National Policy Guidance for Protecting NASA Space Systems<br />Randy Seftas<br />Code 599.0,<br />Mission Engineering and...
2010 National Space Policy (Protection)<br />Principles<br />The United States will employ a variety of measures to help a...
Protection Categories<br />NASA’s existing protection policies and requirements basically fall into two very distinct (and...
Environmental Protection Policy Decomposition (Terrestrial)<br />
Space Asset Protection Policy Decomposition (Ground Segment)<br />Analysis –Space Asset Protection Policies and Requiremen...
Physical Attack on the Ground Segment<br /><ul><li>One of the easiest ways to disrupt, deny, degrade, or destroy a space s...
NASA Example:  A hard drive that contained an old version of the AQUA flight software was stolen from the AQUA/AURA hardwa...
Physical security was inadequate as there were two entrances to the simulator room and only one entrance required a key card.
IT security was inadequate since the very sensitive software on the hard drive could be downloaded to personal computers o...
Asymmetric Attack on Critical Commercial Infrastructure – Negates a space system’s mission performance by attacking it’s s...
NASA Example: An aerial fiber-optic cable that supports space operations from buildings 3, 13 and 14 at GSFC crosses Green...
Open Source Example:  For the fourth time in a week, an undersea communications cable has apparently been cut (or "failed ...
Space Asset Protection Policy Decomposition (Comm/Info Segment)<br />Analysis –Space Asset Protection Policies and Require...
Upcoming SlideShare
Loading in …5
×

Seftas.george

14,550 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
14,550
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Earth Environment - Identify Areas for Potential International Cooperation. Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: Earth science and observation; environmental monitoring; disaster mitigation and relief; search and rescue.Earth Environment – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Earth Environment – Civil Space Guidelines: Space Science, Exploration, and Discovery. (1) Continue a strong program of space science for observations, research, and analysis of our Sun, solar system, and universe to enhance knowledge of the cosmos, further our understanding of fundamental natural and physical sciences. (2) Pursue capabilities, in cooperation with other departments, agencies, and commercial partners, to detect, track, catalog, and characterize near-Earth objects to reduce the risk of harm to humans from an unexpected impact on our planet and to identify potentially resource-rich planetary objects Earth Environment – Civil Space Guidelines: Environmental Earth Observation and Weather. The NASA Administrator, in coordination with other appropriate departments and agencies, shall conduct a program to enhance U.S. global climate change research and sustained monitoring capabilities, advance research into and scientific knowledge of the Earth by accelerating the development of new Earth observing satellites, and develop and test capabilities for use by other civil departments and agencies for operational purposes.Near Earth – Goals: Strengthen stability in space. Strengthening measures to mitigate orbital debris.Near Earth – Intersector Guidelines: Preserve the Space Environment. Pursue research and development of technologies and techniques, through the Administrator of the National Aeronautics and Space Administration (NASA) and the Secretary of Defense, to mitigate and remove on-orbit debris, reduce hazards, and increase understanding of the current and future debris environment .Near Earth – Intersector Guidelines: Identify Areas for Potential International Cooperation . Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: long-term preservation of the space environment for human activity and use .Near Earth – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Planetary Space - Civil Space Guidelines: Space Science, Exploration, and Discovery. Set far-reaching exploration milestones. By 2025, begin crewed missions beyond the moon, including sending humans to an asteroid. By the mid-2030s, send humans to orbit Mars and return them safely to Earth
  • Earth Environment - Identify Areas for Potential International Cooperation. Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: Earth science and observation; environmental monitoring; disaster mitigation and relief; search and rescue.Earth Environment – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Earth Environment – Civil Space Guidelines: Space Science, Exploration, and Discovery. (1) Continue a strong program of space science for observations, research, and analysis of our Sun, solar system, and universe to enhance knowledge of the cosmos, further our understanding of fundamental natural and physical sciences. (2) Pursue capabilities, in cooperation with other departments, agencies, and commercial partners, to detect, track, catalog, and characterize near-Earth objects to reduce the risk of harm to humans from an unexpected impact on our planet and to identify potentially resource-rich planetary objects Earth Environment – Civil Space Guidelines: Environmental Earth Observation and Weather. The NASA Administrator, in coordination with other appropriate departments and agencies, shall conduct a program to enhance U.S. global climate change research and sustained monitoring capabilities, advance research into and scientific knowledge of the Earth by accelerating the development of new Earth observing satellites, and develop and test capabilities for use by other civil departments and agencies for operational purposes.Near Earth – Goals: Strengthen stability in space. Strengthening measures to mitigate orbital debris.Near Earth – Intersector Guidelines: Preserve the Space Environment. Pursue research and development of technologies and techniques, through the Administrator of the National Aeronautics and Space Administration (NASA) and the Secretary of Defense, to mitigate and remove on-orbit debris, reduce hazards, and increase understanding of the current and future debris environment .Near Earth – Intersector Guidelines: Identify Areas for Potential International Cooperation . Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: long-term preservation of the space environment for human activity and use .Near Earth – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Planetary Space - Civil Space Guidelines: Space Science, Exploration, and Discovery. Set far-reaching exploration milestones. By 2025, begin crewed missions beyond the moon, including sending humans to an asteroid. By the mid-2030s, send humans to orbit Mars and return them safely to Earth
  • Earth Environment - Identify Areas for Potential International Cooperation. Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: Earth science and observation; environmental monitoring; disaster mitigation and relief; search and rescue.Earth Environment – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Earth Environment – Civil Space Guidelines: Space Science, Exploration, and Discovery. (1) Continue a strong program of space science for observations, research, and analysis of our Sun, solar system, and universe to enhance knowledge of the cosmos, further our understanding of fundamental natural and physical sciences. (2) Pursue capabilities, in cooperation with other departments, agencies, and commercial partners, to detect, track, catalog, and characterize near-Earth objects to reduce the risk of harm to humans from an unexpected impact on our planet and to identify potentially resource-rich planetary objects Earth Environment – Civil Space Guidelines: Environmental Earth Observation and Weather. The NASA Administrator, in coordination with other appropriate departments and agencies, shall conduct a program to enhance U.S. global climate change research and sustained monitoring capabilities, advance research into and scientific knowledge of the Earth by accelerating the development of new Earth observing satellites, and develop and test capabilities for use by other civil departments and agencies for operational purposes.Near Earth – Goals: Strengthen stability in space. Strengthening measures to mitigate orbital debris.Near Earth – Intersector Guidelines: Preserve the Space Environment. Pursue research and development of technologies and techniques, through the Administrator of the National Aeronautics and Space Administration (NASA) and the Secretary of Defense, to mitigate and remove on-orbit debris, reduce hazards, and increase understanding of the current and future debris environment .Near Earth – Intersector Guidelines: Identify Areas for Potential International Cooperation . Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: long-term preservation of the space environment for human activity and use .Near Earth – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Planetary Space - Civil Space Guidelines: Space Science, Exploration, and Discovery. Set far-reaching exploration milestones. By 2025, begin crewed missions beyond the moon, including sending humans to an asteroid. By the mid-2030s, send humans to orbit Mars and return them safely to Earth
  • Earth Environment - Identify Areas for Potential International Cooperation. Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: Earth science and observation; environmental monitoring; disaster mitigation and relief; search and rescue.Earth Environment – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Earth Environment – Civil Space Guidelines: Space Science, Exploration, and Discovery. (1) Continue a strong program of space science for observations, research, and analysis of our Sun, solar system, and universe to enhance knowledge of the cosmos, further our understanding of fundamental natural and physical sciences. (2) Pursue capabilities, in cooperation with other departments, agencies, and commercial partners, to detect, track, catalog, and characterize near-Earth objects to reduce the risk of harm to humans from an unexpected impact on our planet and to identify potentially resource-rich planetary objects Earth Environment – Civil Space Guidelines: Environmental Earth Observation and Weather. The NASA Administrator, in coordination with other appropriate departments and agencies, shall conduct a program to enhance U.S. global climate change research and sustained monitoring capabilities, advance research into and scientific knowledge of the Earth by accelerating the development of new Earth observing satellites, and develop and test capabilities for use by other civil departments and agencies for operational purposes.Near Earth – Goals: Strengthen stability in space. Strengthening measures to mitigate orbital debris.Near Earth – Intersector Guidelines: Preserve the Space Environment. Pursue research and development of technologies and techniques, through the Administrator of the National Aeronautics and Space Administration (NASA) and the Secretary of Defense, to mitigate and remove on-orbit debris, reduce hazards, and increase understanding of the current and future debris environment .Near Earth – Intersector Guidelines: Identify Areas for Potential International Cooperation . Departments and agencies shall identify potential areas for international cooperation that may include, but are not limited to: long-term preservation of the space environment for human activity and use .Near Earth – Intersector Guidelines: Space Nuclear Power. The United States shall develop and use space nuclear power systems where such systems safely enable or significantly enhance space exploration or operational capabilities.Planetary Space - Civil Space Guidelines: Space Science, Exploration, and Discovery. Set far-reaching exploration milestones. By 2025, begin crewed missions beyond the moon, including sending humans to an asteroid. By the mid-2030s, send humans to orbit Mars and return them safely to Earth
  • Seftas.george

    1. 1. National Policy Guidance for Protecting NASA Space Systems<br />Randy Seftas<br />Code 599.0,<br />Mission Engineering and Systems Analysis Division<br />E-Mail: george.r.seftas@nasa.gov<br />Phone: 301-286-5765<br />
    2. 2. 2010 National Space Policy (Protection)<br />Principles<br />The United States will employ a variety of measures to help assure the use of space for all responsible parties, and, consistent with the inherent right of self-defense, deter others from interference and attack, defend our space systems and contribute to the defense of allied space systems, and, if deterrence fails, defeat efforts to attack them.<br />Goals<br />Increase assurance and resilience of mission-essential functions enabled by commercial, civil, scientific, and national security spacecraft and supporting infrastructure against disruption, degradation, and destruction, whether from environmental, mechanical, electronic, or hostile causes.<br />Inter-Sector Guidelines<br />Assurance and Resilience of Mission-Essential Functions. The US shall:<br />Assure space-enabled mission-essential functions by developing the techniques, measures, relationships, and capabilities necessary to maintain continuity of services<br />Such efforts may include enhancing the protection and resilience of selected spacecraft and supporting infrastructure<br />Develop and exercise capabilities and plans for operating in and through a degraded, disrupted, or denied space environment for the purposes of maintaining mission-essential functions<br />Address mission assurance requirements and space system resilience in the acquisition of future space capabilities and supporting infrastructure<br />
    3. 3. Protection Categories<br />NASA’s existing protection policies and requirements basically fall into two very distinct (and in some cases, mutually exclusive) categories, which are:<br />Protecting the terrestrial and space environments from naturally occurring events, and activities associated with the operation of NASA space systems. This protection category is strategic in nature and delineates environmental policies and requirements for protection domains ranging from any place on the Earth to planets in our solar system.<br />Earth Environment - The Earth or terrestrial environment protection domain includes subsea regions, the surface of the planet and extends out 50 statute miles above mean sea level (MSL).<br />Near Earth Space – The near Earth space protection domain begins at 50 statute miles above MSL and extends out to geosynchronous orbit altitude (approximately 22,300 miles). This protection domain includes the area of space that has the highest concentration of orbiting man-made satellites and launch vehicle upper stages.<br />Interplanetary Space – The interplanetary space protection domain begins at geosynchronous orbit altitude and extends beyond our solar system. This domain includes spacecraft orbiting around the Moon and planets.<br />Protecting NASA space assets from intentional or unintentional disruption, exploitation or attack, whether natural or man-made is the second NASA protection category. This category delineates policies to achieve sustained mission assurance/survivability of NASA space systems through the reduction of susceptibilities and the mitigation of vulnerabilities. <br />
    4. 4. Environmental Protection Policy Decomposition (Terrestrial)<br />
    5. 5. Space Asset Protection Policy Decomposition (Ground Segment)<br />Analysis –Space Asset Protection Policies and Requirements (Ground Segment)<br />Institutional Security – The national space policy does not specifically provide guidance on protecting the ground segment of US space systems, even though there are interagency issues regarding this topic, such as critical commercial infrastructure support to NASA space flight Centers.<br />NASA has policy directives and requirements documents that provide guidance on implementing institutional security disciplines to protect the Agency’s people and property however, this guidance is more focused on providing institutional security for large NASA organizations, i.e., Headquarters, Centers and Flight Facilities. What is really needed is a more tailored security focus on the high value missions that the Agency acquires and flies.<br />
    6. 6. Physical Attack on the Ground Segment<br /><ul><li>One of the easiest ways to disrupt, deny, degrade, or destroy a space system is to attack the critical nodes of it’s ground segment, especially if those nodes are single points-of-failure.
    7. 7. NASA Example: A hard drive that contained an old version of the AQUA flight software was stolen from the AQUA/AURA hardware/software flight simulator (which is a critical node and single point-of-failure for the AQUA/AURA operational space systems).
    8. 8. Physical security was inadequate as there were two entrances to the simulator room and only one entrance required a key card.
    9. 9. IT security was inadequate since the very sensitive software on the hard drive could be downloaded to personal computers owned by personnel working in the lab.
    10. 10. Asymmetric Attack on Critical Commercial Infrastructure – Negates a space system’s mission performance by attacking it’s supporting commercial infrastructure.
    11. 11. NASA Example: An aerial fiber-optic cable that supports space operations from buildings 3, 13 and 14 at GSFC crosses Greenbelt road from the manhole trunk main-7 (single point-of-failure) and is susceptible to traffic accidents, weather and sabotage.
    12. 12. Open Source Example: For the fourth time in a week, an undersea communications cable has apparently been cut (or "failed due to a power outage," as some sources suggest), and while no official reports of subversion have surfaced just yet, things are beginning to get suspicious.</li></ul>Agency Approval<br />Project Formulation <br />Project Implementation <br />Phase E: <br />Phase B: <br />Phase D: System <br />Phase F: <br />Phase A: Concept <br />Phase C: Final <br />Pre<br />-<br />Phase A: <br />Operations and <br />Preliminary Design <br />Assembly, <br />Closeout<br />and Technology <br />Design and <br />Concept Studies<br />Sustainment<br />&Technology <br />Integration, Test <br />Development<br />Fabrication<br />Completion<br />and Launch<br />Affected Phases of a Typical Mission’s Lifecycle<br />
    13. 13. Space Asset Protection Policy Decomposition (Comm/Info Segment)<br />Analysis –Space Asset Protection Policies and Requirements (Comm/Info Segment)<br />Information Systems and Network Security – Much like the other NASA institutional security disciplines the Agency’s IT Security organizations are focused on providing IT security for large NASA groups, i.e., Headquarters, Centers and Flight Facilities. What is really needed is a more tailored IT security focus on the projects that the Agency acquires and flies so as to counter Computer Network Attacks (CNA) and Exploitations (CNE) against these high-value space assets<br />
    14. 14. Foreign Knowledge of NASA Space Systems<br /><ul><li>Knowledge of U.S. space system functions, locations and physical characteristics, as well as the means to conduct counter-space operations are increasingly available on the international market.
    15. 15. Open Press Example: "While the Fort Belvoir site was the only downlink for the KH-11, additional sites were apparently in Hawaii and Europe"...“ In contrast, the signals from the LACROSSE/VEGA system are relayed via NASA's Tracking and Data Relay Satellites (TDRS), of which there are three in orbit. The signals are then transmitted to a ground station at White Sands, New Mexico.
    16. 16. Open Press Example: “The U.S. Navy is leading an initiative to exploit advanced new NASA and commercial environmental satellite imagery and data to aid time-critical strike planning-including weapons selection-for Afghanistan and potential other target areas in the Middle East, such as Iraq”.
    17. 17. Computer Network Exploitation - operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks
    18. 18. Open Press Example: Officials at APL discovered "penetration from an unwanted source" last year on its external Web site, prompting them to take the site offline. APL officials are trying to figure out exactly what information was accessed.</li></ul>Agency Approval<br />Project Formulation <br />Project Implementation <br />Phase E: <br />Phase B: <br />Phase D: System <br />Phase F: <br />Phase A: Concept <br />Phase C: Final <br />Pre<br />-<br />Phase A: <br />Operations and <br />Preliminary Design <br />Assembly, <br />Closeout<br />and Technology <br />Design and <br />Concept Studies<br />Sustainment<br />&Technology <br />Integration, Test <br />Development<br />Fabrication<br />Completion<br />and Launch<br />Affected Phases of a Typical Mission’s Lifecycle<br />
    19. 19. Electronic Attack<br /><ul><li>RF Jamming - Due to the low received signal strength of satellite transmissions they are prone to jamming (both uplink and downlink)
    20. 20. Open Press Example: Telstar-12 was successfully jammed while attempting to broadcast a Persian news TV program into Iran under the stewardship of the State Department. The U.S. was able to trace the jamming signal to Bejucal - the former Soviet signals intelligence base in Cuba. Despite protests from the State Department Cuba continued to allow the Iranian diplomatic presence in Cuba to jam Telstar-12 for weeks.
    21. 21. Open Press Example: Libya has waged a jamming war against the West in a successful effort to stop an opposition radio station and also blocked dozens of television and radio stations in Europe.
    22. 22. Command Link Intrusions - Only 3 NASA space systems provide protection for their command links, i.e., Space Station, Shuttle and the TDRSS
    23. 23. Civil Space Examples: Between November 2007 and October 2008 the Terra and Landsat-7 spacecraft experienced four command link intrusion attempts. These attempts all occurred in the Arctic region close to the Svalbard Archipelago. The source of the intruder was never attributed.</li></ul>Agency Approval<br />Project Formulation <br />Project Implementation <br />Phase E: <br />Phase B: <br />Phase D: System <br />Phase F: <br />Phase A: Concept <br />Phase C: Final <br />Pre<br />-<br />Phase A: <br />Operations and <br />Preliminary Design <br />Assembly, <br />Closeout<br />and Technology <br />Design and <br />Concept Studies<br />Sustainment<br />&Technology <br />Integration, Test <br />Development<br />Fabrication<br />Completion<br />and Launch<br />Affected Phases<br />
    24. 24. Computer Network Attack<br /><ul><li>Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. Electronic attack (EA) can be used against a computer, but it is not computer network attack (CNA). CNA relies on the data stream to execute the attack while EA relies on the electromagnetic spectrum.
    25. 25. Open Press Example: "The Tamil Tigers in Sri Lanka have been hacking the Intelsat that hangs over the Indian Ocean to transmit propaganda. Intelsat is trying very hard to figure out how they did it, and then keep them from doing it again”.
    26. 26. Open Press Example: “Members of a hacking group called the Masters of Downloading claim to have broken into a Pentagon network and stolen software that allows them to control a military satellite system. They threaten to sell the software to terrorists. The Pentagon denies that the software is classified or that it would allow the hackers to control their satellites, but later admits that a less-secure network containing "sensitive" information had been compromised”.
    27. 27. Open Press Example: One Federal Government agency warned, “One person with a computer, a modem, and a telephone line anywhere in the world can potentially…cause a power outage in an entire region.” At about the same time this statement was made, a computer hacker publicly announced that he would release a document outlining how to break into power company networks and shut down the power grids of 30 United States utility companies</li></ul>Agency Approval<br />Project Formulation <br />Project Implementation <br />Phase E: <br />Phase B: <br />Phase D: System <br />Phase F: <br />Phase A: Concept <br />Phase C: Final <br />Pre<br />-<br />Phase A: <br />Operations and <br />Preliminary Design <br />Assembly, <br />Closeout<br />and Technology <br />Design and <br />Concept Studies<br />Sustainment<br />&Technology <br />Integration, Test <br />Development<br />Fabrication<br />Completion<br />and Launch<br />Affected Phases of a Typical Mission’s Lifecycle<br />
    28. 28. Space Asset Protection Policy Decomposition (Space System)<br />Analysis –Space Asset Protection Policies and Requirements (Space System)<br />Protection of Space Systems – NASA does not have any policies or requirements that address the protection of space systems and their supporting infrastructures.<br />Assurance and Resilience – NASA does not have any policies or requirements that directly complies with the mission assurance guidance in the national space policy.<br />
    29. 29. Recommendations to Close Protection Gaps<br />Tailor the implementation of institutional security (physical, personnel, operational) functions to space mission criticality, guided by:<br />NPR 7120.5 - Projects are either Category 1, 2, or 3 and are assigned to a category based initially on:<br />The project life-cycle cost (LCC) estimate, the use of nuclear power sources, and whether or not the system being developed is for human space flight<br />Priority level, which is related to the importance of the activity to NASA, the extent of international participation (or joint effort with other government agencies), the degree of uncertainty surrounding the application of new or untested technologies, and spacecraft/ payload development risk classification<br />NPR 8705.4 - Classification levels define a hierarchy of risk combinations for NASA payloads by considering such factors as criticality to the Agency Strategic Plan, national significance, availability of alternative research opportunities, success criteria, magnitude of investment, etc.<br />Tailor the implementation of IT security functions guided by:<br />NPR 7150.2 - NASA-wide definitions for software classes are based on:<br />Usage of the software with or within a NASA system<br />Criticality of the system to NASA's major programs and projects<br />Extent to which humans depend upon the system<br />Developmental and operational complexity<br />Extent of the Agency's investment<br />
    30. 30. Recommendations to Close Protection Gaps (cont)<br />Increase NASA’s interaction with other US Govt Agencies and Departments to protect the our ground segment mission facilities<br />Greater collaboration between NASA and DHS to identify our mission’s critical nodes and single points-of-failure<br />It is DHS’ responsibility to protect the critical commercial infrastructures that support NASA facilities <br />Prioritize the allocation of law enforcement resources to protect the Agency’s highest priority sites when intelligence information indicates an elevated threat<br />Review and expand Agency guidance (policy/requirements) on the protection of communications links<br />Communications security (COMSEC) requirements are currently found in NPR 2810.1, Security of Information Technology<br />Wrong NPR for COMSEC requirements – there are significant differences between the COMSEC and IT security disciplines<br />COMSEC requirements currently found in NPR 2810.1 only address encryption as a means of protecting communication links and overlook other technical approaches<br />Be proactive in addressing the growing threats of electromagnetic interference and jamming<br />NASA’s existing policies and requirements may quickly become outdated by new technology, proliferation, criminal activity.<br />

    ×