Senior defense officials have become increasingly concerned about the vulnerability of U.S. space systems in recent years. America’s military forces scattered around the world are heavily dependent on orbital systems for communications, navigation, reconnaissance and weather forecasts. In addition, all 16 critical infrastructure sectors in the U.S. economy rely on space systems for essential services.
U.S. rivals have begun developing mechanisms for impairing space assets as a way of hobbling the joint force and undermining economic performance. Recently released reports from intelligence agencies indicate enemies are targeting not only satellites, but the ground stations that control them, the links between the satellites and the stations, and the ability of users to access services such as the Global Positioning System.
The reports describe a number of ways U.S. space capabilities might be degraded, from electronic jamming of signals to high-power lasers that blind sensors to physical attacks on control centers.
However, there isn’t much doubt what type of aggression is most likely. It is cyberattacks. Countries like China and Russia have a diverse menu of cyber options from which to choose, including hacking that disrupts the functioning of hardware, command intrusions, denial of service attacks and outright hijacking of systems supporting space operations.
And then there are the potential exertions of criminal elements, such as ransomware. Clearly, the threats to U.S. space systems are multiplying steadily, and cyberattacks offer the broadest array of options to the biggest assortment of troublemakers.
Against that backdrop, national-security contractor ManTech last month stood up a novel approach to protecting military, intelligence, and commercial space assets against cyberattacks. It is called Space Range, and it allows users to precisely replicate space networks in a controlled environment so that their vulnerability to cyber aggression can be assessed.
ManTech, a $2 billion company headquartered in Northern Virginia, has been doing this sort of work for some time. It created the defense department’s first cyber test range in 2009, and three years ago launched an Advanced Cyber Range Environment that has quickly won adherents among major players in the financial services industry. Space Range, which began operations on May 4, is leveraged off the work that went into the latter project.
What makes Space Range unique is that it allows highly skilled cyber experts to attack exact replicas of satellites, ground stations, uplinks/downlinks and the like in a hyper-realistic environment that is air-gapped from the outside world. As a company press release puts it, that gives players the “ability to find hidden vulnerabilities, misconfigurations and software bugs on precise network replications.”
This approach to hardening space assets reflects a longstanding belief on the part of ManTech engineers that the only way to be good at cyber defense is to be steeped in the experience of attacking networks. In other words, you aren’t likely to see all of your own vulnerabilities unless you have learned how to penetrate and compromise the systems of others.
ManTech execs have told me in the past that companies specializing in only a few facets of the cyber landscape, such as information assurance, aren’t likely to see all the ways in which their systems might be compromised. To be really capable at protecting advanced information systems, defenders need some experience in attacking them.
That is what Space Range enables participants to do. It recreates the technical features of specific space architectures to the most minute detail, and then invites testers to try attacking them. The range can be scaled to any level of complexity required, and to any level of classification depending on the needs of users.
The whole system is based on a software-defined infrastructure model that can be reconfigured in hours rather than weeks. That saves time and money for users, but the most important feature of Space Range is that it offers engineers and operators a safe and legal setting in which to realistically analyze the hardening of their overhead assets against cyberattack.
ManTech has been in business for over five decades, but in recent years its business focus has been increasingly shaped by the information management and security needs of federal customers (98% of revenues come directly or indirectly from the federal government). On the cyber side, it has developed deep expertise in everything from computer forensics to insider-threat protection to supply-chain security.
The continuous evolution of the company’s cyber franchises has enabled it to thrive in a market segment that has seen bigger companies give up, while staying ahead of start-ups that are constantly appearing in the space. Cyber is one reason why ManTech’s revenues in the first quarter were up 22% year-over-year. Backlog, revenues and operating income have been growing steadily.
With space rapidly becoming an arena of great-power rivalry, there isn’t much doubt that the Pentagon’s newly-inaugurated Space Force will be robustly funded going forward. ManTech’s Space Range will likely become an important tool in helping government and industry determine where training and hardening outlays need to be concentrated.
Because if you really want to know where you’re weak, nothing will illuminate that better than being attacked. That’s why ManTech calls its approach to cybersecurity “offense-informed.” The nice thing about Space Range is that operators can learn the lessons of a really bad day on the job, without actually suffering the losses.
Read the original article and additional information at Cyware Social