Hacking Satellites
Satellites today lack basic security controls. With as little as $300, you, too, can hack into commercial satellites. So that’s an emerging IoT problem. Frank Pound and Login Finch talk in this episode about their work with Hack-A-Sat. It’s a unique Capture the Flag challenge that’s never been tried before. Here’s the background story of how the project got started … and where it’s going.
[Heads Up: This transcription was autogenerated, so there may be errors.]
VAMOSI: On October 4, 1957, the former Soviet Union launched the first manmade satellite into orbit. Sputnik, which means traveler or wayfarer in Russian, sent back this eerie radio signal for three weeks before its three silver-zinc batteries ran out. Sputnik had no solar panels. Sputnik was largely a proof of concept. The satellite itself continued in orbit for two more months until atmospheric drag caused it to fall back to earth on January 4, 1958. Later that same year, the United States answered the Soviet challenge with Explorer 1, and by then the space race was off and running.
KENNEDY: Space is open to us now. And our eagerness to share its meaning is not governed by the efforts of others. We go into space because whatever mankind must undertake, freemen must fully share. I therefore ask the Congress above and beyond the increases I had earlier requested for space activities to provide the funds which are needed to meet the following national goals. First, I believe that this nation should commit itself to achieving the goal before this decade is out of landing a man on the moon and returning him safely to the earth. No single space project in this period will be more impressive to mankind, or more important for the long range exploration of space and none will be so difficult or expensive to accomplish.
VAMOSI: And the benefits from space exploration have been many. Consider that before we had satellite photography of earth, we had no idea the true shape of Hurricanes and Typhoons. We knew these were massive storms, and certainly felt their effects on the ground, but we couldn’t necessarily see their rapid development over the Atlantic and Pacific oceans, let alone predict when and where they would strike. Now their forbidding eyes and swirling clouds are common and online. Satellites, though, weren’ the end of our efforts in space.
So for much of the 60s, 70s and 80s, space activity remained the playground for the nation states that could afford it, mainly the United States and the former Soviet Union, now Russia. An exclusive club.
Then, in the 90’s we started to see other nations join the club and commercialization. The private satellites were still launched by governments but they were largely administered by the corporations themselves. And then, only recently, have the launches themselves become commercial.
So in 2020, a group championed by the US AIR Force and the US Space Command created a capture the flag competition unlike any other. They called it Hack-A-Sat. The idea was to see whether hackers could gain control of a satellite in low earth orbit. This is the story of that challenge.
I’m Robert Vamosi.
And this is ErrorCode.
[MUSIC}
POUND: Satellite technology that we’re seeing today has been democratized put into the hands of non nation state. It’s been put into the hands of universities and even high schools and other entities that are building software defined radios now that can easily communicate with unencrypted communications channels using, you know, very easy to decipher protocols.
VAMOSI: This is Frank Pound. He’s a technical advisor with the United States Space Force team that is hosting the hacky sack programs. A few years ago, when Frank was transitioning out of the Defense Advanced Research Projects Agency or DARPA, he saw the writing on the wall so to speak. And he was early. At that time SpaceX was still crashing, and the idea of commercial space operations seemed just out of reach still, yet Frank sensed, and sensed correctly, that successful launches by SpaceX and Blue Origin and others would eventually happen.
As a kid Frank grew up in Florida, right across from the Kennedy Space Center. He remembers literally waiting for the school bus in the morning and would see rockets being launched– not just with astronauts, but satellites going into orbit and probes going into deep space. For him, rocket launches was normal. And so, as an adult, Frank went to work with the aerospace industry, and eventually found his way to attend DEF CON.
For over 30 years, DEF CON has been the largest hacking conference in the world. And in the last ten years, the committee that runs DEF CON started to allow various interests to hold their own villages. These are mini conferences with themes such as Lock Picking and there’s ICS, where they had a model water treatment plants to hack. And then there’s the Aerospace Village. Ostensibly it’s about hacking airplanes, and no, they didn’t park a 878 in one of the ballrooms at CAESARS, they had digital models which allow you to hack into simulated systems. The Aerospace Village was both an effort to show that hackers could potentially influence, and also a wake up call to the aerospace industry about what’s possible, what thinking outside the box might look like. But why stop at 30,000 feet? I mean, the second part of that word, aerospace is space. Frank, who was involved with the Aerospace Village, became involved with the Hack-A-Sat project. In fact, Frank was there at the beginning.
POUND: The Hack-A-Sat project when we first got together in the fall of 2019, sort of this island out on the coast of Virginia called Wallops Island. NASA has a facility out there. We had sort of not really a secret meeting, but we wanted to get away from everyone and sort of concieve what this would be like. So since that time, I think we timed it just right, because cybersecurity is becoming a really big issue. Right now. In space. it’s all basically this big team of people that come together to work on this problem in a very fun, engaging way that the public really enjoys. Even wave laypersons are super interested in.I guess, in the past seven years or so, with the creation of Space Force, SpaceX and companies like SpaceX starting to really get a rhythm into launching lots of satellites in space over and over again, to make it sort of boring demos because we’re so used to seeing it. So it really comes at a good time.
VAMOSI: What he means is that when launching and supporting a satellite in orbit was the work of a nation state, that was an example of security through obscurity — I mean who would hack a satellite? Who could?
POUND: And like I said, you know, when we got thought patterns that you know, went into satellite design, which was you’ve got an exclusive club of big companies and big nation states, that are the ones building these things. They’re very expensive and the technology is very hard to develop. And so nobody would ever be able to tap into any of that stuff, even if it was unencrypted because it was the tech was just so far out of reach together
VAMOSI: For the bulk of the 1940s, 50s, and 1960s, the government and very large corporations had access to computers. And security was an afterthought, if even a thought. Then, with the democratization of personal computing, starting in the 1980s, we saw a few computer viruses — remember they were spread on floppy disks. And then, with the commercial internet, that’s when we really started to see hacking for criminal purposes take off. And the urgent need to secure our once unreachable computer. There’s another example of innovation and commercial acceleration. The internet started out as something controlled by the government, and then slowly — or rapidly– became democratic and commercial.
POUND: You saw the democratization of the internet. And then suddenly we had all these internet issues we had to solve because originally the internet was created back in the 60s and 70s by ARPA, which became DARPA as a research network to study how we would communicate, you know, after a nuclear work or so they wanted to build all these resilient nodes. They didn’t ever really plan to unleash it on the world. So soon, but that kind of just happened. And then we had to put all these band aids on it like encryption, right, which was never built in from the start.
VAMOSI: Here’s where the rush of innovation, compounded with the relatively inexpensive means to get into space starts to sound like the problem that we have with IoT.
FINCH: I think that that’s actually a really good parallel.
VAMOSI: This is Logan Finch. He’s the Hack-A-Sat technical lead, working with a company called Cromulous, a research and engineering simulation and training company. His job is to simulate an actual spacecraft in orbit so that hackers on Earth can try to own it. And when you think about it, that’s not such a crazy idea.
FINCH: And in a lot of ways, space, is it’s a lot like IOT, you know, and so much that it’s, you know, small, embedded, you know, a lot of embedded systems, small processors,
VAMOSI: Yeah. Space is having it’s own IoT moment. I mean, with IoT, there are these gadgets already out there. And by some estimates, we’re talking upwards of 25 billion of them most with no way to update their firmware. The same is true with satellites in near Earth orbit. Okay, no 25 billion satellites, but you get the general idea that these cans were first launched into orbit in the early 1960s. The concept that someone on earth, you know, anyone on Earth, other than a nation state with access to a large antenna would be able to communicate with these spinning orbiting devices in the sky. Well, that was unheard of in the 60s, 70s, and 80, yet, today, in the 2020s, anyone can, with $300 of hardware and a software defined radio access a satellite. This common availability, at least in terms of access to satellites, just happens to coincide with Elon musk, Jeff Bezos and Facebook and others launching constellations of cheap satellites to fill our night sky with ribbons of tiny diamonds. Ironically, these cheap satellites are to provide more internet access to relatively inaccessible parts of the world. We’re not talking about nation states anymore, with vast resources. No, we’re talking about billionaires and big corporations. And do you think they take the time and effort to harden the circuitry on those devices? I think you already know the answer. And maybe now you will agree that the problem that we have a satellite sounds a lot like IOT, and just like IOT the threat is now that all those 1000s of satellites already in orbit and those that are about to join them are vulnerable.
FINCH: but, on the flip side, and potentially even more of an interesting problem is space technology as a whole, you know, as it is really lagging behind the rest of, you know, kind of normal IoT stuff.
VAMOSI: Normal IT stuff such that there’s a feeling that a disposable electronic device, like an internet connected toothbrush doesn’t need basic security. Yet, through an app, it can leak personal information, if not the registered users name, address, and email, it can also reveal health issues. So we’re starting to make the same mistakes with space. Already we see the lack of encryption in legacy satellites. At BlackHat 2020 held just a few days before DEF CON and Hack-A-Sat One, James Pavur gave a talk called Whispers Among the Stars, A Practical Look at Perpetrating Satellite Eavesdropping Attacks. I remember watching that talk online. Here was this kid from Oxford University, citing examples of satellite communication that he’d been able to intercept on his own. Using a $90 satellite dish and a $200 digital video broadcasting satellite tuner, which could be found second-hand online,Pavur said he was able to intercept a variety of satellite traffic .
PAVOR: It’s August 28. A sysadmin logs into the control panel of a wind turbine in southern France and updates its firmware more than 600 kilometers away. Their PHP session token appears on my screen eight months later, and an Egyptian oil tanker holes into the port of sfax Tunisia with a malfunctioning alternator onboard from my vantage point within 1500 kilometers away. I learned that this ship will be out of commission for at least a month and I learned the name and passport number of the engineer is flying away to fix it. Just this summer 13,000 meters above the Atlantic Ocean. The accountant of a Polish Real Estate Group finishes touches on your annual financial report. The word document she prepared reached my computer at the same time it arrived at the inboxes of her colleagues and your parent company one of Europe’s largest private commercial real estate trusts.
VAMOSI: With such a low barrier to entry, Pavor said an attacker could be in a different country, or a different continent, and listening to your private communications. So here’s a researcher intercepting business communications that are bouncing off of commercial satellites in orbit around the earth. He’s not attacking their ground bounced servers; he’s relying upon the unencrypted communications from earth to the satellite and then back down to earth again.
POUND: What you saw with that Black Hat presentation in 2020 was an example of that where you know the sort of the tail of that legacy still exists and it goes back to the 50s and 60s and 70s. And it sort of just stayed that way for the longest time.
VAMOSI: And this was a false assumption. Eleven years before James Pavur gave his 2020 talk, in the summer of 2009, Adam Laurie, also known as Major Malfunction, gave another talk at Black Hat in which he confessed that he’d been studying hacking satellites since 2000 or so.
LAURIE: A lot of this research is over 10 years old. And I’ve just recently really started work on it. And the reason was, I saw a video of a talk I think was given the hack in the box or somewhere by Jim get govt and how have you pronounced that underneath? And they did a talk called Hacking a bird in the sky. And if you Google for it and find the video, it’s actually really, really cool. What they did was they actually took over a satellite uplink and figured out how to fix the IP address and stuff and they ended up sending their own traffic via satellite. And one of the things they said in it at the end of the video was, well, you know, we’re sure lots of people have been doing this kind of stuff for a long time, but they haven’t talked about it. And so they kind of put out a call for anyone who’s done any satellite hacking, to come forward and talk about it. So I thought, well, hang on a minute. There’s all that stuff. I did you know, a few years ago, why don’t I take that out the box and see if it’s still applicable, see what’s changed, see if I can actually do something new with it. So that got me interested in it again, and I dug it all out and I started playing. And that was about three years ago, and I’ve been promising to make this talk for about three years. And I you know, people have been saying what are you up to? I’m playing satellites and stuff. So okay, so why the hell has it taken you three years to publish something? When you already know what you’re doing, you’ve got all the tech and you know, you’ve got it all there. Why is it taking so long? Well, the simple answer is when you start pulling stuff off satellites. There’s a lot of boobies out there. So porn basically gets in the way. So you think I’m gonna do an attacking on satellite stuff and you start hacking away and then all this porn starts coming down. It’s just very distracting. So that’s why it’s taken three years to do something pretty simple.
VAMOSI: So if hacking commercial satellites as far back in the early 2000s surprises you, it shouldn’t.
POUND: I think the space industry finished their trial and error period in the 60s and, and they’re very very hesitant to, to do crazy experiments, because it’s just the you know, they learned their lesson with all the rapid development in the 60s, you know, we had some crazy accidents in the three astronauts burn up on the launch pad because they had a small fire in the capsule and then you had Apollo 13 And you know, all sorts of things were learned. I think the Russians themselves had a bunch of accidents too. So they’re so the space industry learned from that and they’re very hesitant to introduce new things without analyzing them to the nth degree.
VAMOSI: The problem is that space is no longer an exclusive club.
POUND: I think we timed it just to write we knew that these problems were going to exist even well, before 2019. I was looking into some of the stuff in my prior position. And I knew this was going to be an issue because we could see companies like SpaceX, we could see all the democratization of the technology making its way into the commercial sector. And no longer was it this exclusive club now. It was in the hands of pretty much anyone.
FINCH: And a lot of that has to do with the fact that you know, you’re putting things in space, you want to make sure that it has heritage that it’s going to work that you’re not going to get to spend all this money building designing, launching it and have it you know, just get fried by radiation or something like that. So, the industry, you know, tends to stick with, like tried and true solutions. And, and because of that, you know, you might not necessarily get all the, you know, modern hardware that you know, might exist in a more traditional IoT system on the ground. So you have to manage that as well. Which is an interesting problem for sure.
POUND: we need to do a better job of protecting this information and applying some, you know, modern cybersecurity standards to satellite design, especially for commercial low Earth orbit. You know, sort of low cost satellites. There’s going to be a lot of them. There’s a lot of them now, they’re going to be used for all manner of different applications.
VAMOSI: Here’s where innovation comes in. Small satellites today can do a variety of niche things. Consider how agriculture can benefit from commercial, not government satellite technology.
POUND: You know, people are going to be monitoring their crops and they’re going to be doing sort of like really, you know, highly high resolution, Pinpoint Weather, analytics and other sorts of analytics with all of these things flying around in space, call them things because there’s so many different types of satellites now. So yeah, so it’s sort of a sort of watershed moment.
VAMOSI: So again, if we had an IoT problem with the existing satellites in orbit. It’s about to get worse as more and more tiny, specialized satellites get launched. Which is funny since we just said that space systems have to be rigorously tested. So, what are people like Logan and Frank doing about all this? They’re taking this esoteric problem directly to the cybersecurity community. They’re taking this problem to DEF CON, for example. They’re building unique capture the flag competitions that simulate the problems we’ve outlined.
FINCH:: It’s a unique challenge as well to build a a CTF in this context, right? It’s just, nobody’s really ever done it before. And it’s an interesting problem because you know, space, in general is a system of systems and that’s what makes it you know, simultaneously, very, very interesting and a super cool cybersecurity problem, but also difficult to make sure that we balance where we focus, so that we actually you know, can have an interesting game with interesting challenges over the course of, you know, the amount of time that we can, you know, have like a final event right most last year, the Finals was 24 hours long.
FINCH: Part of the you know, the mission of hackathons to try and show the companies that are doing this that you know, they should adopt these kinds of best practices going forward.
FINCH: I think it’s definitely still a work in progress. You know, with, you know, contractors like that there’s always a certain amount of inertia to change. And, and, you know, I think trying to push these things now, you know, will yield dividends in the future, which is you know, a real goal of Hack-a-Sat.
VAMOSI: Hack-A-Sat is sponsored by US Air Force, US Space Command, with support from US Air Force Research Laboratory or AFRL. And the simple idea was to a Capture the Flag that simulates what it’s like to hack into and take over a satellite in orbit. Frank, who had previously been involved with the All Military Cyberstakes Capture the Flag, didn’t necessarily know all the orbital mechanics and Logan well, he didn’t necessarily know all the security best practices that need to be involved. So taking this original idea from an island off the coast of Virginia to the largest hacking conference on earth, DEF CON, well, that took some work.
POUND: Like, again, that was that, you know, looking back at hacker stat one and looking now at what Logan’s team was building for this hacker stat. It’s that we kind of sometimes laugh about some of the things that we were doing.
VAMOSI: So how do draw the interest of traditional hackers? And how do you draw the attention of those in the aerospace industry today? You start out small. That first Hack-A-Sat wasn’t trying to do everything at once, it was an introduction.
FINCH: Hack-A-Sat One brought the cybersecurity professionals and introduced them to what space introduced them to stay. Most of these you know, the elite teams that came in, they’d never done like a space CTF before. They’re like, what is this? So it was a good way to really introduce some of the components and some of the technical intricacies of a space system. Well not dwelling on all the details that are really complicated.
POUND: But yeah, so the idea was, was to try to simulate the reality of space.
VAMOSI: Pay attention to that word: simulate. When I first heard about Hack-A-Sat, I assumed they were attacking a decommissioned satellite in orbit. Nah. They never left Las Vegas. That first year, they built models, and had them in a room at DEF CON.
POUND: I think there were eight satellites that were enclosed in these acrylic balls that were rotating around to sort of simulate at least one degree of freedom. And they were elevated on an air table. So you had the satellite just kind of spinning on one. axis.
VAMOSI: Okay, so that’s kind of weird. A room with miniature physical satellites in acrylic balls. But Hack-A-Sat wanted to simulate the reality of the project. They wanted to get into the embedded systems that are orbiting the earth. So that first year, what was final challenge for the teams?
POUND: And around the walls of the competition area. You know, there was a picture of the moon and so the idea throughout the competition was for the teams to fight through all of these challenges leading up to finally gaining full control of the spacecraft, which was sort of spinning out of control on purpose. Patch, these bugs that kept popping back up they’d have to run into patch them, but patch them in such a way that the spacecraft wasn’t disabled or, or started spinning even more.
VAMOSI: So right there, the teams had to contend with the physics of orbital dynamics. Every action has an equal and opposite reaction. At DEF CON these were largely cybersecurity experts and not astrophysicists. So, unlike other CTF teams, the Hack-A-Sat teams needed to be both security experts and physics experts in order to succeed.
POUND: The teams have to have experts who know about the two-body problems they know how to calculate the position of the spacecraft in space, they know what it means to drain the momentum out of a reaction wheel saturation reaction wheels, they understand all that stuff, but they also have to understand the nitty gritty details of buffer overflows and cyber vulnerabilities and and they have to combine those two expertise areas to really compete this year. So that sort of like the big difference.
VAMOSI: Many of the teams that year had signed up without realizing that. A few of the teams figured it out and made some progress stabilizing their satellites.
POUND: And then and then pivot over from the main flight software over to the mission payload, which was the camera and then fix bugs and fight through issues with that as well. And finally gain control of the camera and to demonstrate they had full control of the spacecraft. Not only did they have to fix all of those issues, they also had to time the imager to take the picture at the proper time. Then they had to allow enough time to download the image,
VAMOSI: Time. Yes. Unlike hacking a server that is relatively close by on earth, these are satellites in space. If an average jetliner flies at 30,000 feet above the earth, low earth orbit is 1200 MILES above the earth. And so there’s a latency. The signal has to travel at the speed of light to the satellite, then back down again to the earth. This latency was, well, new for the hackers.
POUND: There was a nailbiter right at the end of the competition, because a couple teams actually got through the entire set of challenges game control the camera, and we’re in the act of downloading the picture of the moon, the JPEG, we had a team that was sort of looking at that. monitoring that and it was really interesting to see that some of the images at noon were taken, but they never made it to the ground station. Because the time was there’s no time left.
VAMOSI: So imagine working your way through all the technical challenges, only to be defeated by something simple as the time it takes to send that photo back to earth. Even so, the challenges were biased toward the security community and not the astrophysicists.
POUND: And space people would really understand it whereas in Hackensack one. If you were like an aerospace engineer who flew satellites for a living, you would be a little confused about what we’re doing in Hack-A-Sat One. But if you came to the table today, you’d be like, Wow, this is like the real deal. This is a real space simulation. And so I think with Hack-A-Sat One, the edge was to the cybersecurity experts because there was a minimal amount of sort of space things they had to do. But now it’s sort of, you’re on equal footing.
VAMOSI: So, for Hack A Sat Two, Logan and his team began to add more physics to the challenges. And while they continued to have physical models of the satellites in a room, they were adding more simulation to the digital side as well.
FINCH: So, I first got involved with HAck-a-Sat Two, I wasn’t there for the first year hacker set one in 2019, but one of my mentors that that brought me into the company was one that was that did most of that work, and I’m familiar with all of the the early hacks that efforts obviously but yeah, so we took the all of this you know, initial build that we that we did for hackers that one which, you know, I think over over time, we’ve been trying to add additional complexity to how we simulate and build a, a challenge that, you know, has the requisite difficulty, complexity and realism where it makes sense, but also try and build a you know, some sort of interesting game and challenge that will draw in these, all these, you know, a we CTF teams and make them want to come and play and get interested in space cybersecurity.
FINCH: Hack-A-Sat One brought the cybersecurity professionals and introduced them to what space introduced them to stay. Most of these you know, the elite teams that came in, they’d never done like a space CTF before. They’re like, what is this? So it was a good way to really introduce some of the components and some of the technical intricacies of a space system. Well not dwelling on all the details that are really complicated
VAMOSI: Hack-A-Sat Two also began to expose some critical gaps in knowledge for the teams participating. What might have been obvious to people who work with satellites daily escaped the people who work in information security.
POUND: what we experienced last year, it sort of touches on some of the skill sets you see in the hardcore cybersecurity vulnerability research arena, where you have people that are incredibly talented and able to, like focus, laser like on a really hard problem. And they’re really good at discarding everything else around them, right. But unfortunately, I think that kind of hurt people because they have to be aware of all of these other issues, like Logan was describing like, very simple issues, like, you know, oh, yeah, there’s batteries that we use their charge and to charge them you have to turn the spacecraft such that the solar panels are pointed at the sun. And so that like that, that problem that they discarded, you know, kind of hurt them really, really bad.
FINCH: They’d be like, Oh, you didn’t tell us that. You know, it’s a satellite. It has batteries and if you let it, you know, you want to charge for an hour. It’s no longer going to be able to operate all the payloads and processes anymore. So, you know, we try and add in little, you know, additional tidbits of realism over time to show you know, that, you know, running a satellite is a really complicated thing and, you know, there’s, you know, people who, you know, that’s their whole careers, you know, running an operating satellites, and, you know, we can always expect these cybersecurity professionals to have all of that knowledge, which is why you know, we can pare back complexity where it makes sense, just to you know, keep things interesting and approachable. But, you know, we want to, you know, use realism to prove a point where, where it makes sense, right.
VAMOSI: So the training wheels started to come off Hack-A-Sat. By introducing some of the realism Hack-A-Sat exposed that satellites, in space, are in a really hostile environment.
POUND: So it’s, it’s, it was kind of interesting. And it’s probably not wise, nice to laugh about it, because I think a lot of people got really upset about that, because it was like, oh, you know, we should have remembered to do that. But I think that was a learning experience. We’re, we’re everyone right? Even us because we just assumed they would do that and so this year, you know, I think all the teams now are very clear, and they understand what they need to do.
FINCH: last year, we were able to add additional complexity and hack assets so we had multiple like white payloads and flight processors that were real subsystems and then running on actual hardware. Again.
VAMOSI: So Hack-A-Sat One and Two had physical components that the teams had to access and exploit. But with COVID and the global chip shortage, that wasn’t a sustainable model.
FINCH: We which we’ve kind of gone back and forth over over the time period of hackers that have you know, we can run stuff on which has, you know, a lot of cool problems that you can add with a real piece of hardware that you’re running on the ground. But at the end of the day, you’re still stuck, you know, having to maintain and run and build all this real hardware and with the pandemic, we’ve had all sorts of issues with supply chain, procuring electronic components and all that.
VAMOSI: So for HAck-A-Sat Three in 2022, the team went to completely virtual simulation. This had its pros and cons.
FINCH: For Hack-a-Sat three, we decided to go completely digital, which also allows us to, you know, have all sorts of other problems that we can talk about in a couple of minutes. But to you know, to kind of wrap that up you know, as we add complexity, we can add in certain you know, cool problems like last year we added in a simulation of all the the power system over real spacecraft, and at the beginning of the competition, some of the teams didn’t realize you’d have to, you know, maintain the state of life, or the state of charge of your batteries and your satellite and point the solar arrays and you know, keep your satellite alive.
VAMOSI: There’s the battery issue, but now there’s going to be a timing issue. Imagine trying to hack a server that only allows you to access it for 10 minutes every hour. That’s the issue with space.
POUND: They’re going to be in low Earth orbit. So that means you have about 10 minutes at a time for a pass, meaning passing overhead the internet and on earth, where you can actually do your work. Right, as a cybersecurity expert. It’s not like you, you know, are on the internet and you’re hacking a computer 1000 miles away. Where it’s got an IP address that you can continually access and you get to try and try and try and work on it and gather intelligence about and do all these things. With the satellite, lower earth orbit, you know, it’s completely different. And not only that, you have to make sure that your antenna is pointed in the right direction. You have to gimbal your antenna to sort of point at the satellite as it’s orbiting the Earth. And it’s, it’s, it’s not any, any anything like traditional see traditional CTF, you know where you’ve got these static machines that are physically available the whole time. So that’s you this year is going to be interesting to see how they handle that. .
FINCH: This year, it’s going to be similar. So, you know, we have to live within those constraints, but make it you know, interesting and an add all this realism
FINCH: Overtime Hack-A-Sat has, you know, we’ve been building and adding complexity and, you know, teaching all these teams and industry that you know, keep adding additional parts to show you know, what a real space space system looks like. And to the eventually, you know, we’re going to get to the point where we’re going to be doing the real thing
VAMOSI: Logan’s talking about Hack-A-Sat Four, next year, which will finally involve a ral satellite orbiting the earth, one that the US Space will put into orbit in the spring of 2023.
FINCH: that’s, you know, been a really cool opportunity to keep you know, adding in and showing off you know, all the different parts that you know, go into operating one of these systems, and then be able to showcase all the, the actual the cybersecurity side once you once you have, you know, built up that low level knowledge that’s needed to so,
VAMOSI: If the final challenge of Hack-A-Sat ONe was to photograph the moon, what’s ahead?
FINCH: If we’re talking, you know, from the final events type of challenges, just real quick calls aside for now. You know, we try to build in different, different challenges that look like things you might see in a real system. So last year, we had a piece of software on the ground that was like an A, a, what we call the user segment that was that looked kind of like what like a payload interface might look like on the ground that a user might use to send data up to a payload and then it was echoed back or, you know, does whatever it needs to do up in space. And then we had the spacecraft itself. So we have, you know, the command link and the telemetry link. Last year a hacker said those were always available, which is, you know, not realistic in a real spacecraft. You’re not always going to be able to talk to your spacecraft, especially when we’re talking about the small sets.
VAMOSI: So far we’ve been talking about the satellites in orbit, but there’s also the ground station aspect. With Governments, there are few uplinks established around the world. But with commercial, either they are buying ground station time from others, including governments, or they are simply operating in limited areas, therefore limiting the time you have to actually be in contact with a given satellite.
FINCH: That’s, that’s, you know, kind of the way the systems are built there, you know, some of these companies might build their own ground stations and put them around the Earth. Some of them might be buying time on commercial, commercial ground stations, there’s all these, you know, other startups and other you know, space companies that are building these things and making them available as like, you know, a platform as a service kind of thing which is a whole nother discussion. But we’re adding that part now.
VAMOSI: One suggestion that renting satellite time will be as easy as ordering from Amazon. But that’s still a ways off, and generally beyond the purview of Hack-A-Sat today. At this point HAck-A-Sat only wants to reinforce the idea that you won’t always have access to the satellite in orbit.
FINCH: So, you know, they’re gonna have to realize that they have to balance what they can do, and what effects they can, you know, you know, have as part of the game into these short windows where they have access to the satellite, which is, you know, I think it’s going to really be interesting to see how things go.
VAMOSI: With Hack-A-Sat Three in 2022, already there are repeat teams, teams that have participated in all three challenges thus far.
FINCH:I think, you know, we’ve had a few teams that have now you know, well have been finalists for all three years. And that’s exciting for them, you know, because they are building up all this knowledge over time. But at the same time, we have to try and make it accessible to you know, a team that just qualified this year, which, you know, we’ve, you know, one through eight way we handle that is by making all the old material available that they can download and try and run.
VAMOSI: As part of the Hack-A-Sat rules, teams who participate in Hack-A-Sat, if they want a shot at the prize money, they have to write up what they did to solve the challenges. These are available on the Hack-A-Sat site. And these are valuable to new teams, enabling them to see the types of challenges that have gone before.
FINCH: I mean, and then you know, everybody puts up right up there, how they solved the challenges in the previous years. And it does all that stuff. That’s part of what they have to do to qualify for the prize money that the Air Force is making available as part of the the Gesetz stitch the challenge, like there’s a whole wide challenge authority, that’s, that’s put out by the government where they can build these challenges to, you know, meet a specific need. So they have to provide feedback and you know, something that’s useful to the community.
VAMOSI: Basically, Uthe US government is trying to get more eyes on the problem today.
POUND: And that’s, you know, another interesting side of this whole thing is we get to see very unique, you know, ways of approaching some of these problems we’ve seen, we’re seeing stuff where, like, you know, some of the teams did things that we didn’t even think, you know, we didn’t even think about as the designers, which is really cool. You know, a lot and a lot of ways, you know, they’re a lot smarter than us in cybersecurity. You know, they could come up with ideas and approaches that like, wow, that’s really cool. That, you know, always blows me away. You know, just what, what folks are capable of, especially very, very smart, smart people which all these teams are made up of, you know, a lot of really smart people.
VAMOSI: AT the time this episode was produced, the finals for Hack-A-Sat Three were still five days out. The finals are going to be covered in part two. In the next Error Code episode, I’m going tol talk about the winners of the Hack-A-Sat Three, the use of digital twins in the simulation, and also about the future of the program. All that’s in the next episode of Error Code and I hope you’ll subscribe for that.
Error Code is written, produced and voiced by Robert Vamosi. Let me know what you think? You contact me on Mastodon @RobertVamosi.
