Space operators must start planning for and implementing quantum-resistant cryptography now to ensure that space national security systems are resistant to emerging threats, a senior cyber official for the National Security Agency (NSA) said.
Darren Turner, chief of Critical Networks Defense for the NSA’s Cybersecurity Directorate, said cryptography is a key part of cyber defense for space systems, in his keynote at CyberSatGov in Reston, Va., on Nov. 7.
In the current threat environment, nation-state adversaries and malicious cyber actors have increased in scope, scale and sophistication, Turner said. China and Russia are complicit or suspected in several cyber security attacks against U.S. satellites in recent years, and this environment puts the importance of cybersecurity for space systems in stark terms.
“When it comes to space cybersecurity, stopping rampant cyber intrusions is this generation’s counterterrorism mission,” he said. “It will require an infusion of talent and maximum effort across the United State’s government, our allies, and industry, to adapt, innovate, and sharpen our competitive edge in order to dominate in this evolving space.”
The NSA is the designated National Manager for National Security Systems, which are defined as information systems that require special protections, like those used for intelligence activities or command and control of military forces. In that capacity, NSA is the focal point for cryptography, telecommunication security, and information systems security for IP systems operated by the United States government, Turner said.
The NSA supports government and industry partners in developing and certifying cryptographic solutions to protect space national security systems, Tuner said. “We are working with the commercial sector and operators to embed NSA-approved cryptography to protect critical communications, like supporting national security missions, and to align with the Committee on National Security Systems (CNSS) policy,” he added.
He strongly advised space system owners to use “robust” cryptography.
“Although encryption is truly our last line of defense, NSA’s crypto mission protects our nation’s most critical secrets from the nation’s most capable adversaries, and protects our warfighters on the battlefield,” Turner said. “Our ability to deny and deter begins with encryption. As the code makers, our cryptography secures everything from tactical radios used by the warfighter to their critical weapon systems.”
In order to harden the space architecture, the ground segment must be secured, Turner said, because the ground segment can be subject to cyber attacks like malware injection. He cited the 2018 hack on NASA’s Jet Propulsion Laboratory network, in which the hacker stole approximately 500 megabytes of data.
Quantium resistance is a key theme in hardening the space architecture across the U.S. government and industry partners. Turner emphasized quantum resistant algorithms for data confidentiality, secure key exchange, and robust software signatures to keep space national security systems resistant to threats.
“The time to start planning and implementing quantum-resistant cryptography is now,” he said.
NSA’s goal is to be quantum-resistant by 2033. Turner said that while that may sound like a long time, modernization at scale takes time, including developing an internet protocol encryption standard for future space-based network encryption solutions.
Turner made a pitch for collaboration to work on these issues, pointing to the NSA’s Cybersecurity Collaboration Center, which has hundreds of partnerships with industry to protect the defense industrial base.
Partnerships across government and industry is what made it possible to attribute the attacks on Viasat’s KA-SAT network to Russian military operations. Turner said that on the morning of the cyberattack, a private sector partner reached out to NSA Cybersecurity Collaboration Center with reports of anomalous activity. This allowed the NSA and industry to act quickly to respond.
“As a result of this collaboration, industry and government made it possible for NSA to push out tailored mitigation guidance to its partners at the [traffic light protocol] Amber level within just two weeks of this attack to ensure others that other satcom providers could harden their defenses,” he said.
He also highlighted the NSA’s new AI Security Center announced in September, which will function similarly to the cyber collaboration model working with U.S. industry, national labs, academia, across the IC [Intelligence Community], the Department of Defense, and select foreign partners. This new center will develop best practices and risk frameworks to promote the secure adoption of new AI capabilities for national security and the defense industrial base.
The NSA “cannot do it alone,” and the future of space operations will require a new cybersecurity paradigm, Turner said.
“This paradigm has to withstand pacing cyber threats,” he said. “This new environment includes close industry and foreign partnerships, enhanced policies, and international frameworks that will underpin future successes and allow us to collectively defend this domain.”