As if CSOs didn’t have enough to worry about, what about the other ways more than four million hackers can affect businesses – and society at large – by attacking the spacecraft and infrastructure they develop, launch, and support?
That’s what a new study from the Ethics + Emerging Sciences Group at California Polytechnic State University suggests. Judging from that study, Outer Space Cyberattacks: Generating Novel Scenarios to Avoid Surprise, the information applies as much to Earth-focused CSOs as it does to rocket scientists.
If you’re wondering how attacks on space systems can cause problems on the ground, consider some of the most obvious scenarios: when GPS systems are disrupted, it disrupts transportation and the precise clocks used for network time. Communications rely heavily on satellites and other means, as does everything from weather forecasting to disaster detection, and hackers are already attacking those assets.
But, said lead researcher Patrick Lin in an email, “It’s important to be aware of the failure of logic, which can be dangerous for security systems. Criminals are already thinking very cleverly, and this project works structurally on the ‘dark art’ of anticipating those cyber threats – a method of madness. This helps defenders generate a full range of scenarios to avoid tunnel vision and stay ahead of potential attackers. “
The US National Science Foundation apparently agreed – it raised US $300,000 for a two-year project looking at outer space security – both its technical and policy dimensions – which resulted in a 95-page study that not only looked at the types of attacks, but who the perpetrators might be, and their motivations .
Risk anticipation matrix
The result is summarized in a matrix that includes the who, what, when, where, and why components of the attack to create scenarios for security personnel to think about and find a way to defend against. The ICARUS (Imagining Cyberattacks to Anticipate Risks Unique to Space) matrix, although focused in its current form on attacks involving outer space, can be easily adapted to suit more terrestrial threats and be used in CSOs anywhere in the table situations.
It consists of five columns: threat actors, motivations, cyberattack methods, victims/participants, and affected space forces. Users can combine entries in two or more columns to create one of over four million possible attack scenarios. The study highlights 42 of them.
For example, an insider may be motivated by financial gain or anger at being outdone in some way to compromise digital assets, destroy the life support system on the ISS (International Space Station) or provide confidential information to a hostile organization. Or, an organized crime group can plant damaging malware on a sensitive system and demand payment to disable the system.
Using the tool in business
Many potential threats also apply to businesses. Taking data for example, is dangerous whether said data is false input from sensors on a rocket or “evidence” of illegal cyber activity by a CEO. Hacked 3D printers can create malfunctioning parts for space stations or vehicles. Disinformation (anonymous attacks, anyone? Yes, people still fall for that) and gaslighting often allows perpetrators to avoid the consequences of their actions, as well as confusing the public and the media. And natural terrorists attack anything on Earth or in space that suits their agenda, sometimes with catastrophic results.
When creating a business matrix, research recommends diversity of opinion to avoid group bias and stereotypes. It notes, “Social scientists, as in science and technology studies (STS), provide useful tools to uncover and examine race, gender, disability, indigenous, and other issues related to technological systems. Psychologists and other behavioral scientists can provide insights into the social engineering aspects of situations. Philosophers can bring deep analytical and conceptual skills to help frame, expand, refine, organize, and press deeper into relevant issues. Science fiction writers and futurists are important in thinking about the unknown, often with more creativity than academics do. Also, engineers and technicians are the developers of the systems targeted for cyberattacks; therefore, they are very important in evaluating the attack framework and working towards a solution.”
Lin noted that the ICARUS matrix captures more factors affecting cyber attacks than other methods. “Unlike other cyber risk assessments, the ICARUS matrix also captures the diversity of threat actors, their motivations, their victims, and the spatial dynamics affected. This helps to establish the essential elements of the full situation – to answer the questions of who, what, where, when, why, and how,” he said, pointing out that these situations are “very important thought pumps” for threat researchers. And, he added, “Because it is important to understand the problem to solve it, the study also examines the drivers of cyberattacks in space.”
Many of these, the CSO will quickly identify, are the same drivers that motivate corporate and industrial attackers.
Source link