Dive into a new conversation on Redefining CyberSecurity Podcast, where host Sean Martin, alongside Erin Miller from Space-ISAC and guest Marco Ciappelli, unravel the complexities of space security and its pivotal role in our global ecosystem. Discover how the fusion of private-public partnerships, international collaboration, and cutting-edge initiatives are paving the way for a safer space frontier and beyond.
Guests:
Erin Miller, Executive Director, Space ISAC [@SpaceISAC]
On LinkedIn | https://www.linkedin.com/in/erinmarlenemiller/
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In this episode of the Redefining CyberSecurity Podcast, host Sean Martin takes a journey into the fascinating realm of space security with Erin Miller, the executive director of the Space-ISAC, alongside Marco Ciappelli, a fervent space enthusiast who also helms the Redefining Society Podcast. They navigate the multifaceted landscape of space information sharing and analysis centers (ISACs), emphasizing the critical role these entities play in bolstering our global security posture against vulnerabilities, incidents, and threats within the space industry.
Erin Miller sheds light on key milestones and initiatives propelling the Space-ISAC forward, including its inception at the behest of the U.S. White House in 2019, to address the unprotected attack surfaces of the burgeoning commercial space sector. The episode illuminates the importance of private-public partnerships and international collaboration, highlighting engagements with space agencies worldwide to enhance threat intelligence sharing.
The conversation traverses the importance of making threat intelligence actionable and accessible, eschewing spreadsheets for alerts that are immediate and practical. Further, the dialogue touches on the upcoming phase two of the Space ISAC's operational watch center, poised to expand its threat scenario coverage. The episode punctuates with Erin Miller extending an invitation to Sean Martin and Marco Ciappelli to visit the Space-ISAC watch center in Colorado Springs, foregrounding the ongoing endeavors and successes in the domain of space security.
Listeners are invited to explore this episode's rich discussions, not only as a beacon of knowledge on space security but also as a conduit for understanding the synergies between cybersecurity, space exploration, and societal impacts.
Key Topics Covered
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Space ISAC: https://spaceisac.org/
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Navigating the Final Frontier: The Global Effort to Protect Space Infrastructure with Space-ISAC | A Conversation with Erin Miller and Marco Ciappelli | Redefining CyberSecurity with Sean Martin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] And hello everybody. You're very welcome to a new episode of Redefining Cybersecurity. I'm your host, Sean Martin. And, uh, I get to talk about all kinds of cool things, security related, for the business. Uh, and of course, the business ends up touching all of us in some way. Uh, financial services, healthcare, you name it.
Uh, space is another one that, uh, uh, Has a tremendous impact on how we live our lives. Many people probably don't even realize it, that they guide us and inform us and tell us whether or not we need an umbrella today or tomorrow and all kinds of fun things. Um, and then there's, of course, there's the, the extra exciting idea of space exploration and seeing what else is out there for us.
Um, And so as part of my show, I like to look at how to operationalize security. There's a whole ecosystem around space exploration and space [00:01:00] technology and all that. And I've been doing a series on the ISACs, which are Information Security, uh, uh, geez. I guess Aaron will probably help me, the sharing analysis centers.
There we go. You got it. There we go. I got ISACs. And I was like, I want to talk about the space ISAC and see what's going on there. I think a lot of folks know what ISACs are in general, but the space one seems really cool. So I'm thrilled to have Aaron on. Aaron Miller, executive director from the space ISAC.
Thanks for joining.
Erin Miller: Yeah. Thanks, John, for having me. Really pleased to be here.
Sean Martin: Yeah. It's going to be fun. You know, you're not, you're Oh, go ahead.
Erin Miller: Oh, you're not the only one who, uh, doesn't know what ISAC stands for, even though they've been around for 25 years.
Sean Martin: There's the whole ISAL as well, which if we really want to confuse people, loads of acronyms.
Um, but I'm, I'm also thrilled that, uh, Marco's joining me today, a huge space fan and, uh, his show, uh, Redefining [00:02:00] Society, as you might guess. Talks about, uh, society and the impact technology has there. So I, I've asked him to join me. I think it's gonna be a really fun conversation. Um, before we get into it though, a few words from you, Erin, I think folks would love to hear some of the things you've been up to and your journey into the role as the ED at, uh, space ISAC.
Erin Miller: Sure. Happy to share. Um, my background is mostly in public private partnership, just like what The space ISAC is, uh, we bring together the global space community, but leading up to it, I was working in, uh, rapid commercialization of technology, working very closely with a lot of different small businesses that wanted to make their capabilities into a dual use function and support warfighter needs.
So I helped to stand up the Catalyst Campus, which, uh, its first location is in Colorado Springs. Supporting the war fighter here, uh, us space force and us space command are located in Colorado Springs. So we have, uh, a lot of small [00:03:00] businesses that are continuously flocking to the area to learn about their needs.
Uh, so I spent a few years doing that. And before I did that, I was working in federal technology transfer. So looking at what our federal labs produce in the way of intellectual property and patents and other technology that could be licensed out to the commercial sector. I've learned a lot about how the government works and some of the bureaucratic nature of how we bring together the public and private sector and how to break down some of those barriers.
So I feel like I got to bring that to the space ISAC about four and a half years ago when we launched it.
Sean Martin: Wow, you should get a medal for figuring out how government works. I mean, that in and of itself. And breaking through barriers, another one I think, uh, is worthwhile. Uh, so I'm sure Marco will jump here in a second, but I'd like to kind of set the stage with maybe an overview of what the ISAC is, [00:04:00] what, what's its main objective.
I've done other episodes, so people can like AI ISAC I just had on a few weeks ago. So people can listen to different aspects of the ISACs and what they, Try to accomplish. But if you can just for this episode, maybe a brief overview, what, what the role of the ISAC is and when, and maybe then when the space ISAC was established.
Erin Miller: The space ISAC's mission is to facilitate collaboration across the global space industry to Share vulnerabilities, incidents and threats and raise our global security posture. So we view our mission to include that. We are the primary communications channel for the space sector with respect to that type of information, threatened vulnerability information.
We. Uh, bring together the public and private sector by, um, having a number of convening sessions where we talk about different threats and vulnerabilities to space systems, but also maturing the sector overall, [00:05:00] uh, there's, uh, an increasingly obvious need that we don't necessarily bring together our security operations centers and our space operations centers in our, Commercial space companies to monitor the threat in a collaborative fashion.
So, uh, we're working with a lot of our member companies through our watch center to share with them information that they, where we share with our SOC and we share with our space operations center and it's all threats, all hazards. So security related issues. Um, sometimes includes actually, uh, RF interference, for example.
And we don't always think of that as a security related issue that are, that a security operations center would be concerned about. So, we have a very broad scope, uh, addressing needs of the business system, the mission itself, and the supply chain. The reason why we exist, though, is because in about 2019 or so, then the federal government, the U.
S. [00:06:00] White House, actually came forward and said, We have a very strong, uh, Economy related to the space industry, and we see that a burgeoning commercial space sector is forming and they have clearly an attack surface that is not addressed by the federal government. Our U. S. government does not control the protection of commercial space systems.
And so we need to look at this as a critical infrastructure that should be sharing threat and vulnerability information the same way. And I. Uh, any other would, you know, financial services or energy or, um, oil and natural gas or it so, but specific for space systems. So, we formed the space Isaac at their request about 2019.
Uh, we stood up on stage, uh, the white house, national space council, national security council represented as well as NASA and others. And, uh, some of the 1st industry members that formed the board of directors. And that's when it all began and we've done [00:07:00] a lot in four and a half years. I'm excited to tell you about it.
Marco Ciappelli: Well, uh, Sean, first of all, thank you for having me on, uh, last minute notice, but when you mentioned space, I'm in, um, and, uh, yeah, yeah, I'm interested in all of these because, uh, looking at things from the societal perspective, a lot of things I can kind of like a, kind of joke, it trickles down and in this case, it trickles down from space all over the places.
And what you mentioned there. In terms of, you know, who has the responsibility to to secure space, it seems to me that there are no borders in space, and there is a lot of interaction between different agency, space agency around the world. Uh, how does Isaac collaborate with with that? With those actually, not just one thing.
Erin Miller: Yeah, from the outset, our goal has been to bring the [00:08:00] public and private sector together. So we take that very seriously. It is a public private partnership, and we have 50 different government agencies that have space as part of their mission, just in the United States. And then when you include all the international space agencies and the ministries of defense and other international partners, we're looking at easily 100.
Public sector entities that collaborate with the space Isaac. So recently we started on, uh, an endeavor to, uh, start engaging the international community. It actually was about two years ago that we entered into a partnership with the JAXA, the Japanese aerospace agency, and then METI, METI, excuse me, M E T I is their ministry of economics and commerce, so they work closely with a lot of different companies that are moving into the space industry.
And as. Uh, we've worked with them. They were one of the first international partners. We actually do bi directional threat sharing, so they're connected to our watch center. It's an operational [00:09:00] partnership, and, uh, we, in addition to them, you know, we're working with, uh, probably 15 to 20 U. S. government agencies on a daily basis.
And internationally, the list is quite long as well. We're talking with and looking to form partnerships with the UK Space Agency, the French Space Agency, uh, looking to form a partnership with the Australian Space Agency and a number of others.
Sean Martin: Yeah. And I'm looking at the, um, the, the brochure that the team sent over and it looks at three areas of focus, supply chain, business systems, and, and missions. And. I mean, each one of those is very, very different, right? So I presume at the core of it are the systems that get built, right? Some from government, some from commercial, and then those all come together in bigger systems, hence the supply chain, and then they get used, which is the mission.
That's my simple view of all of it. Um, how do [00:10:00] you view that in terms of membership participation, which is collecting data, right, of threats from each other and then disseminating and sharing that information back out. How did those three kind of play together?
Erin Miller: You're absolutely right, Sean. We have members that represent across a defense.
Uh, the IC, as well as commercial and international, and all those companies interact in the space industry in a little bit of a different way. Uh, defense contractors, of course, are building systems for the, for the government, and they have their, uh, sort of their own separate identity from commercial and international, and they are treated differently.
They're entirely commercially owned systems. That, uh, right now we're in a paradigm where our, uh, governments across the world are trying to figure out if they should continue to build it as many exquisite systems, or if they should be just procuring commercial [00:11:00] capabilities. And that's really the whole premise of why the space I sex stood up is because there's so many more investments that are being that are happening in the private sector that we don't need to spend as much taxpayer money on, um, exquisite systems.
And it's really a decision point that has to be made, you know, should we be, uh, really relying on commercial, but we also see commercial making its own choices to, uh, generate revenue off of consumer demand. And so investments in the future related to exploration of the moon and tourism and other things are well underway.
And this increases the attack surface from a space perspective. So we have a lot of conversations that take place around what is the definition of a space system? What is the, what is the scope? I mean, we have so many cross sector implications of the use of space systems that sometimes it gets really unwieldy to think of, you know, direct to device [00:12:00] technology now means that every single person on the face of the earth is connected to a space system, not just for G.
N. S. S. or GPS, but for the purpose of communications. Transcribed So now we have that bi directional capability taking place up and down into space into our phones and into our other devices. And we are part of the attack surface, which, uh, then extends to all the other critical infrastructures as well.
The, uh, we know that solar weather impacts our electric grid. And that's a fun fact. But in reality, then, solar weather actually affects a lot more than just our electric grid. It affects all of our LEO constellations. So any dependencies that we create on those LEO constellations, we can't predict and anticipate or even control space weather.
So there's a lot of dynamics at play that are, that fit within the construct of an ISAC. All threats, all hazards is our scope. And [00:13:00] we are concerned about all those hazards.
Sean Martin: Now, generally, folks are familiar with ISACs, and I might make a statement here that's uncomfortable, and I apologize for that. But a lot of them, a lot of folks who know and work with ISACs feel that the information they get It's kind of after the fact many times and not as fast as they'd like, and it's obvious reasons why that that can be the case.
But what I found when I was going through the materials on the space, I said, there's so much more information well to the left of a an active threat or an active attack, um, to help all these entities you just described. Think better about how they build these systems. Think better about how they collaborate with each other to build resilience into them.
So I'm not, can you talk about maybe first what [00:14:00] some of the information is shared from a threat perspective? And then all the other stuff do you do before, before the actual sharing of threat data? That, that kind of helps us shore things up before it becomes a problem in the first place. Mm hmm.
Erin Miller: Yeah, I'm glad you pointed that out because when we set out to build the space ISAC, the priorities were very clear.
We must have an operational watch center and we should be operating left of the threat and right of the attack. And we should also be looking at vulnerabilities and disclosing those through our vulnerability lab. So we have both of those things operating today. Uh, we only opened the watch center last year.
And at the same time, our vulnerability lab opened in its pilot phase. So there's still much work that needs to be done. But as far as the phase one of the watch center, we opened the capability with initial operational capability around four threat scenarios is what we call them. [00:15:00] And they're driven by our member companies.
So we have two companies that really stepped forward right away and said, we can tell you exactly what we can share with you today with our data feeds. We have Kratos, their network operation center and Microsoft, the Microsoft threat intelligence center that stepped up to the plate and we have. Uh, cyber threat intel enrichment that takes place as well as information that's shared on a continuous basis about nation state actor activity affecting the space industry and then a purposeful RF interference.
So, any type of, uh, interference that's affecting the link between ground and space, that's affecting geo. On our operators, then we will be able to issue alerts out about that as well as purposeful maneuvers or maneuvers that are out of the normal pattern of life that look like, um, maybe they weren't really on on plan according to the normal behavior of that satellite.
And so maybe they're [00:16:00] cuddling up to another satellite. We would be able to issue an alert about that too. As soon as it comes across our. plates. So the way that we do those four threat scenarios, those very specific alerts go out based on data feeds that come into the watch center from our member companies.
But we opened the watch center with the ability to grow. So we have cells that are in place. We have a coordination cell, we have an all source cell, terrestrial cell. Signal cell and space cell. And since we define those threat scenarios, we've added more people to the watch center. So we have analysts that come from our U.
S. Government partners, and we have analysts that come in from the private sector, and they've come alongside us to create what we call collective defense. So when all of the members work together, And the community works together, the public and private sector, then we're able to consider an attack against one in an attack against all so we can correlate information across the different cells so you could see how those [00:17:00] different threat scenarios would interplay with one another and we can bring in different data sets and different feeds from these different partners.
So our threat Intel platform, we onboard all of our members into that platform. We do something called watch center Intel onboarding. And that's one of the ways that we create collective defense by requiring members to get involved. And by require, I mean that loosely, you know, it's to their, in their best interest to do this.
And so we put them through an intentional process so that they can use the membership and get, you know, something that they might consider. Um, a purchase for 100, 000 of a threat feed, they wouldn't even have to consider that if they're actually using the benefits of the Space Isaac.
And our membership doesn't cost 100, 000. It's a lot cheaper than that. It's very affordable.
Marco Ciappelli: So as you were going there, and I'm thinking like what, what space exploration and used to be, you know, from race to [00:18:00] space, I'm a big fan of all the Apollo program and so forth. And I've been lucky enough to talk with a Of astronauts that have been out there, but it seems like it was a lot more under control because it was just like filter throughout the military, the government.
And so the moment that I see this can being open and everybody can join in, which is great from a financial perspective for development, innovation and all of that. I feel like what you guys are doing is getting bigger. Pretty much every day. And that's why my first question at the beginning was, okay, this is great.
This is what we guys we do in the United States. But how do we coordinate with everybody else? Now you're talking about this kind of like it's not a required membership. So I'm wondering. If any other country doesn't participate to these, once you're up in space, then, as you said, you put everybody at risk.
So, I don't know if it's political, if it's [00:19:00] organizational, if it's a fact that it's still very young and everybody's kind of like getting into it. But, what is the approach to this? And maybe your vision into, are we ever going to get to a point where there is an agreement because it's affecting everybody or it's just like planet earth where yeah we try but everybody doesn't want anyway
Erin Miller: Uh huh.
Um, well, I do have an answer to your question and it is that uh I don't, I don't think that we are going to have a regulatory regime that requires 100 percent threat Intel sharing. I think that you being cybersecurity professionals, I think you get where I'm coming from where sometimes it's up to the individual, the company to choose their risk management approach.
And so everyone's going to take a different approach, but what we have realized across the globe, and I can say this because I've talked to people [00:20:00] across the globe, is that the amount of space infrastructure that we're investing in as a globe, as a whole community is increasing. So. Maybe not exponentially over time, but dramatically increasing, and we're dramatically enhancing our individual and corporate risk associated with using space systems.
And it's up to governments to decide what the risk is to their people. And their citizens, and so each individual country or region across the world, they will have a different perspective on this and they'll take a different regulatory stance. I know that, um, it's, it's on people's radar though. They're paying attention and they're thinking through the decisions and trying to determine what needs to happen for their, uh, for their infrastructure, for their people, and then individual companies are having the same conversation.
And so the companies, they can join the Space ISAC, the governments, they can partner with us. [00:21:00] And, um, I could name for you. Almost every single spacefaring nation is having this conversation and most of them are talking to us about it. And so we will, we look forward to expanding the watch center. Actually, it's always been on the roadmap that eventually it would expand.
We run exercises internationally. Now, we just started last year and we will go back again this year to the conference in Paris. And, um, have many conversations with the folks that show up there that, uh, value and recognize the importance of space system cybersecurity from, uh, the European perspective.
We'll talk with ESA and USPA while we're there, as well as the companies that are present. We'll run our tabletop exercise this year, focused on CISLUNAR. It'll be quite interesting to see the evolution.
Sean Martin: And you touched on a lot of things I want to get to as well. But I'm [00:22:00] sorry for hanging on this, the satellites cuddling up to each other.
Stuck in my head. It doesn't have to be about that, but I'm wondering, can you Um, I'd like people to kind of visualize what happens here. So scenario, either there's something that's happened, I know in the IT security world, you call them exercises in IT security, they do tabletop exercises, right, where they think about what the attack might happen, and they play it out.
How well do we detect it, respond, recover, repair, all that stuff? How do we communicate? Can you paint a scenario for us of how the uh, Space ISAC helps. Those scenarios play out in a, in a more formal and hopefully sustainable fashion. So I don't know if there's a scenario happened that you know, you're preparing for in theory or [00:23:00] whatever.
Erin Miller: We did one somewhat modeled after the attack on Viasat, cause there's been so much public information shared about that. Um, most people know that it took place and they have some idea what occurred. Uh, we, uh, Uh, just modified it and we came up with notional companies and, uh, uh, it's very realistic though that you would have a space systems owner operator that has a distributed architecture.
So, uh, in this case, for this tabletop exercise, then we had a company that was US owned, and their ground stations were managed and owned by a 3rd, a different party that's international. And then they also had customers and their end user that was directly affected during the incident that occurred was a different region of the world, different nation state, um, where that company was headquartered.
So they have, we have three different sets of laws to deal with, maybe even [00:24:00] more depending on second and third order effects of the situation. But in this particular scenario, we were looking at the C suite and we wanted to figure out what happens, what are the dynamics and how do, uh, Lawyers really, um, help or hinder and sorry for any one of your listeners who's a lawyer who's not going to appreciate this.
But, um, there's a lot of dynamics where you have the Cisco and the legal counsel working together to inform the C suite on how we're going to move forward. How what information are we going to share? How public are we going to be about the incident? And, uh, Um, when is it required that we disclose to the government under the law?
Or when, how are we going to decide if we share with our ISAC or not? And when are we going to do that? And then also what frameworks and lexicon are we using to have the discussion about the attack that may have occurred on the space system? And how are we going to communicate with the end users about the incident and when?
So we, [00:25:00] We did work them through this very complex situation, and we had a lot of hard conversations and came to some realizations about where there are gaps still, and there are many gaps, we'll say, in the space systems, cybersecurity realm, because a lot of it is new. And, um, some of it really does come down to the definition of what is an attack against the space system and who is responsible for securing that system and, you know, when does the government get involved and when is it entirely up to the commercial sector to take ownership of their system?
Marco Ciappelli: So I have a quick question. So because we talked about this one time, we did a maritime episode and many time actually on other space conversation. We do the example and kind of like put a parallel between the sea exploration back in the days. And then when you are an open sea, that is the flag on the boat or what is the constitute [00:26:00] legislation or who is in charge of this particular situation when something happened?
And I don't know where you stand with space. I'm actually curious eventually to have some attorney space legal conversation. But when it comes to attribution or who take action, is it related to where the company is located, where the headquarter is located, where the satellite is pointing and connecting at that particular point in on the earth?
So what? I don't know. It's like my brain just goes a little sci fi here.
Erin Miller: You're not alone. Yeah. Good. Yes. Yeah. Yeah. I mean, since I don't work in a company, then I can't tell you the specifics of any specific company, but I can tell you about the situations, you know, that we've put through, um, exercises and some of the [00:27:00] conversation for us has come down to really.
The commercial sector taking ownership over protecting their systems is the number 1 priority and if they're able to do that, and they're able to get ahead of the. The threat because they have the awareness, then that's, that's really one of the best things that we can do at this point in time, because ultimately it's their business that they're responsible for and their infrastructure.
And if they have the awareness of the threat, and we're having the conversations, and we're not considering it all classified or restricted information, because it's. commercially derived, then we're going to be able to enhance and raise that security posture for the global space community. And there's a lot of anonymized threat intel that can be shared related to space.
It's just a matter of doing it. And so that's, that's really our day to day focus. It's not necessarily understanding the laws of every single country because it can be rather [00:28:00] complicated. Uh, but it's more about raising the security posture. And then. Each different vignette or scenario that we try to apply, then we will have to sort through the laws for that particular, particular situation.
Sean Martin: And I'd, I'd be remiss if I didn't give a shout out to our, our good friend, uh, I call him Spanky, Steve Luzinski, who, uh, who made the connection here for us, uh, aerospace village, uh, friend, we, and we're excited. We're going to have a good chat with him and the team for RSA conference coming up. Um, but it, it leads me to some of the things you do to actually bring folks together.
You have, you have an annual conference that you hold, I believe you do a bunch of things in this regard. So I don't know if you can kind of talk through some of those activities, um, and maybe, maybe touch on the role of the, the researcher in. In this whole scheme of things to protect space.
Erin Miller: Yeah. [00:29:00] I can tell you at the very beginning of space ISAC, when I first, I think changed my LinkedIn and publicized space ISAC, I immediately started getting contacted by security researchers.
And that was fantastic. I mean, going to DEF CON and being part of Aerospace Village and that community is, I think, one of the most important things that we can do. We find all the time, uh, publications online and, um, on the dark web and other places where people are talking about how to hack satellites.
So it's, it's very interesting to see all of the, um, infrastructure now being looked at as a part of a network, you know, because that's really what it is. I'm glad we're treating it like it is. And. So what we do to convene the community is we have these real practical conversations. We have our annual evaluative space summit where we invite practitioners and technicians.
It's not a BD conference, although you could use it as that if you wanted to. [00:30:00] Uh, and we have people who are cybersecurity professionals that don't know anything about space, who show up to learn about space and vice versa. People who are, have been sitting Space systems engineers their entire lives, and now they're getting exposed to the conversation about the adversary and how we really design security into these systems and think about it from that lens.
So, uh, this year, this event will take place in September. Uh, we're very excited. It will continue to be at the University of Colorado, Colorado Springs on their campus. It's beautiful. You can see the mountains in Colorado Springs right across from our headquarters in Colorado Springs where our watch center is.
So we invite people to check that out. Uh, we have, uh, A full day dual track worth of content and senior folks that come from the Washington, D. C. area and the hill to come talk about what they're doing to secure space systems from a policy perspective and even education [00:31:00] and awareness. And then also those, uh, those technical practitioners.
But outside of that, throughout the entire year, we have 20 collaborative groups that we facilitate, and that's where we see a lot of those very in depth discussions, and they, of course, show up at Valley of Space Summit as well, but Aerospace Corporation is our co host for Valley of Space Summit, and Um, member companies, they participate in these collaborative groups where we address things like space policy.
Directive 5 came out in 2020. so it's a few years old now, but we're yet to see implementation of SPD 5. and so our task force put together some recommendations. And we opened a dialogue with the government, which they're very open to discussing where do we go from here with space system cyber security.
And we also have a blockchain and zero trust group. We have an artificial intelligence machine learning applications to space systems group. Uh, we are working towards a quantum [00:32:00] focused community of interest, and there's a number of others. Our very fervent group is the supply chain and risk management.
working group. As you can imagine, the supply chain in space systems is one of the reasons why we have the vulnerability lab, and it's a high priority for us.
Sean Martin: Only a few exposure points in there, I think. So I know Marco has a part of the ecosystem he wants to ask about. And then I have, uh, the aliens, where do they fit into this?
Erin Miller: You had to bring up the aliens? Are they part of the critical infrastructure?
Sean Martin: I'm just wondering. Are they, are they the bad actors here or the ones protecting us? I don't know. I'm joking. Of course. Marco, what did you want to know?
Marco Ciappelli: Well, I wanted to know that too, like, what are we gonna do with with the aliens?
No, the future. But I mean, usually, that's my last question, especially on my podcast, but I always feel [00:33:00] like, okay, what what comes next? You can already outline all those membership groups and, and all the things that you do around. So I know is an open An open territory that we're all discovering together and see how it works out.
Um, you know, I, I had a few episode about, uh, space medicine, for example, when, when we go on long mission, who is going to be in charge, what we don't have. Resources are going to be robotics and do we need state license? How are they going to be applied in space? I feel like I I don't invite your well, I invite your job because it's really cool and I don't invite it because it's so Kind of random still which may make it pretty cool So unless you have something specific that you want to announce for what it's coming next apart from event and what you're focusing on Um, i'm very happy about this conversation and being able to be part of it So up to you if you [00:34:00] want to add on that
Erin Miller: Yeah, there is some, there's big stuff happening.
I mean, we, I think we're really at a, an inflection point and a turning point for the space industry and the partnerships with government and seeing people really coming together and investing in the security of space infrastructure. And 1 of the signals that this is happening. Uh, to me is that we have owner operators that are directly engaging and asking if we can really normalize what it means to share threat and vulnerability information between public and private sector and, um, allow for this to be a regular ongoing thing that we do.
And it's part of their just baseline expectation about how they manage the threats. And the risk to their systems and when companies and CEOs come to us and they say that they, um, view it from this lens, then that tells me that we've really reached this maturation point where we recognize that this [00:35:00] is part of being in the space industry is that we are.
Um, we have infrastructure that is vulnerable, just like every other critical infrastructure, and we're going to manage that, and we're going to do it in an effective, but yet aggressive, proactive way, because we know that, um, we're very susceptible to attacks, just like every other critical infrastructure, and people depend on these systems.
So it's no longer just, Oh, you know, there's 16 critical infrastructures and space is in one of them. It's now space actually underpins every single one of them. And we take that seriously. And, uh, there's not a person that I don't, that I speak with that doesn't recognize the importance of our dependency on these systems now.
Sean Martin: So, Erin, I, uh, it's not going to be a long limit, but I'll take that. Take a leap on the limb to say more members is always good, right? Strengthen numbers that certainly beefs up the the watch center [00:36:00] and makes that a healthier system. What else do you need? What else do you need? I see a ton of resources there.
Do you need more people to absorb them? Do you need more resources? Do you need what? What do you need to make this be successful on an ongoing basis and grow and achieve the things you're you're thinking for the future?
Erin Miller: I do think overall that the space industry would be benefited from all critical infrastructures, uh, determining and ISACs and cybersecurity professionals like your listeners and yourselves really, uh, lowering the barriers to what it takes to share, uh, threat intelligence because we don't make it easy enough on ourselves.
We need to make it much easier. This should be something that You know, every single person, maybe I'll just, a basic example. They get their security [00:37:00] plus as a result of getting their security plus, they know how to share threat intelligence with an ISAC. Should be a key deliverable because we're really not, uh, empowering ourselves to do the best that we can to protect our systems in a collective manner if we don't do that.
Sean Martin: I love it. And can I ask a technical question? Um, so I've, you mentioned framers earlier and I think, and I've stuck them ahead. Somebody said, sometimes we just get. The intelligence back in the form of a spreadsheet, which isn't very digestible. Um, how do you address that? How do you, how do you disseminate the information to use a standard like sticks or something that, that helps these?
Erin Miller: Yeah, we don't use spreadsheets. That's for sure. We use alerts. Yeah. All the threat scenarios that we have in the phase one, and we didn't really talk too much about phase two, but that's coming, uh, phase two of the watch center. All of these threat scenarios, there's going to be [00:38:00] about 10 of them. By the time we get with done with phase two, it's alerts that come out of our watch center.
And it's consumable information that's actionable. And, uh, we do use sticks as well. So we're working on bridging, uh, space layer type information into sticks. That's a high priority item for us. But overall, we're not, uh, we're not really into sharing information that's not actionable. And we highly value, like all ISACs, feedback from our members.
Sean Martin: Perfect. Thank you for that. I know, uh, some of the folks that I've been speaking to lately will appreciate that. So, uh, super cool. I don't know anything else, Marco. I mean, I want to go on a journey, but, uh,
Marco Ciappelli: I know it's going to be hard for you to ask another question because you need to do that, but it's your show.
I'm glad that I've been part of this. And, uh, yeah, I have. More question and gave me a lot of ideas on, um, on episode that I could do to [00:39:00] connect this with, uh, society politics and, uh, international collaboration. So we were really cool. Maybe to connect for for other things in the future. But now it's up to you.
Ask the last question, Sean,
Sean Martin: I'm going to make a couple of statements. I'm going to first. Thank you, Aaron, for taking this time and thank you for all that you do. Uh, for the ISAC and, um, I'll also say I encourage everybody to, we're going to include a bunch of links to the resources that your team shared, uh, so they can follow up and learn more about the, uh, the programs and the just countless resources that I think people will benefit from reading.
And uh, I'd welcome you back for phase two. When you're ready to talk a little more about that, happy to share and then perhaps maybe come visit Colorado Springs for the for the conference or the summit, I should say in September, and maybe grab some stories from folks there. Some success stories of what's happening [00:40:00] there.
The space Isaac. So thank you again. Aaron, um, any final thoughts from you before we wrap?
Erin Miller: Yeah, thank you, Sean. And we would welcome you to the Space ISAC. Please, Sean and Marco, come visit us in Colorado Springs at our watch center. And we can share with you all the success stories. Uh, especially during phase two, you're going to see a lot that I think will blow your mind.
And we can talk about the moon and Mars in phase two as well.
Sean Martin: Nice one. I'm in. All right. That's a deal. That's a deal. All right, Aaron. Well, thank you so much. Thanks, everybody, for listening and watching. Thanks, Marco, for being part of this conversation. Please do share, subscribe, and comment. I mean, this is an interesting, fun topic, so hopefully people have thoughts on it.
Thanks, everybody. We'll catch you on the next episode.