When you think of Cyber Security you probably think about your iphone getting hacked, or your email, or your companies servers, or your credit card, or bank card or health care, or banking, or government information plus so many others…
But did you ever stop to think about how a huge chunk of all the data populating all those things actually gets there? Not in the sense of how Google asks prospective employees to describe how the internet works. But close. Think Space.
Satellites are massive growth industry, for both government and business alike. We have scaled globally from a situation 20 years ago where only a handful of countries could afford to mount in orbit operations on even one satellite.
Now there are literally thousands of satellites in space with more and more getting launched into either permanent or semi permanent orbits — along with resulting real space junk and debris following closely along.
There is a correlation of increased launches with smaller launch packages, increasingly smaller and lighter satellite platforms and lower cost; with massive increased consumption and transport of data in both up and down link; and other bands.
All of this has led to a reset of the cyber security needs surrounding ground stations, launch facilities, terrestrial platforms, satellites, rockets, and of course the data. There are multiple types of data flowing into the typical modern communications satellite. Up-link, down-link controls and management software, then data payloads of voice, video, data, etc + then often reversed in direction again. Add to this the security levels, the control levels and maintenance levels — and there is a digital river of information coming in and out of every satellite, ground station and in between.
This is one of the major targets for global cyber war efforts by governments as well as cartel hacker groups and other groups seeking only power and information to then bring money.
One of the key weakpoints is the people on the ground and their BYOD (Bring your own device) methods + practices – whether sanctioned or not.
Along the same lines is the social engineering side of hacking and cyber war and how people’s pictures, social media posts, location tags, and other digital exhausts can be combined in a detailed matrix for an attacker to figure out organizational patterns, phrases, colloquialisms and other ways to use psychology against us.
Another key weakpoint is that many of the cyber security protocols designed for this global data transfer every milli-second is that they are simply outdated and not up to the task of modern efforts to hack and crack this technology and its safeguards and firewalls.
Follow my remarks in a few more weeks to hear more on the very real risks being posed by the explosion in satellites and data flowing between Earth and Space. Indeed, Global Cyber Security is on Earth + Space.
A few weeks ago I wrote this piece about #IOT Cybersecurity and how it affects personal and brand reputations. I got a lot of criticism for basically speaking the truth. I appreciate all the tweets, emails and Linkedin posts engaging on this piece, including all the people who attempted to say I was wrong.
But the points raised in that piece are simply the opening salvo in a multi front disruption. The disruption is NOT IoT. The disruption is to switch from product leading first with security as an afterthought in the rush to go to market. What needs to change is the mindset to build in design security from the beginning,
Last week I sat on a panel at the California Cyber Security Task Force meeting. The panelists were all cybersecurity experts, from across the field, including homeland security, penetration testers, strategy and policy. When it came time to talk about #IOT Internet of Things, we were all asked what people thought about the current state of cybersecurity in IoT.
The answer from the entire panel was: THERE IS NO SUCH THING AS CYBERSECURITY AS OF YET IN THE INTERNET OF THINGS.
Think about that for a second. Or maybe longer. Sure there are a few Iot devices that do offer some level of security. But often, as was raised by one of the other panelists, that is simply writing a marketing statement to the effect of “We take your security very seriously.”
But most IoT devices do not provide any real security, and many are simply copies off other IoT devices that also have no security. Then you have to add in the problem of the unsecured devices talking and sending your data to other non secure devices and or third party companies.
The disruption has to be the switch from rush to market with little to no thought about security — to one where security is built in from the design level up and where devices are not put on the market without first being hack tested every which way to be able to prove their security credentials. Otherwise, we are all simply at very real risk. In part because of the inattention or even stupidity of others who do not think this is important; or in the rush to market skip cybersecurity completely — or just write a lame #fail marketing statement about how they value your security.
Alan W. Silberberg, CEO of DIGIJAKS