NASA’s future lunar base will be equipped with a novel microgrid
Source: Interesting Engineering
Published: May 12, 2022
NASA and Sandia National Laboratories are joining forces to build a microgrid for a future lunar base, according to a statement by the latter published on Wednesday. Called the Artemis lunar base, it will include a habitation unit (for up to four astronauts) and separate mining and fuel processing facilities. These facilities would be built far away from the base camp and would serve to produce rocket fuel, water, oxygen, and other materials needed for extended exploration of the lunar surface while decreasing supply needs from Earth.
Attribution of Russia’s Malicious Cyber Activity Against Ukraine
PRESS STATEMENT
https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/
ANTONY J. BLINKEN, SECRETARY OF STATE
MAY 10, 2022
The United States is joining with allies and partners to condemn Russia’s destructive cyber activities against Ukraine. In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyber attacks to delete data from computers belonging to government and private entities – all part of the Russian playbook. For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks. These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war.
Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries. The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.
As nations committed to upholding the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to defend against Russia’s irresponsible actions. The U.S. Government has developed new mechanisms to help Ukraine identify cyber threats and recover from cyber incidents. We have also enhanced our support for Ukraine’s digital connectivity, including by providing satellite phones and data terminals to Ukrainian government officials, essential service providers, and critical infrastructure operators. We praise Ukraine’s efforts—both in and outside of government—to defend against and recover from such activity, even as its country is under physical attack.
More information on the U.S. government’s efforts to support cybersecurity and connectivity in Ukraine is available here.
Viasat to Begin Integration of Long-delayed Link 16 Military Communications Satellite
Viasat to begin integration of long-delayed Link 16 military communications satellite
Source: Space News
Published: April 21, 2022
Viasat is rushing to complete the integration of a small communications satellite for the U.S. military that is years behind schedule due to supply chain delays. The satellite is designed to serve as a data relay in space for the network of Link 16 tactical radios used by the U.S. military and allies. The Air Force Research Laboratory awarded Viasat a $10 million contract in 2019 to integrate a cubesat with a Link 16 communications terminal. The original target launch date was in 2020.
NIST Official: Revised Cybersecurity Supply Chain Guidance Imminent
NIST Official: Revised Cybersecurity Supply-Chain Guidance Imminent
Source: Nextgov
Published: April 27, 2022
The National Institute of Standards and Technology is about to publish guidance for securing enterprises against supply chain hacks following the SolarWinds event and other major third-party attacks targeting critical infrastructure. “The flagship cybersecurity supply chain risk management guidance is [Special Publication 800-161],” NIST’s Angela Smith said. “We’re going to actually be releasing the first major revision—revision one—by the end of next week, so everybody should be on the lookout for that if you’ve not already had a chance to review some of the public drafts that have come out.”
Representatives Malinowski and Garbarino Introduce Bipartisan Bill to Protect Space Systems and Critical Infrastructure from Cyberattacks
April 28, 2022
See Press Release
Representatives Tom Malinowski (D-NJ) and Andrew Garbarino (R-NY) introduced legislation to protect space systems, especially those that support critical infrastructure, from cyberattacks that threaten American national security and economic prosperity. The bipartisan Satellite Cybersecurity Act requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a set of standards and recommendations that the commercial satellite industry can use to protect its networks. The bill also requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellite industry, and to identify vulnerabilities that might place critical infrastructure at risk. Full text of the legislation can be found here.
Senators Gary Peters (D-MI) and John Cornyn (R-TX) are leading companion legislation, which recently advanced through the Senate Homeland Security and Government Affairs Committee. Their companion bill, S. 3511, the “Satellite Cybersecurity Act” introduced on January 13, 2022, would require a report on Federal support to the cybersecurity of commercial satellite systems, and for other purposes, to include the development of commercial satellite system cybersecurity recommendations for (G) Management of supply chain risks that affect cybersecurity of commercial satellite systems.
“The Satellite Cybersecurity Act will enable CISA to fulfill its duty as the Sector Risk Management Agency for the Communications Sector and work with private sector owners and operators to mitigate threats to U.S., Ukraine, and other international satellite communication networks.”
NASA Hosts April Supply Chain Integrity Month Conference
April 26, 2022
NASA Headquarters
On 26 April, NASA hosted the annual Supply Chain Integrity Month Conference at NASA Headquarters, bringing government and industry together on challenges and opportunities in the changing supply chain environment. NASA’s CIO presented welcoming remarks, and experts across the interagency discussed topics including public private partnerships, EO 14028 and EO 14017 requirements, securing the software supply chain, software bill of materials, the identification of forthcoming recommendations and requirements resulting from the work performed under the EOs, a Proactive Supplier Engagement Process (PSEP), and global impacts of the disruption in Ukraine.
Podcast: Untangling the Supply Chain, Episode 1: How to Create a Global Supply Chain – and Keep it From Falling Apart
Source: Space and Satellite Professionals International (SSPI)
Listen to the Podcast here
When Airbus OneWeb Satellites began mass production of the OneWeb satellite constellation, it had to develop and manage a global supply chain that could operate at unprecedented speed to make possible the manufacturing of two satellites per day. In this first episode of the Untangling the Supply Chain podcast series, Airbus OneWeb Satellites Chief Supply Chain Officer John Meikle joins SSPI’s Robert Bell to explore how that chain was linked together and kept running – and how it copes with the major disruptions of 2020.
U.S. Chamber of Commerce Announces Cyber, Space, and National Security Policy Division
U.S. Chamber of Commerce Announces Cyber, Space, and National Security Policy Division
Source: HSToday
Published: April 30, 2022
The United States Chamber of Commerce has announced a new Cyber, Space, and National Security Policy Division under the continued leadership of Senior Vice President Christopher D. Roberti. Formerly the Cyber, Intelligence, and Supply Chain Security Division, the new division now includes the Chamber’s Defense and Aerospace Council (DAC) and will provide enhanced advocacy in cybersecurity, intelligence, supply chain security, space and aerospace, and procurement, acquisition, and innovation. Roberti is responsible for managing the Chamber’s relationships with key U.S. Government interlocutors across the national security, intelligence community, and law enforcement sectors.
CISA Official Renews Call for SBOMs to Help Software, Supply Chain Security
Source: CISA Official Renews Call for SBOMs to Help Software, Supply Chain Security – MeriTalk
Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today.
Allan Friedman, a senior advisor and strategist for CISA, explained that software packages typically include an extensive number of third-party components, and that Federal agencies must actively watch and manage each one to preserve security and functionality.
“To that end, it’s critical for the Federal government to move towards frequent utilization of an SBOM to keep track of these components. This machine-readable list comprises the various dependencies and elements of a piece of software,” Friedman said at a virtual event hosted by GovExec.
An SBOM also constitutes a formal record containing the details and supply chain relationships of various components used in building the software.
The drive for SBOMs has gained steam since May 2021, when the Biden administration released an executive order emphasizing SBOMs as a way of boosting the nation’s cybersecurity. Since then, the National Telecommunications and Information Administration (NTIA) has sought comment on what to include in SBOMs, and CISA leadership has called for SBOMs to aid in system visibility and inventory management following disclosure of the Log4J vulnerability earlier this year.
Friedman said today that SBOM implementation in the Federal space remains new and emerging. And while there is no reason organizations cannot use SBOM today, “we cannot assume universal full automation and integration,” he said.
Moving forward, Friedman listed three main goals in the government’s broader SBOM initiative:
- Make SBOM generation an expectation in the marketplace;
- Make SBOM generation easier and cheaper, at scale; and
- Enable efficient and effective SBOM data consumption.
Additionally, Friedman explained that CISA will advance the SBOM work by facilitating community engagement, development, and progress, with a focus on scaling and operationalization, as well as tools, new technologies, and new use cases. He also explained that “continued industry leadership is needed to guide SBOM investment, standards, and policy.”
Friedman acknowledged that transparency will not solve all security problems, but “without transparency, it will be very hard to solve any security problems.”
Overview of KA-SAT Network Cyber Attack via the Cyber Supply Chain
Viasat is providing an overview and incident report on the cyber-attack against the KA-SAT network, which occurred on 24 February 2022, and resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service.
This incident was localized to a single consumer-oriented partition of the KA-SAT network that is operated on Viasat’s behalf by a Eutelsat subsidiary, Skylogic, under a transition agreement Viasat signed with Eutelsat following Viasat’s purchase of Euro Broadband Infrastructure Sàrl (“EBI”), the wholesale broadband services business created as part of Viasat’s former partnering arrangement with Eutelsat. The residential broadband modems affected use the “Tooway” service brand. This cyber-attack did not impact Viasat’s directly managed mobility or government users on the KA-SAT satellite. Similarly, the cyber-attack did not affect users on other Viasat networks worldwide.
For more, visit KA-SAT Network cyber attack overview | Viasat