The Air Force wants you to hack its satellite in orbit. Yes, really

When the Air Force asked hackers to break into a F-15 fighter jet at last year’s DEF CON security conference, the results were both eye-opening and eye-watering.

It was the first time hackers were allowed to work on the system to look for bugs. In just two days, a team of seven hackers found a ton of vulnerabilities, which if exploited in the real world could have crippled a critical aircraft data system, causing untold and potentially catastrophic damage.

It was also proof that the Air Force desperately needed help.

“I left that event thinking there is a huge national asset in this level of cyber expertise that we are lacking in full in our Air Force,” said Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics, in a call. As the acquisitions chief, all of the satellites that the Air Force builds fall under his purview. But the Air Force historically held the security of its systems and technology in absolute secrecy, fearing espionage or sabotage by the enemy. Roper said this was like being “stuck in Cold War business practices.”

“But in today’s world that’s not the best security posture. Just because you’re not telling the world about your vulnerabilities doesn’t mean you’re secure to go to war,” he said.

Riding the waves of last year’s success, Roper planned to bring in security researchers again at this year’s DEF CON in Las Vegas — this time hack into a real orbiting satellite, hovering miles above the earth’s surface.

Space was once only for the brave and the well-funded. For decades, only a handful of governments had the resources to blast a satellite into space. But as private businesses fire tons of their own technology into orbit, space is more crowded than ever. Now, space isn’t just a level playing field for private enterprise, it’s also a potential future battleground for adversaries.

“Our plan was to use a satellite that had a camera and to see if the team would be able to turn the camera to face the moon.”
Will Roper, Air Force acquisition chief

Miles above the earth, satellites may seem far from harm’s way, but Roper said the risks they face are real.

“I could launch a direct ascent anti-satellite weapon that will go hit a satellite and disable it,” he said. “I could use directed energy weapons to try to blind a satellite or destroy components that allow it to collect critical information from the earth. I could jam satellite links so that you can’t communicate whatever information needs to be relayed to other important decision makers.”

And it’s not just the satellites in orbit. The ground stations and the communication links between the earth and the skies could be as vulnerable as the satellites themselves, Roper said.

“We don’t know the ghosts that are in our systems that come from the supply chain and the companies that assemble those and the fighters and satellites don’t either, because they don’t know to ask for them,” he said. The goal isn’t to just fix the existing bugs but also to shore up its supply chain to prevent introducing new bugs.

“We absolutely need help,” said Roper.

Working with the Defense Digital Service, which its director Brett Goldstein refers to as a “SWAT team of nerds that operates in the Pentagon,” they came up with Hack-a-Sat, a space security program that invites hackers and security researchers in to find the same bugs and flaws that the enemy wants to exploit.

It’s a massive shift from building closed and locked down systems that the Air Force is accustomed to. By switching to semi-open systems, it can open up its satellite technology to the wider community, while reserving the most classified technology to its in-house highly vetted experts and engineers.

Surprisingly, Goldstein, who reports directly to the Secretary of Defense, said convincing the folks upstairs to allow a bunch of hackers to take on a working military satellite wasn’t as difficult as it might sound. “There was enormous support for doing it and enormous support to partner with the Air Force on it,” he said. Roper agreed: “Isn’t it better to know about it prior to conflict than to naively keep our head in the sand and take that vulnerability into war at the risk of the operators who will have to use it?”

Roper and Goldstein say they want the cream of the crop to take on the satellite. In order to find the best hackers, the Air Force today launched its qualification round for the next month. The Air Force will let researchers hack a “flat-sat,” essentially a test satellite kit, which will help to weed out the right technical chops and skills needed to hack the orbiting satellite at DEF CON.

Those who qualify for the next and final round get to take on the satellite as it orbits the earth.

“Our plan was to use a satellite that had a camera and to see if the team would be able to turn the camera to face the moon,” said Roper. “It would be a literal moonshot.”

What comes out at the other end is anybody’s guess. Both Roper and Goldstein said they want to be able to reveal the hackers’ eventual findings. But given that any findings may contain real-world security bugs of a working satellite, the Air Force may need to hold onto the key details to avoid a mid-orbit catastrophe.

At the time of writing, Black Hat and DEF CON, the two largest security conferences that run back-to-back in Las Vegas every August, say it’s business as usual. But as the coronavirus pandemic continues with no end date in sight, the Air Force team is planning for a range of contingencies. Roper and Goldstein said they are determined to plow ahead, with an eye on virtualizing the event.

Whether or not the event is held on stage or remotely from people’s homes, the duo say the show will go on. The beauty of hacking is that often it can be done from anywhere with an internet connection.

As much as they hope that the hackers succeed in hacking the satellite, Roper said the event was as much about finding and fixing vulnerabilities as it was about “shocking our system” so that the Air Force changes how it thinks about security.

“I suspect there will be a generation of airmen and space professionals that will think about working with the hacker community differently, so when they’re designing a satellite they’re not thinking,” said Roper. “If that generation comes to be, we will be in a much better cyber posture in the future to the better readiness of our forces.”