At this year’s Defcon conference, the US Airforce brought along an F-15 fighter jet data system to be evaluated for vulnerabilities, and serious vulnerabilities were found. The US Airforce is changing the way it looks at cybersecurity and is embracing external cybersecurity experts to assist in securing military technology. Rather than work in a bubble, they agreed to allow a hand-picked number of researches to attempt to highjack an orbiting satellite.
The F-15 fighter jet data system has many parts that are built by smaller third-party companies who don’t always design with security in mind. Working with external researchers allows the Air Force to understand these vulnerabilities and can start writing stronger security requirements into its SLA contracts.
How is this going to work? The Air Force will put out a call for submissions to researchers who are interested, then handpick their contestants, and allow them to test in a non-prod environment against satellite components.
The winner will attempt to compromise the ground station controlling the satellite, or the satellite directly altering the camera that is pointing at the earth, and change the position to capture the moon.
https://www.wired.com/story/air-force-defcon-satellite-hacking/
I don’t have much to add to this article but this is an interesting read. Thank you for posting this Andrew. I can’t really tell if it’s scary or exciting that this is happening. This statement by Roper is very true “We have to get over our fear of embracing external experts to help us be secure. We are still carrying cybersecurity procedures from the 1990s,” I remember reading that our missile systems have a ton of vulnerabilities because they haven’t been upgraded in years. I dont exactly remember whether it was NG or LM who let pen testers in these systems and find weaknesses and surprisingly it didn’t take much time for them to uncover some basic security stuff!