Air Force extends anti-leak tool to space system

By Aliya Sternstein

October 17, 2012

The Air Force has connected part of its satellite communications system to a defensewide security tool that blocks classified data leaks, Pentagon officials said.

The feat is exceptional because the service’s Military Satellite Communications Systems team made headway on protections that the Defense Department as a whole has struggled to activate, and did so in an environment with more technical constraints.

The non-profit International Information Systems Security Certification Consortium, (ISC)2, on Tuesday awarded Steven Martin, an Air Force information assurance manager, with its U.S. Government Information Security Leadership Award for leading the effort. In only two months, his team of about five specialists linked a space mission network with the Host Based Security System, which, among other things, monitors removable data devices such as CDs and thumb drives.

The Pentagon is rolling out the security tool across the military’s Secret network in response to the 2009 uploading of thousands of confidential files to anti-secrets website WikiLeaks.

Martin’s group demonstrated that the technology, a McAfee product, can operate in a low-bandwidth environment and display the threat level of space system components -- all on one screen -- at the land-based Satellite Operations Center.

Space missions systems are closed networks, unconnected to the Internet, but still vulnerable to data corruption and unauthorized data transfers. For instance, an outsider could insert a CD with malicious code or download sensitive information onto a CD.

“We’re isolated, but we still get attacked,” Martin told Nextgov. “It could be an insider. You don’t know where the path of the attack can come from.”

At most military agencies, a central server pushes out security software to each network component at the same time. But disrupting machines associated with satellites, for system maintenance, was not an option.

Martin’s team had to work around the users’ schedules to avoid cutting off connectivity during critical operations.

Typically, “the standard configuration pushes updates systemwide on a schedule that can affect the 100 percent availability requirement for a space mission system,” he said.

So the specialists programmed the security tool to load software updates at different times for each system component, rather than simultaneously networkwide.

“You can’t interrupt the warfighter,” Martin said. “We support the guys in uniform and the gals no matter where they go.”

Personnel first installed the technology on a ground network used to communicate information about abnormal satellite activity, assess sensor performance and transmit spacecraft-tracking data. Within the next 18 months, the plan is to cover the networks supporting satellite operators and users.

The NATO force that fights Afghan insurgents is installing a similar anti-leak tool on its Secret network that, unlike the Pentagon system, also can detect unsanctioned data transfers through email, blogs and other network activity.

Space systems are frequently targeted by intruders. NASA reported 5,408 computer security incidents in 2010 and 2011 during which outsiders either installed malicious software or accessed systems. Some of the breaches may have been coordinated by foreign spies, according to the agency’s inspector general.

Separately, a foreign adversary may have meddled with U.S. satellites in recent years, federal officials revealed in fall 2011. Two unusual incidents involving signals targeting a U.S. Geological Survey satellite in 2007 and 2008 were referred to the Defense Department for investigation, USGS officials said. NASA also experienced two "suspicious events" with a Terra observational satellite in 2008, according to the agency. An annual report from the U.S.-China Economic and Security Review Commission characterized the events as successful interferences that may be linked to the Chinese government.

By Aliya Sternstein

October 17, 2012