An official website of the United States government
Outer Space Cyberattacks: Generating Novel Scenarios to Avoid Surprise
Though general awareness around it may be low, space cyberattacks are an increasingly urgent problem given the vital role that space systems play in the modern world. Open-source or public discussions about it typically revolve around only a couple generic scenarios, namely satellite hacking and signals jamming or spoofing. But there are so many more possibilities. The report offers a scenario-prompt generator—a taxonomy of sorts, called the ICARUS matrix—that can create more than 4 million unique scenario-prompts. We will offer a starting set of 42 scenarios, briefly describing each one, to begin priming the imagination-pump so that many more researchers can bring their diverse expertise and perspectives to bear on the problem. A failure to imagine novel scenarios is a major risk in being taken by surprise and severely harmed by threat actors who are constantly devising new ways, inventive and resourceful ways, to breach the digital systems that control our wired world. To stay vigilant, defenders likewise need to be imaginative to keep up in this adversarial dance between hunter and prey in cybersecurity. More than offering novel scenarios, we will also explore the drivers of the space cybersecurity problem, which include at least seven factors we have identified. For instance, the shared threat of space debris would seem to push rational states and actors to avoid kinetic conflicts in orbit, which weighs in favor of cyberoperations as the dominant form of space conflicts. Outer space is the next frontier for cybersecurity. To guard against space cyberattacks, we need to understand and anticipate them, and imagination is at the very heart of both cybersecurity and frontiers.
more »
« less
- Award ID(s):
- 2208458
- PAR ID:
- 10594270
- Publisher / Repository:
- Cal Poly, Ethics + Emerging Sciences Group
- Date Published:
- Subject(s) / Keyword(s):
- outer space cybersecurity security law ethics policy scenarios simulation tabletop exercise
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
null (Ed.)There is an increasing need to fly unmanned aerial vehicles (UAVs) to enable a wide variety of beneficial applications such as emergency/disaster response, observation and study of weather phenomena including severe storms. However, UAVs are subject to cybersecurity threats stemming from increasing reliance on computer and communication technologies. There is a need to foster a robust workforce with integrated UAV and cybersecurity competencies. In addition to technique challenges, current UAV cybersecurity education also faces two significant non-technical challenges: first, there are federal or state rules and regulations on UAV flights; second, the number of designated UAV test sites is limited. A three years NSF SaTC funded project in 2020 will specifically address these challenges. We propose to develop a laboratory platform for UAV cybersecurity education. To be specific, our platform integrates software simulation with hardware-in-the-loop (HIL) simulation to simulate different UAV scenarios, on the top of which cybersecurity components are developed for hands-on practicing. We use a firmware for UAV system development, Pixhawk with related open-source software packages, as the basic simulation framework. On the top of the simulation environment, a series of hands-on exercise modules will be developed to cover UAV cybersecurity issues. Motivated by different types of cybersecurity threats to UAVs, we will adopt the scenario based design and set up several categories of exercise modules including common threats in UAV and additional modules for newly identified threats with corresponding actors, goals, actions, and events. In such a manner offense and defense tasks can be further developed. The proposed platform has the potential to be adopted by universities with limited resources to UAV cybersecurity. It will help educate future workforce with integrated UAV and cybersecurity competencies, towards secure and trustworthy cyberspace around UAVs.more » « less
-
Create and Host Cyber Competition Using the Preliminary Persistent Cyber Training Environment (PCTE)null (Ed.)As the world becomes more interconnected and our lives increasingly depend on the cyber world, the increasing threat of cyberattacks and cybercrimes make it critical for us to provide better and practical training of the cybersecurity workforce. In recent years, cybersecurity competition has become one of the most effective and attractive way for educating and training college students or professionals. In this paper, we first systematically introduce in details the step-by-step procedure and technical knowledge on how we take use of the ongoing DoD cyber-range environment called Persistent Cyber Training Environment (PCTE) to set up cyber competition virtualization environment, configure and install operating systems and popular services with various well-representative vulnerabilities, and set up the participant’s access and scoring system. Then we introduce the cybersecurity competition successfully organized by us in I/ITSEC 2019 conference, and the experience and lessons learned from this real-world competition event. The technical details and knowledge presented in this paper could help other researchers and educators to set up their own cyber competition environment or event to better train the future cybersecurity workforce.more » « less
-
Lecture-based teaching paired with laboratory-based exercises is most commonly used in cybersecurity instruction. However, it focuses more on theories and models but fails to provide learners with practical problem-solving skills and opportunities to explore real-world cybersecurity challenges. Problem-based Learning (PBL) has been identified as an efficient pedagogy for many disciplines, especially engineering education. It provides learners with real-world complex problem scenarios, which encourages learners to collaborate with classmates, ask questions and develop a deeper understanding of the concepts while solving real-world cybersecurity problems. This paper describes the application of the PBL methodology to enhance professional training-based cybersecurity education. The authors developed an online laboratory environment to apply PBL with Knowledge-Graph (KG) based guidance for hands-on labs in cybersecurity training.Learners are provided access to a virtual lab environment with knowledge graph guidance to simulated real-life cybersecurity scenarios. Thus, they are forced to think independently and apply their knowledge to create cyber-attacks and defend approaches to solve problems provided to them in each lab. Our experimental study shows that learners tend to gain more enhanced learning outcomes by leveraging PBL with knowledge graph guidance, become more aware of cybersecurity and relevant concepts, and also express interest in keep learning of cybersecurity using our system.more » « less
-
As technology keeps overgrowing, Internet surfing becomes more popular. As a consequence, users tend to use it for social media, shopping, banking, or any other online services in which they need to put their personal information. These online activities attract malicious computer users to apply cyberattack techniques to steal other user's data. The users become attack victims due to limited understanding of cyberattacks and safety practices. In this paper, we propose a framework development for interactive and engaging cybersecurity education. With the help of the framework, the users will be able to learn different types of cyberattacks and defenses along with the safe cybersecurity practices. We also discuss the current state of the framework and conclude the paper with a discussion on limitations and future work.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Workshop Report:
- The DOI is not currently available.
