The Department of the Air Force, along with the security research community, publicly announced the 2021 winners of its second annual Hack-A-Sat 2 space security challenge final event December 12.
Brig. Gen. John M. Olson, call sign “Sprocket,” is the mobilization assistant to the chief of space operations for the Space Force and gave keynote remarks during the December 11 event kickoff show that introduced the contest, teams and technology.
“Space is absolutely vital to both our economic and our national security,” Olson said. “In fact, space touches almost every facet of our life. If we look at communications and weather, position, navigation and timing, data, imagery, and economics, space is absolutely critical to every part of our modern way of life and all of humanity.”
Olson added, “Because of this vital capacity and the critical impact that it plays, our space assets are being challenged, contested, engaged, and attacked almost every single day. The solution to these systems challenges is really all about people. We absolutely have to have the right people; so, this is an international event because we’re always better when we bring the richness and diversity of the whole world to bear on these challenging problems.”
Eight teams competed in the 24-hour virtual competition, December 11-12, which involves open and collaborative hacking in a simulated space environment. The Hack-A-Sat events are designed to inspire the world’s top cybersecurity talent to develop the skills necessary to help reduce vulnerabilities and build more secure space systems. In addition to cash prizes for the top-three scoring teams, all eight finalist teams receive a commemorative flat-sat prize trophy for their participation in the final event. Seven of the eight teams were the top finishers in a 30-hour virtual qualification round held June 26-27, 2021 that drew in more than 1,000 teams made up of nearly 3,000 competitors from more than 75 countries.
The qualification round consisted of 24 total challenges in five categories focusing on different skill sets, including satellite operations, reverse engineering and radio frequency communications. To confirm qualification, teams were also required to submit a technical paper within three weeks of the conclusion of the qualification event. This is also a requirement for the final event in order for teams to receive their prizes.
The top seven qualifying teams joined last year’s Hack-A-Sat 1 winner in this year’s final event for an attack/defend-style Capture the Flag of a virtualized ground station, a communications subsystem, physical satellite hardware called a flat-sat and digital twin software to simulate and test commands.
Teams were charged with simultaneously operating and defending their own vulnerable system while attacking opponents’ identical systems to score. A number of exploitable vulnerabilities exist in the systems, and teams must patch or otherwise mitigate their own vulnerabilities to protect from exploitation attacks, while keeping the system functioning normally.
Col. Rhet Turnbull, director, Cross Mission Ground and Communication Enterprise, Space Systems Command, said space is critical to the world, and having the opportunity to provide a safe environment for cyber and space security communities to come together is very important to the future of space.
“I’d like to personally congratulate the winning teams and to thank all those who participated in the trials and the final event,” said Turnbull. “The world relies on space capabilities every single day and the talent and expertise these teams brought to this competition will help make space safer for everyone by helping our satellite and ground system developers build more secure and resilient systems. Thanks also to our partners including the Air Force Research Laboratory and DEF CON – we could not have executed a successful Hack-a-Sat event without their partnership.”
Viewers tuning in to the competition could also watch featured interviews with NASA Deputy Administrator Pam Melroy and DEF CON Founder Jeff Moss and a panel discussion each day around lunchtime. Panelists included leaders from Space Systems Command, NASA, SpaceWERX, Air Force Research Laboratory, Air Force Academy and the commercial space sector discussing topics of “Cybersecurity Threats in an Emerging New Space Environment” and “Realizing Space Commercialization: Who’s Got the Chops?”, respectively. Concluding day one and opening day two, recaps provided viewers with details of the competition up to that point, such as which team led in scoring and the challenges they had solved.
Closing the event, Capt. Aaron Bolen, integrated section chief of the Advanced Technology Branch at Space Systems Command, spoke about what’s in the future for Hack-A-Sat as well as the importance of building an alliance among security researchers, industry and government for more secure space systems. He introduced what is called Project Moonlighter, an actual satellite and cyber sandbox in space.
“How do we ensure that the designs and builds we’ve been working on are actually effective? What does space cyber test and that capability even look like? These are all things we’re trying to get after with Project Moonlighter. It will bring a level of realism never before experienced in space cyber Capture the Flag events.”
Bolen specified that Moonlighter is going to be the first platform in space for a CTF. Competitors will not only have to win through the physics of on-orbit satellites but also have to work through limited ground contacts just as space operators do on a daily basis. Moonlighter will not only be used for CTFs but also for training, academic work and real use on a daily basis throughout the year.
“Moonlighter is going to be the culmination of multiple years of work through the Hack-A-Sat campaign, a true first of its kind on-orbit hackable satellite. It’s a really cool pathfinder, and we are super excited to bring this capability to bear – meaning bringing it on orbit in 2023.”