Satellite operations face evolving threats and obstacles
Satellite security problems change constantly, but contracts don't, officials say.
Satellite operations face numerous threats and obstacles, beginning with the early processes in contracting to protecting security after launching, and many of the dangers facing satellite operations are continuously evolving, according to industry officials.
Speaking at the Satellite 2012 conference in Washington on March 12, members of a panel outlined some of their major hurdles and how they are dealing with them to provide uninterrupted services to the U.S. government and other users.
“The problem of satellite security is a multi-faceted effort…there are a number of different levels to the threat and potential problems, and what can be done about it for security and protecting the links,” said Tim Shroyer, chief technology officer at General Dynamics SATCOM Technologies.
Some problems begin with contracting practices that haven't caught up to the speed of modern-day operations, according to Andy Beegan, senior vice president and chief technology officer at Inmarsat Government-US.
“It’s a real challenge because a lot of the satellite contracts are firm fixed-price contracts, and you have this evolving security requirement, which at least changes monthly, sometimes weekly, sometimes daily. This has been changing the contracting paradigm to make security more of a focus,” Beegan said. “Sometimes those contracts could be five years with option years, and you have no idea what the security threats are going to be in the coming years but the terms of the contract remain the same.”
Another problem lies in determining what kind of security to apply to the specific threats an organization faces.
“You can’t spend everything you have managing every risk – you have to make a decision. There are so many threats out there…if there is a risk to your mission, you have to determine the vulnerabilities and the impact,” said Reginald Lewis, director of Defense Department services at SecureInfo. “For a low impact, you spend less money mitigating the risk. If the impact is high, that’s where your priority should be.”
Lewis recommended establishing basic framework for risk management; he said the National Institute for Standards and Technology’s 800-37 document is a good place to start.
“Information security is a very dynamic process, and it has to be effectively and proactively managed. You have to identify new vulnerabilities, recognize evolving threats and consistently apply mitigation factors to those threats as the environment changes. Every week there’s a different vulnerability out there,” Lewis said.
NEXT STORY: Defense companies may be OK after spending cuts