Space Force contracts for new ‘zero-trust’ data protection – DNyuz

Space Force contracts for new ‘zero-trust’ data protection

The U.S. Space Force, looking to up its security posture against cyber threats, has awarded a $17 million contract to cybersecurity company Xage Security, the company announced Wednesday.

The award shows a growing awareness that data in transit from Earth to ground stations is increasingly vulnerable to hacking, but also that some new popular enterprise cloud architectures don’t entirely fix the problem, the company’s CEO told Defense One.

The Russian attack on the Viasat satellite constellation in February of 2022, which knocked out communications across Ukraine on the eve of Russia’s renewed invasion, is “precisely the type of attack we’ll be defending against,” Geoffrey Mattson, CEO of Xage Security, told Defense One. The attack didn’t target the satellites themselves, but the ground modems that pass the data. As entities like the Space Force rely more and more on combinations of different satellite and communications companies, the notion of securing them one at a time won’t keep up with the threat.

“The more we distribute our [data] across multiple commercial systems as well as, you know, federal systems, the more redundancy there is built in. Mattson explained that, “on the one hand, you could have distributed attack vectors…As this distribution is done, it’s important to have uniform protection throughout the system.”

Big providers of cloud services such as Microsoft or AWS claim that the switch to enterprise architectures fixes these security holes because an administrator can see the whole network at the level of the hypervisor. But Mattson say’s that’s not entirely true, especially in environments where older equipment is running out-of-date operating systems in the same network as newer ones. Fortune 500 firms don’t face this problem because they upgrade all their hardware at once. However, it is a major issue for companies like space and infrastructure companies who use equipment that cannot be upgraded.

“Public cloud in and of itself is the wild west side right now. Because there’s just, there’s so many ways to, you know, attack public cloud installations,” he said.

Xage offers an identity-based cyber security mesh to protect data. That mesh includes software solutions to continuously check whether every person on the network is who they say that they are (sometimes referred to as a “zero-trust” security model).

The company’s software also examines not just the identities of the users on the network, but also their behavior, and works as a checkpoint to limit access so users can’t access things they aren’t supposed to see.

“We look at the patterns that you need, communication that you need in your facility, we lock it down, right, and once we make sure that there is no unnecessary path for lateral movement in that system,” he said.

That’s useful not only for infrastructure security but also increasingly for intelligence environments where the United States has to share some data with foreign partners such as Ukraine. (The company said they can’t comment on specific security they may or may not provide to the Ukraine support mission. )

But the company also has actual security hardware, a ruggedized box that can attach to pieces of equipment that can’t easily be upgraded through software. He said that in an hour you can have full control of who has access to your equipment.

The post Space Force contracts for new ‘zero-trust’ data protection appeared first on Defense One.