hire people they're going to

hire people to secure their systems so it's a huge opportunity and if you look uh the space tech start market map different aspects natural resources consumer tourism people are going to say people have money they're like I want to see the word uh from space like how does it feel you have interplanetary uh travel uh you have re R&D work communications data analytics so in every domain there tons and tons of startups which are coming up and there's opportunity for all of us and if you look at the skills you know RF engineering there's some I would say people who have uh electrical engineering background. They have a little bit of leg up in terms that you

know radio frequency engineering softwaredefined radio uh but this is more on the hardware side um you know real-time operating system people who have some networking background uh protocol analysis but once this data comes to the ground you need an entire infrastructure uh to support like a huge uh stream almost like media consumption that you have data coming in from uh space now you need to make sense of it. So you need people who will man uh manage the entire ground segment and we'll talk about the different segments in terms of taxonomy and right now there's a massive talent shortage uh and this is where the opportunity is and in fact like that was kind of uh one of the triggers for this

talk that there's massive massive opportunity uh which uh people are not aware of and literally like people who are in current roles they can transfer their skills to new roles. So a cloud engineer becomes a ground segment defender. So anything which happens on the ground, you have these ground stations which are receiving data. An appseack engineer could become a flight software everywhere because at the end of the day it's all code. It's nothing special. It's just code just like regular code which needs to be you know make sure it's cued, it's tested for vulnerabilities, buffer overflows and so on. And a sock analyst can become a orbital anomaly hunter which is like if something malicious goes on because

if you put something out there people are not going to le it live it in peace. They're like how can we exploit this? Um maybe we put like a small piece of code through lateral transfer and you can do that like you have your big satellite thing going on. Someone launches a cubat next to it and is able to if you have like you know really weak implementations maybe can do you know hack into your satellite and do lateral transfer. So they're going to say, "Oh, we don't want to touch you right now, but when the time comes, maybe we'll have this cube set just, you know, bump into a satellite or maybe launch a

malicious payload. We don't do anything now." So you think, "Hey, you know, we two are just like, you know, hanging out together." But when the time comes like boom uh either through uh code transfer or direct kinetic impact. So again even from like threat modeling you have to think that is once we launch I have to think about communication links I have to think about literally like when we think of security is like you know can someone enter the server room do we have badge access so you think of physical security too same thing like in the cloud you'll have to think from all aspects of security uh when it comes to space uh this happened literally three years

back four years back now with the wires attack and uh basically what happened was that this European company called uh Utilat or YSAT they had a network called KSAT which was attacked and it was not like hacking the satellites themselves. Basically someone was able to uh send a malicious update to the modems and was able to fry them. But was very interesting in the sense that it caused disruption all across the people were like there were national security agencies all over the globe who were using this company and like we don't work. So the company itself was getting uh you know calls from all over the world who were using their services and initially it was

launched by um you know because of the uh the Russian Ukraine geopolitical conflict going on. So it was primarily directed against the Ukrainian military command their command and control centers but it had impacts globally. Uh it even had uh the European residential customers were impacted. there was a German energy company which was uh monitoring their wind turbines. This basically stopped working. So it has hu and that's when people uh a lot of nations came together and they actually read the statement that you know this was unacceptable behavior and that's also when the sanctions against Russia kind of got started. So this was actually a big deal because before then like you know there were some things

happening here and there but this was real and this is what kind of united the rest of the countries and saying hey you know this is not acceptable you can't do that and this was actual malware which was used was called acid rain wiper and the a the uh the way they were able to attribute it to Russia was the malware family was used in the past by a specific AP PT group and that's how they were able to establish that this is u a Russian origin um malware and yeah just literally they didn't hack the satellite they just overrode the flash memory on this beam 2 modems and and we do have like uh very recent

cases where there are real world implications so uh in Iran And they they said we know it. We're going to cut the internet. People can't upload anything. We don't want the word to get out internally externally. But there are a lot of Starlinks which were smuggled. But then when the government started jamming and these are like really highowered jammers which are basically truck mounted and between 20 to 30 miles uh basically if you have a Starlink or any kind of terminal it won't work. So what they'll do is wherever there were areas of pro protest or any hot air hot spots, they'll basically bring these trucks and jam the hell out of uh and even on the battlefield. So if you look

at the Ukrainian war, um there's tons and tons of jamming happening because these are drones flying over. They rely on the GPS signal and through jamming they try to bring them down. uh but again there are both u physical and electrical counter measures. So physical one is you know when you have a terminal like a starting terminal it's expecting a signal from up so it's literally pointing up but the signal from the jammer is coming this way I mean jammer cannot like you know go on top of you so what they would do is they would actually put enclosures around the terminal so any signal like which is coming uh horizontally will not hit your

terminal in Ukraine battlefront they were digging uh ditches so they they'll uh dig a ditch and put the terminal inside it. So any uh jamming which is happening horizontally will not impact your terminal. And when and Starling did some interesting things which is they did it programmatically. Uh so basically I think we'll talk a little bit more about it but you can have your terminal sense that one the jamming signal is going to be very intense. So you can create a blind spot that I'll not accept any high frequency signal which is coming meuh coming to me from this direction. So you make the terminal smart and it creates a blind spot that you know like I see some sort

of jamming interference. So you have this uh anti-jamming uh features that need to be built in. So again that's that's an example of a realtime update. So they didn't have it. It was done through a realtime patch and there are other physical ways as well in which what you do is that your terminal has multiple antennas and the way the signal hits every antenna the the terminal can figure out that this is a leimmitate signal or like a jamming signal but there is a inherent problem with the GPS signals they're weak they're coming from the space so you can basically drown them out So uh again that's a inherent problem but then you have to figure out

what are the counter measures and again same security principle weakness risk counter measures and it was very interesting the jamming uh was very asymmetric in Iran they said we will not let anyone upload so downloading they were not targeting but they were jamming the upload capability and it's interesting like and I was actually very very surprised like oh like you know Deoid I mean I work for you know two of the big four firms Anson Young and KPMG and like oh Deoid launched a satellite but it's interesting they partnered with a manufacturer called Spire Global and they're actually going to launch nine of them I believe um the first six I think are like more software and the

last last three are going to be hardware and pretty much they're testing something called what they call the silent shield where is almost like a threat monitoring solution uh which will detect intrusions. So there it's all as a test bed. It's not something real that you know they're doing anything uh productive right now. It's mainly as a test bed and they hired a lot of people who are working for the government and the space agencies to build that practice out. But again like many of these firms will do these investments only if there's a market and right now the talent they're hiring is from uh government agencies. uh and I think the biggest problem with

space right now is that you have legacy hardware. It's almost like these old routers or modems that we people have bought uh or IoT devices and we never update them because maybe there's a hardware level there's a default password that has been put by the vendor for patching and so on. So same thing I would say with space is that these are very expensive uh uh pieces of equipment who were um focused primarily on function that you know I want to do remote imaging I want to modifiers I want to see weather patterns they are like not no I'm going to do like think of um zero trust and I'm going to like you know f build the

whole thing from scratch thinking zero trust in mind that was not the case and especially with all these startups they're running they're run by venture money which means that they need to quickly prove product market fit can they make actual money so which means is fail fast iterate but the problem is like once you launch something that you can't bring it back hopefully one day we can like claw these satellites but right now once you launch it you know it's there and it's not easy to retrieve So it's going to be very interesting time for the next five years that all these startups who are developing you know hardware software uh I we wish and we hope that whatever

they're launching is secure uh but if you know they think of the SAS mentality which is like you know do things fast break things is going to create problems for all of us because this is an asset which cannot be retrieved. uh trivially.

So I think pretty much like just like you know for a lot of things all the countries came together and they said we will agree on this common behavior international laws for this space also it becomes equally important. So there's something called Kesler syndrome where literally someone hacks one satellite and it can literally cause havoc. Maybe you have the satellite go around and you know bump into other satellites maybe do uh cause disruptions and whatnot. So one rogue asset can cause lot of damage for everyone. And honestly like you know if I'm thinking from that like worst case scenario I would think of like a rogue country like literally launching something say I'm right now but I have

an asset or capability which will I'll use if I have to And again like some of these uh orbits if you put something there uh and it maybe there's debris or something you can't use it anymore unless you literally like clean it up which is not possible right now. So you deny the whole humanity of that particular orbit uh forever space segment tonomy. So again this is interesting like you know every domain has a few specific keywords for space uh these four space segment ground segment link segment and user segment so space segment is literally everything which is out there it could be the rovers because it's not here on earth it's like on Mars or moon that's space

segment the actual satellite that's space segment ground segment is like you these huge antennas which is getting data your mission control centers and it's very interesting actually Amazon has a service called the ground station where they say you launch the satellite you don't have to care about anything so it's like actually if you Google like AWS ground station again I was like very surprised so it's literally like you know you have platform as a service now you have like satellite backend infrastructure service that you don't need to worry about the back end we'll take care of it you just launch your sat the light and the other interesting thing that they have done is they have built uh

these ground station next to the their data centers. So they say there's already latency uh for data coming from the space of the local ground station but we'll try to compensate it by bringing it next to our data centers where there are you know lot of um fiber cable optical networks there. Then you have the link segment. So one is like up link something goes up down link something comes from the satellite down and this cross link so when two satellites talk and it's very interesting earlier that was not the case but with the newer constellations like uh Starlink all these satellites talk to each other it's literally like you know at home we have these mesh networks same thing is

happening in the space and there's a interesting there's a handover happening because literally they go over uh if you look at the sky they're like going over. So there's a dynamic handoff happening uh in the space a user segment. So these are your modems, your satellite phones, hand handsets and literally if if you think of it like there's a cable between your ground segment and your space segment. It's just highlight density. I mean there's no physical cable. It's like a long invisible cable. uh GPS and GNSS. So one GPS is owned by the US government. So the global positioning system is owned by the US military. GNSS is a global navigation systems. This is everything. So this is

GPS plus you know the Chinese, the Indian, the Europeans. So that's like the in totality of all the satellite navigation system. But GPS is 100% owned by the US government by the US military in particular. I think we talked a little bit about jamming that you know you have a signal but you just uh create so much noise that the leimate signal dies down spoofing. So a lot of incidents are happening because of spoofing right now especially in Middle East right now. So this is a real active thread right now where um people are using it to manipulate u positioning, navigation and timing data and there pictures the uh videos on YouTube you can find that the

clocks on the ships are rotating. There's a lot of weird behavior happening because of an active electronic warfare going in the whole Middle East theater which is directly impacting these ships which rely on space data for navigation. Uh jamming is easy. You just like create a lot of noise electronically. But spoofing is harder because you're trying to pretend someone you're not. which means that you need to basically mimic the behavior of another device which is used in the whole u space architecture. So literally like maybe a vessel is relying on some ground station. So you got to know exactly how that ground segment station transmits to be able to spoof it. uh TTC which is telemetry you know like

these are signals like oh you know is it where is it you know the battery going down did it uh get charged properly you know the panels are working right correctly is it overheating so these are all the telemetry signals about the satellite itself tracking and it's very interesting like you know these are not stationary they have thrusters and boosters they move around and they get repositioned as well so sometimes it's just uh they have some fuel on board and sometimes they just have these uh solar panels which will charge the batteries which they can use to move around command. So since these are not stationary objects, you do give them commands to move and all. Uh so the

there's a command function to it as well. But there's the biggest vulnerability there is there's no encryption. There's no replay protection. You can like you know replay command manipulate it a bit protocols. So again this is actually the again I was very surprised by this as well. earlier there was nothing existed but now you know there's a body which came together so just like you have ISO or the NEST or like you know other standarding standardization body internationally and nationally for space there's actually a body called uh CC SDS consultative committee for spacers that's a big acronym uh and they do have a few u things which they came up with because they're like oh we're going to sit together and

figure out how to do this properly uh so that there's some commonality some standardization so they came with this the space packet protocol uh the advanced orbiting systems and the USLP unified space link protocol and it's literally like the OSI model like you know the OSI you know physical data link network transport session presentation application I still remember it because I have masters in networking I love it so I I use every time to show off that I know my networking stuff Um uh but yeah so the CCSDS uh is the body and they said hey let's figure it out let's do some standardization and they actually have a very interesting conference which you know

honestly like a lot of us don't go to I actually didn't know about it it's called space and actually it happened in San Diego I think in 295 and basically you know people they have a specific track on security and uh they find found that there were vulnerabilities and what was the current parcel implementation uh from CCSDS and the challenge is the same that you know earlier when internet was developed when you have TCP, IP, FTP, UDP the focus was on functionality that we want the internet to work. Nobody thought that you know there going to be bad people you know trying to figure out how to break this and you know do bad things. The same thing has happened in

space is happening in space right now which is people are assuming good intent. They're not starting from like you know the word is bad. Let's make sure that this cannot be exploited. They're like let's just get this working. Um and they said okay we have all this uh you know old stuff which was not properly secure. Let's do something new. So they came with this the SDLS the space data link security protocol. And this is a nice specification and if you see it was last updated in July 2022. So it's not super old just like four uh years back they came up with some recommendations but the current adoption is pretty low and typical like there's high overhead

if you do all the authentication encryption it requires compute these are already small devices with not lot of memory and compute and now you saying you know I'm going to do all these functions on top of it cause latency uh you don't have enough computing and memory to do those so literally you know SDLS is the IP sex for space. And the other thing is like okay like this is all good stuff like what can I do now? Like I want to upskill myself. I want to get into space but do I you know is there a school to go for space security? No. I mean you can start it like at home. Literally you can buy uh

you know this kit for softwaredefined radio and start tinkering. It's like 47 bucks 48 bucks. It's like very very easy to you know start tinkering and trying to figure this stuff out and there is software called GNU radio or sad dump dragon OS. So this one is actually uh a screenshot from SAT dump. Uh once you get the data which is usually over the air you grab it and then you can graph it and looks beautiful like you can see the whole earth because it's kind of overlays on the earth and you can sniff there a lot of tools you can start sniffing just like you had uh these um you know different networking tools where you plug in and

you can sniff network traffic. Same thing you can do for space traffic right now. cube sets. So this is very interesting you know actually I was telling my daughter that you know um let's do a project together and make a cube set together. So she was like is this your project or mine? I said like how about we do it like a collaborators like 50 50% you 50% me uh and we'll do a cube set together. Uh so again these are very small like 10 centimeters by 10 by 10 and it's interesting like you know high school kids have done this already. So they have developed cubats and basically you know they are um you know you have lot

of vehicles and they're basically deployed as clusters. So maybe 10 high school kids launch it together or something. So honestly I think it's a very cool project. Um, but since they're small, they don't have security and they can be used to do bad things. So, they're all like, you know, fun and games. But the problem is you're launching space and, you know, you can't, you know, get back your, you know, kids project from space. Uh, the ground segment. So we as we talk there's a link segment, ground segment and the ground segment. I think this is an example of the AWS is that they have so this is a picture of where they have all these ground uh segments and if you

look you know everything comes from the satellite and AWS handles everything including the physical devices to intercept the traffic. So they say the only thing you have to do is just like you develop the application we'll take care of the back end. you don't don't have to care about databases you know they have different services for streaming and whatnot. So they have developed optimized services for the space for the ground segment as well that you know you focus on feature functionality will focus on the ground u piece and it's very interesting actually Microsoft also had a service called Azure orbital and they were doing exactly the same thing but they sunset the physical component to it and they're more

focusing on data that um you launch satellite you also build the around hardware piece of it but once the data comes in you can upload it to Azure orbiter and we'll help you make sense of it supply chain so again like just like IoT devices like you know can a nation state uh actor says oh you guys are going to doing this this satellite for this unit this specific chip I'm going to become like the only provider or one of the three providers for that chip and then I'm going to send you a special package uh you know mixed with uh three other packages. So this is absolutely possible and if there was a nation state actor they

would absolutely do this because it's a long-term game. It's not something that you know you there's an immediate impact you do this to have an impact 5 10 years down the line. Uh threat modeling space systems. So for appspec you have regular strides spoofing tampering repreation information disclosure, denial of service, escalation of privileges but it works for the classical application uh security for space there's something very interesting something new called Sparta. So literally like if I was to apply for a space security job instead of stride I need to have Sparta. Um and it's interesting because it has something very unique threats like for example one is orbital maneuvering you know can someone stop my orbital

maneuvering can someone else's orbital maneuvering impact me and it was developed by aerospace corporation and again a lot of people don't even know about it so this is actually a nonprofit which is owned by the government it's I think almost like 40 years old they were the original creators of GP GPS. So they actually created GPS and they came up with the and all the information they have launched is unclassified. So they don't share everything but they're like if we don't share anything then people are going to do whatever. So they said let's put something out there so people do tinker around in a safe manner and we also set some standard standardization. So this is like literally what it looks

like. It shows sub techniques uh recon initial access execution almost like the attack framework and again there's a website you can go you can check the counter measures there's something called IOBS indicators of behaviors it has the whole inventory uh this is what like a pentest would look like so for example said okay like somebody has launched a service how do I do a pentest so RF recon so radiorequency recon like can I hear what your satellite is saying and can I basically get you know some sensitive data out of it. Telemetry analysis uh protocol fuzzing um uplink abuse. So can I you know manipulate your uplink which is not encrypted and can I send it a

malicious signal that hey you know start moving around so much and you deplete all your battery or go in direction go down burn yourself chain insertion. So this is the long game which I I can guarantee uh that some of the nation states are playing. But again like if uh okay all this is bad like what can we do? So if we are in the space which is so it's a little bit of like almost like IoT security which is hardware security module secure enclaves root of trust ephemeral keys you don't want permanent access that once that key gets exploited gets shared in the whole world and anybody can play with your satellite but again there's very interesting

challenge is that these things are moving so the window for um rotating credentials or doing any changes is small it's not always going to be like uh it's except geost stationary satellites these are moving moving objects so there only few orbits which are geostationary where the satellite is basically uh stay in the same place so you can like say hey this is going to stay there forever but the rest of them actually move around uh resilient coms so and this is very interesting like there are few techniques like one frequency hopping which is like you know you uh spread spectrum, you have multiple ground stations and the spread spectrum is very interesting is what you they do is that

they uh put some extra signal in into it. So you have small signal but you make it look big. So someone can't figure it out like you know what kind of signal it is anti-jamming jamming I think we talked a little bit about it like spatial filtering which is you have multiple antennas in a physical device and uh the way the signal hits every antenna uh it can be used by the device to figure out if this is an actual legimate signal or is it like something coming from the ground trying to jam you null steering antennas is um and you create these blind spots which was done by Starlink which is like oh this is bad

stuff coming to me I'm I will ignore anything which is coming from this direction and you can do it through a OTAA update incident response uh so one is like just ruling out because this is in space so the biggest challenge in space is that everything has to be rugged like if you just put an electronic it will get fried in 2 seconds because of radiation because of solar flares these are magnetic storms happening. So anything that you put out there has to be rugged where it cannot be uh you know impacted by. So the first thing which it happens you got to check that something I see something malicious is happening maybe something is showing overheating or some

weird stuff is going on. So the first step you do is is it natural phenomena or is it something malicious? Then you check your ground station health. Analyze side channel data. Side channel is you can't figure out from the main channel but you see what are the properties you know does it thing is it moving around is it blinking. So you try to figure out troubleshoot by if you can't get access to real telemetry through other signals. Um last resort recovery mode. So this is almost like doing like Windows uh you know restart. Uh I'm pretty sure like there's a space version of restart which is uh how do you make sure that you know

if everything doesn't work do we get to the reset mode you know we remove all the configs and see like how this thing functions but again IR in space is slow you don't have physical access to it it's right up there uh role of AI in space so again this is uh the latest and greatest which is how can you use AI even in the case. So onboard anomaly detection which is all this data is being generated on the device and if you have a specific module which can say is is this bad and if this is bad why is it bad and can the ground station do something about it. So instead of the whole problem solution

monitoring happening uh at the ground station can you do some onboard anomaly detection autonomous response that if you see there's an attack being launched then you can already have runbooks embedded in the device says if this happens do this um and again you know we call it uh AI has the potential to be an onorbit uh security officer open source tools So again the barrier to entry is very low. They're are very active communities and again this is like the ham radio community. Uh so there's a community called satnogs. So literally their mission is that why space owned by the government like why you and me as a common citizen why can't we do something

like you know why is not open source. So they came up with a movement where they're standardizing everything you know specifications and this is an actual actual antenna which has been developed uh by one of the PE you know community members and there tons of them. So again this is a beautiful community which honestly I would love to be part of at some point in time because they're doing amazing work. It's communitydriven. Uh there's something called Libre cube which is an open source ecosystem. NASA does it have something you know which they provided like core flight system and again you can start learning this weekend there's absolutely no one stopping you from checking out sad nogs

uh that you can buy the hardware you can check their protocols you can check their specifications but whenever you do something good the government always like okay let me tell you how to do it so there there's some regulations as well um but I think most of the directors have been on the good side which is how do we dominate this space? Uh you know it was initially just like some um space forces now in an independent arm just like the regular army and stuff. So I think the US has always had the lead and from what I see there's active uh initiatives to maintain that lead. So these are very new like December 18,

2025, August 13, 25. So as recent as last year the government is saying that we want to be world leaders and we want to maintain this p uh leadership. Um the subjective this is Jan 225 this is April 24 so pretty recent like this if you think it's like just like two years old so it's not something we miss the boat on this we can literally get on the boat right now. uh NIST has come with some standards 2023 there's something called uh cyber security for commercial satellite operations there's a framework for pnt services positioning navigation timing they said if you develop a ground segment this is how you can go about it um NASA also has something called space

security it's not very well written it's like too wordy for my taste so I hope they did a better job at writing this if you want to go to sleep maybe read uh matei which is the Japanese uh space. So it's very interesting like we don't know but other countries are very active into space. Uh Japan is very active. Israel is very active. Uh China is super active. Actually I think there's a lack of awareness what they're doing. They have their own version of ISS. Have you do we ever hear about it the experiments they're running? So a lot of countries are doing stuff that but they're not telling anybody. So it's very interesting that you know some countries

are open sourcing stuff that hey this is what we do let's try to make space a better place let's use it safely securely but a lot of countries are doing stuff good stuff but we don't know about it uh and again this is the example like Germany has something of uh this is like 2023 technical guideline for information security for space systems and another good thing which I think uh US took the lead on is developing the ISAC so these were companies which came all together. Some of them are universities, some of them are companies, some are defense contractors. So there's a lot of good information if you want to like start like reading up

uh there's a resources page. Then EU said oh we can't be left behind too. So literally 2025 last year 24th June 25 they came together. US has a ISAC we're going to have our own ISAC too. So they launched their own ISAC in last year. So not very is just one year old but if you look at the tons of industry bodies industries you have defense contractors like tales uh you have public partners you havememes which are small and medium enterprises uh ana which is the European space agency launched a very uh put a very nice report last year 2025 about the threat landscape so it's a very good read if you want to just it's a little

bit lighter read not super uh technical but it gets you warmed They also have a GitHub page. I was like that is interesting. Uh and they have put a controls framework there as well. And again in true government fashion or you know they have a excel sheet with the controls.

Okay. Yeah. Uh it's like en I s au uh spray space uh threat landscape. So but again I just loved that they're trying to make it as friendly and as uh accessible to us and I'm not super crazy about this Excel sheet I guess but it does it's interesting you know controls control title control control description. So there's some good stuff there and I'm pretty sure it's heavily reviewed that everything is accurate and so but it shows intent it shows effort. So that way you know I love it and uh this is again very brand newish comment put a lot of money into this it's called a space uh war fighting center again launched under aerospace

again in a a body which a lot of people don't know about. So this is like on like hundreds of millions of dollars was u used to build this facility. You can do wargaming, you can do lot of tinkering, experimentation. So it's available to all different agencies and it's in Colorado's you know space of the state-of-the-art facility. Uh summary, you know, secure the ground station. This is because this is where people can have physical access to they can uh control your uh uh any kind of patching updating that happening here. Encrypt the link segment which is cross uh up link down link cross link everything should be encrypted hardened space segment. So making sure that you

know you uh these devices are built from zero trust making sure threat modeling has been done controls are developed in terms of authentication key rotation and so on and use and I think this is a new threat modeling standard I think we should be aware of it the principle the same the environment is just more hassle that's it I think I might have time for one or two questions thank you >> uh thank Thank you Anu since we do not have a time uh feel free to DM or email if you have some question to Anu. >> Yes. So I'm very active on LinkedIn you know send me a LinkedIn invite. I write there a lot uh you know uh space is just

something which has you know got really me excited and I hope you know you caught a little bit of this excitement today. Thank you. Thank you. >> Can I have a round of applause for Anu taking security beyond the earth and into the skies?