Space
Cyber Blog
Australian Space Cyber Quarterly Update
Introduction and Welcome
The organisers of the Space Cyber Forum decided that a quarterly update on the space cyber activities in Australia and Internationally. The aim is to build up awareness and capability within Australia to combat the growing threats, and opportunities, based on cyber activities related to Space.
The last thing we need is another document to read, so we are attempting to keep it to one page and high level, allowing readers to investigate topics of interest in their own time as they please. We welcome contributions from the reader base, or elsewhere.
Australian News
- The second space cyber forum was held in June and a turnout of over 170 participants attended. In addition a full day workshop was held the day before with 30 attendees plus multiple assistants and observers [2nd Australian Space Cyber Forum] Next years event is scheduled for June 2025.
- A MOU was signed between the Adelaide based Australian Cyber Collaboration Centre and the Colorado based Space Information and Analysis Centre. [Australian Cyber Collaboration Centre Partners with Space ISAC]
- The Department of Home Affairs is holding a Critical Infrastructure Security Excellence Workshop on August 9th.
Global News
- NASA has released the first iteration of its Space Security Best Practices Guide to bolster mission cybersecurity efforts for both public sector and private sector space activities [NASA Issues New Space Security Best Practices Guide – NASA]
- The Aerospace Corporation has release its latest update to the SPARTA framework, Updates | SPARTA (aerospace.org)
- Two US senators have proposed the Spacecraft Cybersecurity Act to protect NASA’s missions by integrating cybersecurity from the design stage, countering threats from cyber-attacks. [How the Spacecraft Cybersecurity Act can protect NASA from cyberattacks]
- While not new, those interested in a detailed description of how the US DoD recommends implementing Zero Trust Architectures – their detailed guide is a great resource. [Department of Defense Zero Trust Reference Architecture]
2nd Australian Space Cyber Forum, Wednesday 26th June 2024, Adelaide Convention Centre
Thought for the quarter
The CrowdStrike incident provides all of us with a wake-up call as to what happens when a widely used cloud service stops. Having prepared Business Continuity Plans before and after the advent of cloud services, I have noticed that it can be very easy to adopt the approach that some services are “too big to fail” or “what can I do about it ?”. In my experience there are ways to provide usable workarounds such as regular backups on diverse platforms or on prem infrastructure. What is tricky when some cloud services do not make it easy to export data on a regular and automated basis. As a user base we should be demanding these features as part of our selection process to cloud applications. There is a caveat however, the solution for survivability also needs to be secure.
Future Space Critical Infrastructure rules should start to incorporate this type of thinking into its regulatory frameworks, ensuring that an inadvertent or planned major outage doesn’t have the ability to impact time critical space services. Space, as a major horizontal service to other critical infrastructure silos is a critical point of failure to our wider wellbeing.