Alan Silberberg - Global Cyber Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] so I've been doing a lot of work with some federal agencies on space most people are really concerned about what's happening on the ground with your daily lives and rightfully so but we should all be concerned about what's happening in space because it affects every one of us every single day just briefly about myself as i said i'm the founder of digits i formerly worked at the White House and all said the National Archives the cybersecurity expert for the small business administration and I do some work with us gif and some other agencies as well so we've all seen pictures of launches and rockets going up in space and or maybe the explosion in last week of SpaceX it's exciting you know I don't know who's anyone ever been to a launch raise your hands if you ever have so you if the people who've been there you know it's very loud there's a lot of commotion there's a lot of people there's a lot of logistics that goes into it and people think oh the launch you know great Rockets up satellites in space we're good to go actually that's really just the beginning of the cybersecurity issues that occur with this you know you have to think about the complexity of what's going on with a launch you have a ground station you have a satellite you have a payload you have the launch itself you have the data going up and down there's actually multiple streams of data in in commercial satellites there's eight or nine levels of information going up and down and government satellites it can be even more depending on what kind of satellite it is the cybersecurity was kind of an afterthought for space for a long time it just wasn't something that people were thinking as as a threat and and it was only recently that we start to see no pun intended an explosion of commercial space companies starting to use government facilities government launch facilities and that's created just a huge number of launches of payloads of satellites just a tremendous amount of activity going on around the globe so really it was just until about five years ago that the satellite makers in the ground station equipment manufacturers really started to think like what's going on and then that happened at the same time that cert issued several warnings about the ground station satellite the technology in the ground stations on how vulnerable they were so 25 years ago there were basically dozens of satellites in space now this is actual a live picture taken roughly 1,100 satellites or pieces of satellites in space right now that includes space to brief from satellites that are depreciating this is not including just the junk that's up there the batteries and whatever from over to space flights there are websites that track all so these two images are taken from open source my entire remark stays open source generated entirely from research on the open web there is a website that allows you to track every single satellite where it is what is doing who launched it what does payload is what is height is is azmuth everything that's going on with the satellite you can track in real time because it's open source that means that the criminal is the bad guys the nation state actors also have access to the same information now the worst has lots of data this is actually a website that shows these different types of images you can click on any one of those dots and you'll see the full information about that satellite in real time so let's backs up you know the first thing about cybersecurity that that I believe is most important is people and this is true in any organization whether it's space the FBI you know a bank school whatever it comes down to people BYOD bring your own device this is a relatively new phenomenon we all do it I'm sure some of us probably carry two or three devices at a time multiply that by the number of people in the facility multiply that by the number of people those people know and suddenly start thinking about the exponential relationships that occur just through one person and their device and this leads to social engineering social engineering takes on a bunch of different levels and I'm not going to get into too much but basically it's the idea of people using psychology to get into your head so that your then revealing your passwords you're giving up information about your organization social engineering can come through open source research on the internet it can come through people knowing you and so when you are looking at the cyber security relationship of people to their devices the social engineering part of it is playing a huge role constantly the USBs obviously you know most government facilities don't allow you to walk in and out with the USB for good reason USBS can be used not just insert an hour to also exfiltrate data but they can also be used to air gap to jump the air gap between machines now so that a USB could be put into you know a device and that could actually be used to air gap whatever's on that device I'll walk by photo video SMS social media that's the idea of okay you've got something on your desk you're going to trust it environment so you don't think about it you go to the loan you go to launch we go to the breakfast or go to the bathroom and you leave your stuff on the table on the desk and someone walks by it takes a picture of it and then within seconds that picture is wherever it needs to be it's on the internet it's in social media to an enemy another nation state a lot of people are lazy with their devices just comes with you know time you don't want to do more than a 4-digit password you don't want to maybe use biometrics you know you want to kind of make it easy but that ease of use makes it really easy for criminals and nation states to break in as well obviously people can be corrupt they can be leveraged by organized crime or foreign intelligence services and there's the disregard of security protocols we all hear about that a lot but it's actually a big deal especially with BYOD because what it does is once you're saying well I'm going to ignore the basic security protocols and I'm going to use my multiple devices those multiple devices you know you've just spoken a hundred different ways of the security protocols not just the one or two and then of course there's someone who's actually willfully intending to do some damage caused espionage or damage and the devices themselves can be hacked so you know you have to think about that when you're carrying your device into your into the organization or into you know a ground station facility for example in this case you know in our business we recommend that everyone you know whether our senior management or you know anyone coming into a conference room they actually take their devices and put them into a lock box on the outside of the room it's a lead box or steel box but it doesn't allow any signals in or out of it people get pretty pissed off when you say you know what you cannot have your phone in here it's a security risk they'll say well i'm the CEO or on the whatever i need my phone no you don't for those 45 minutes you can put in the box and so organizations that aren't doing this you know right away you're making a very clear mistake with the BYOD world and sends on cyber security and device access to ground station networks needs to be really closely monitored this is true in any organization but in this situation where you've got real time data going up and down a 24-hour stream you know you have to be wondering why someone is using a VPN or remote by practice or late night email logins when that's not their job and that's not their responsibility what does that person doing at three in the morning using a VPN to do something okay you have to start looking at those anomalies because in this type of situation those have those anomalies actually usually are showing you a pattern of behavior and that's also true for the home server log ins that aren't at a normal time schedule or something to off about it in addition to this the physical security concerns who obviously of gates you've got cameras got guards dogs etc and the BYOD can also be used to actually insert malware so someone can bring a phone smartphone connected to a network and from their smartphone they could actually put something on to the network now the network would hopefully catch it and there might be some sort of time where you know it won't work but someone with intention and this is really the important word here someone within 10 can use almost any kind of device to walk into your facility if they're cleared and they're approved to be in that facility they can do all kinds of damage and a BYOD device can also be used on the exfiltrate data and also like I said to transmit that data instantly so someone who's a guest in your facility at a ground station for example could walk in take a picture of something on a desk and before you even knew it there have it out onto the dark web onto social media SMS texting I mean this stuff takes seconds so once somebody has it on their device is literally seconds maybe less before it's a spread around the world ground stations are physical locations they're usually pretty big sometimes they are small often they're in remote locations and often times what happens is because the remoteness of the location the physical security aspect is we have a fence we've got cameras some motion sensors but we're good because no one's going to come out to the desert or no one's going to come out to the mountains or whatever because of the physical proximity actually these ground stations are real target four first average security people because they've learned that the ground stations until recently really weren't that well protected and that and that it was pretty easy kind of faked being a contractor and walk in the grounds of one of these so because if they are these darned physical things they attract a lot of attention I talked about people a lot because it's really important the people the training the understanding how we all work together who are the threats through the people that you've invited as guests but when you think about the cyber security for a ground station for a satellite setup there's actually a number of levels going on here so people's number one they have incoming data from other ground station networks and that could be in the form of a phone call that could be doubted that could be an SMS that going to be facts that could be almost any way that the information is being transmitted it depends on the age of the other ground station or the age of the legacy system providing that data in the first place then you have incoming data from the internet and extra nuts incoming data that's down for satellite payload uplink and then the outgoing data down from the satellite payload downlink uplink data downlink data mainland's level control level security level there are a few others on military there's those some other low levels as well and with weather satellites is also some other but this basically this is what you're looking at when you're talking about you know what's going on with a ground station and the cyber security concerns around it and this is where you really have to think about there's a merger of physical and cyber security that has to occur to make a force multiplier work in this instance physical and cyber has to be brought together because you're talking about physical situations you're talking about ground stations because they're physically attractive physical targets they are not considered critical infrastructure so unless there is a threat specifically made on a ground station most the time you will never see you know National Guard around a ground station or FBI or police you'll see some paid security contractor if that oftentimes it's just a fence these ground stations are really easy to identify and track there are websites where you can actually put in the name of a facility and it will tell you all the devices that are connected to the internet from that facility and then you could actually go deeper in a deeper dive into each device and figure out you know what are the default passwords fat device where the default resets once you start using online research and again everything I did here today is just open source from the internet you can actually figure out okay this ground station is tracking this type of satellite using this type of server using this type of equipment using this type of software all for free all it takes is the time and effort to do this if I can do this or you can do this so can China so can Russian of soak in Iran and soak in the hacking cartels you also have scatta installs that are connected to the Internet and again same thing with the scattered devices you can pull down the the default passwords the default reset data you don't have to be a computer expert to do this stuff you literally just have to know how to use google and you know do little extra research you don't have to be on the dark web to get this kind of information which is actually a little bit scary because you realize that someone with ill intent could spend some time doing some research and they then have a fully prepared cyber attack ready to go and then this is a real world representation of the need to blend physical and cybersecurity into one force multiplier and I think that this last sentence is something that really carries well beyond the cybersecurity issues of satellites and ground stations but really into almost any activity or any anything that has a physical relationship so an important question is when you're thinking of your ground station cybersecurity what is your ground station cybersecurity look like from space so when someone if you're running a ground station you have to assume someone's targeting you whether it's the Chinese or the Russians or you know a company that some shadowy LLC in the Bahamas and someone's looking down from space and they're looking at your movements they're looking at the people they're looking at the signals coming in and out and they might actually be cataloging that simply from space and you're not even paying attention to that so this is like you know when you're talking about securing the facility and you're going and you're everyone's looking down well we have to look up to so you know we all think we know who the attackers are we probably have a fairly good idea most the time the attackers for sure know who we are for sure this is just a very brief list of attacks that have occurred on to satellite systems globally this most recent one this 2016 one the the information from that is still kind of coming out because the Australian Government has kind of clamp down on the full facts of this but in this case the the company news star their network was so corrupted and it was so bad that the NSA refused to install software into their ground station that they would normally install to allow cryptic traffic to go back and forth they literally refused and the Australian said well it's not that bad we'll fix it we'll fix it they ended up having to put in a new network in the new star company three times that companies now bankrupt because they literally couldn't fix the amount of problems that they had mostly attributed to the Chinese and this is a very pervasive attack they went after the satellites they went for the ground stations they went after the companies that were the intermediaries and they actually went after the the ground data streams as well in 2013-14 the u.s. weather systems the non-military NOAA satellites were hacked this was attributed to the Chinese and mostly at that point they just gave bad weather they didn't really do anything they weren't tasked to move they didn't change their geospatial orbit but they could have been the there have been a number of commercial satellites that have been penetrated since 2012 although it might have been earlier no one's really sure this has been mostly attributed to the Russians using an ATP I started apt turlet apt and what they went after is the satellite protocols again with the knowledge that in 2014 cert us-cert issued multiple you know alerts about the the hardware and software containing ground stations and this Russian attack apparently kind of went after that specifically they had already been studying that and again the ground station software and hardware from multiple manufacturers was flagged in 2014 for cyber security failures and the cert notification was issued but only some companies have made updates and so there's a number of companies legacy systems that haven't made that update yet so there's around the world there's a lot of places where there's ground stations that just haven't they haven't made the connection so the attackers know you you know we've heard about GPS being attacked the simplest network has a number of known and unknown Rowland but isn't it some of these are probably pretty bad there have been a number of issues warnings that have been issued and then this can be used to exfil sensitive data from both government military and diplomatic as well as companies and education researchers in space you have several factors have become weak points so there's an uplink from the ground there's unencrypted are already corrupted the downlink this is the same on the penetration or control the data stream and the redistributing of the data so that the bird still in space but the data that's coming down from its really messed up or they've changed the orbit or they've changed anything basically so then you also have a loss of a satellite through willful destruction or terrorism hunter killer satellites from opponents and corruption of the location or timing for signal control that read then renders saddle useless or dangerous or both there's loss of command and control through the ground infiltration or penetration there's acquisition of signals and different levels of bands from space from another satellite that could be tasked with basically hunting and killing satellite there's also satellites that the Chinese have put up that have sensors and lasers in them that are specifically designed to go after the components of another satellite take it out from afar without having to physically crash into it and the Russians have been working on similar texts as well the cyber attacks in space are becoming more and more common you don't hear about them a lot just because it's not it's not something that most reporters can kind of get their heads around and and a lot of these are classified so you just there they don't really make the news that much but there's a lot of this going on and you have to really ask yourself the basic question how can a satellite or a group of satellites a group of cube SATs be used in a malicious way against the country or against a company or person so do you know who's watching from above or why these are just basic questions that I think are important for all of us to be asking any cyber security component whether it's space or ground stations or whatever and then the threat matrix is pretty simple it goes into like the same type of sense threat matrix that we're dealing with with cyber security throughout its know your weaknesses know the weakness of the staff the training in the software anticipate that you will be attacked because it is not if but it is definitely when and then we have to use both internal external sources of information stay apprised you have to be looking at the open net and seeing all your devices listed can someone go find the default password the default reset on your device in your installation well figure it out because there's there's stuff on the web that you can tell you whether your installation is revealing this type of information and the attacks are going to occur on to all this this is what's going on now and this is what we all have to be dealing with whether its military commercial you know diplomatic and even you know the universities are doing research have to be dealing with this because of the the intellectual property nature of the research and development and the fact that the the research and development then flows into corporations and governments so the Chinese and the Russians and other players want to try to go after this there's also hacking cartels that are basically they operate like drug cartels but they're designed to be hacking cartels and they have a CEO they have runners they have the symptoms might even have a customer support person but they run that as a business they run the hacking as a business how much profit can they get from hacking satellites versus credit cards well I guarantee you that if you go in the dark net and you look up you know what's the information on a certain satellite it's going to cost you more than buying someone's credit card number or so screwed number it'll just the price of it will be a lot higher so that creates a real target for criminals the threat actors that I have identified here doing a lot of research on this the obvious ones are trained in Russia and Iran North Korea is less obvious because they don't they aren't really have a huge internet you know capability that they are however very active in space they are trying you can make jokes about it but they are constantly launching stuff whether they're good or not they are in space they're trying to be in space and they have the technology at the very least to disrupt the ground stations and to go after other satellites whether they have the technology to go up in space and actually make a hunter-killer satellite that's a different issue Vietnam has become a place where it's essentially a hacker hideaway Cambodia Vietnam a lot of hackers have gone to those countries because the the perception is that they're not such strong cyber players so it gives the criminals or the nation-state players a place to hide basically where you wouldn't think they're coming from Vietnam because people just don't think of Vietnam as a cybersecurity kind of risk ukraine in romania mostly because of in eastern europe the former Soviet states still trained classical mouth we don't do that so because they're training their students in classical mathematics what that's dealt what that does is that creates a situation where basically the youngest people there schools have the ability to create algorithms to code whether they're doing it maliciously or not Ukraine and Romania are seen to be real bastions of this in fact many American companies will go specifically to those two countries to hire coders because they've been trained with classical mathematics and there's a host of other countries as well that have sophisticated telecoms networks or where the traditional computing is taught and then there's the paid hacker cartels and the paid hacker soldier to work there's companies that are using technology and satellites to spy on the competition and on their staff or clients and the bad actors could be anyone doing unethical work or a legal work sometimes another cover of helping there are even cyber security companies who quote unquote help but they end up actually hacking to then turn around and charge your own people your own equipment and your own networks these are some suggested changes i'm not going to go through them all just for time sake but i think that when you look at these the knowledge here is pretty basic but it's the step so you have to take really going into all these different levels because the the cyber security for satellites and ground stations it actually fairly complex you're talking a lot of a lot of moving parts a lot of people a lot of geo-located physical facilities and then a huge amount of data terabytes of data going daily you know one ground station one satellite alone can be dealing with terabytes of data so when you multiply that out by the countries and the players involved it's just huge amount training training training drill your people really treat this as you know let's go through an exercise and and then do it again and here's where you failed so let's do it again because you failed so let's try to get until you get it right because this isn't just about doing a computer test in passing at one time and then you're sort of head for cybersecurity it doesn't work that way again all these are fairly basic installed two-factor authentication for everything you know inside of a network of social media you know data blink downlink they should always have that because it's at least it's not a perfect measure but it's a way that you can certainly stop a lot of the general hacking because they have to have that two-factor piece again and that could be corrupted as well but it's an important aspect of and then disable the use of bi OD on premises of ground stations or at least put it into an isolated area you know here's your room you can use your here's your room to make phone calls the rest of time your phone stays in a box somewhere same with tablets same with Apple watches or Samsung watches or whatever show done dot IO is a website it's an open source web site that is one of the ones I used to generate some of those images with shoda and you can actually go in and identify a location identify the devices that are in that location and then literally go device by device and look for the default passwords you can look for problems with that device you can see where the device is connected to the Internet out what the ports are that they're using this is all open source all on the internet on I strongly suggests that facility managers train their people start looking on the web the open web and the dark web for this type of information because this when your information is already out there you have to assume you've already been breached you know because someone's already copied someone's already been using it whether you see it or not it's already happened so I want to thank you very much sorry if I want a few minutes over you had mentioned 100 killer satellites what exactly do these attacks look like and how easy are they to detect because at least to me again seems like satellites attacking other satellites should seem should be obvious it should be obvious there's two kinds of hot rollers probably more than that but two very broadly here there's two kinds there's a hunter-killer satellite that literally will launch itself into another satellite and blow both up and then there's ones the Chinese and the Russians have been working on that have onboard sensors and lasers that they can use to target another satellite from a distance I'm only talking about what our adversaries are doing with this it's possible that we have some technology similar I don't know the but the the issue of the hunter-killer satellite you know it was originally like how can we knock a satellite out of the sky by launching another satellite and making them crash and that's still kind of part of it there are not once from what I've read that the Chinese have been working on where they they have a physical satellite in space that can then launch a second sort of smaller module that then becomes the hunter killer but the main one stays up so they're not losing the bird there's and there's a number of efforts to integrate technology onto on board of a satellite that could knock out the sensors or to change the data or to you know change the GPS settings and you know position if you change the position of the satellite even a little bit you're making it useless so they could still stay it be in space but it'd just be a floating piece of 100 million dollar drunk

Info

Channel: Army Cyber Institute

Views: 350

Rating: 5 out of 5

Keywords: ArmyCyberInstitute, CyberTalks

Id: eX5Rgp2QmoU

Channel Id: undefined

Length: 27min 51sec (1671 seconds)

Published: Wed Nov 23 2016