Cyber Threats Beyond Earth: Securing In-Space Manufacturing

Our global society is heavily dependent on space-based technologies. Most of us are aware that space positioning, weather and communications systems are critical to our transportation activities. I’m writing this article on a plane that is using GPS to route my flight safely around severe weather patterns that have been identified by satellites. If I finish this article inflight, I’ll upload it for publication at Forbes via a geosynchronous communications satellite.

Still, many people would be surprised to learn that modern factories also depend on satellites. Manufacturing automation systems synchronize the operations of multiple robots on their production lines using the timing signals provided by GPS satellites. In fact, GPS is really a collection of 24 (plus spares) orbiting atomic clocks, each continually broadcasting time data. Your Uber is guided by tiny differences in the time signal emanating from four or more satellites, induced by the signal delay to your relative position. Knowing the speed-of-light (299,792,458 m/s) your phone calculates the distances and locates you position with simple trigonometry … simple for a smartphone anyway.

Modern automated manufacturing lines are not only exquisitely timed, they are also highly interconnected, remotely programable, monitored, and controlled. Consequently, the cyber domain is an increasingly important threat-space for manufacturers. Computer design stations and servers are obvious targets for hackers but any compromised digitalized manufacturing system may yield valuable proprietary data. Even files from printers programmable machine tools can reveal much about the products they are producing. The loss of this information may compromise the intellectual property of the manufacturer and their clients.

In the aerospace domain many of the products being produced are classified or fall into the broader category of Controlled Unclassified Information (CUI) and are actively sought by foreign adversaries. Securing industrial robots, waterjet cutters and 3D printers from state-sponsored cyber-intruders is a challenging task for factory IT departments. Securing the programming and parts files for these systems during their transmission is an equally important task that often gets overlooked.

The vulnerability is real. More than a decade ago a Windows computer virus, known as Stuxnet, was engineered to detect computers connected to Siemens S7 programmable logic control systems, a common manufacturing machine controller. If the controller appeared to be operating a uranium enrichment centrifuge, files were transferred and the operations of that manufacturing process went subtly askew. Stuxnet significantly interrupted Iran’s production of nuclear material. While Stuxnet is broadly assumed to have been the product of a joint US-Israeli governmental effort, we should assume our adversaries are actively using similar cyberweapons.

Heading back to space, let us consider the cybersecurity implications for manufacturing robots on-orbit. Yes, space-based factories are a real, emerging domain. The microgravity environment allows for the production of products we cannot make on Earth. These include amazingly perfect crystals, unique and super-pure materials, revolutionary medications, and even bio-printed organs. Some of these products, such as ultra-high-performance fiberoptic cable, deliver enough value that making them in space – even at today’s relatively high flight costs – promises a very healthy profit.

NASA recognizes space manufacturing as an important technology that can benefit the agency’s own missions. It is also a critical business sector, along with space tourism, in the near-term development of a space economy. I recently lead the review of business models for the Johnson Space Center’s In-space Production Applications (InSPA) program. Under InSPA, NASA awarded eight manufacturing teams the opportunity to fly their manufacturing project to space. NASA and the ISS National Laboratory will provide these manufacturing startups with the rack space and astronaut time required for their test runs. The awardees will also receive the downmass transportation required to return their manufactured products to Earth. The objective is to give US firms a foothold in space as we await the commercialization of Low Earth Orbit (LEO).

Several companies are planning to deploy commercial orbital space stations within the next few years. Their revenue models often depend upon the emergence of viable space manufacturing. As you might imagine, astronaut time is expensive. NASA quotes up to $700,000 per hour. Although commercial operations will lower that by a LOT, automating space manufacturing systems is a requirement, not an option.

The ultimate application for off-planet manufacturing is providing self-sufficiency for in-space facilities. When parts and tools break on a space station, it is far more efficient to print replacements on-site. This reduces costs, eliminates huge transportation delays, and increases resiliency. Failed parts can be recycled into new 3D printer filaments and reprinted, further reducing dependency on Earth for raw materials. The Redwire Regolith project has taken promising steps towards this by producing 3D printed structures with regolith, inorganic “dirt” from the lunar or Martian surface. Relativity Space, whose 3D printed Terran rocket is preparing for launch at Cape Canaveral, plans someday to print entire rockets on the Moon on Mars, using locally sourced materials. A major strength of automated in-space manufacturing is the ability to transmit designs and updates from Earth rather than materials. This is also a serious cybersecurity concern.

Secure transfers of these files and other communications are critical as space systems have been proven targets for cyber-attacks. An hour before it invaded Ukraine, Russia launched a space cyber-attack on Viasat’s KA-SAT network, disconnecting users in Ukraine and elsewhere in Europe. The exponential proliferation of small satellites currently being launched into orbit will offer new attack surfaces to enemy states and non-state actors alike.

Last year, I had the honor to serve as the external examiner for the DPhil viva (PhD dissertation) of James Pavur, a Rhodes Scholar studying computer science at Oxford. Dr. Pavur’s work on space cybersecurity revealed that space communication technologies are remarkably vulnerable to interception. Satellite communications protocols prioritize squeezing the best performance out of low bandwidth connections and are plagued by latency, delays induced by radio signals traversing space-sized distances, even at the speed of light. These factors can render traditional security technologies, like VPN’s, impractical and a lot of space comms are just unencrypted. Dr. Pavur and others have shown that it is even possible to insert new data into communications streams for potentially nefarious reasons. Such an attack could damage the product or the manufacturing system itself. It might even potentially sabotage a space vehicle or habitat and place spacefarers in harms way. Given the interdependency of modern systems, damage inflicted into any space asset would have a ripple effect, potentially generating heavy financial losses for firms and individuals completely unaware of their reliance on vulnerable space-based systems.

Solutions are emerging. In my role as a visiting professor in the Institute for Security Science and Technology (ISST) at Imperial College London, I encountered a UK-based startup addressing this problem. DEFEND3D has developed a Secure Streaming Transfer Protocol that enables a secure digital resupply of part data to remote locations without the necessity of file transfer, eliminating the security risk associated with transmitting the full 2D or 3D asset. This is accomplished by using a continuous, dynamic stream to a wide variety of manufacturing devices with bandwidths as low as 3kbps. This enabling technology could provide the underpinnings of secure remote manufacturing in extra-terrestrial settings, and will allow for rapid design prototyping, iteration, and testing on ISS, future commercial stations, and the lunar surface.

The future of in-space manufacturing is incredibly bright, but vigilance is called for. We must build cybersecurity into in-space manufacturing from the start, before a we suffer a “bad day,” not in reaction to one.