Space Runs on Open Source Software. The US Air Force Is Fine With That
Commercial space players don’t have the same security concerns as the Pentagon, but that doesn’t mean they can’t share code.
Open source software has a mixed reputation for security, yet it drives commercial space enterprises such as SpaceX and Starlink—and increasingly, U.S. military space efforts. But Lauren Barrett Knausenberger, the Air Force’s chief information officer, says her service has taken steps to keep key data safe.
Proponents of open source software, as opposed to proprietary software, say that because anyone can inspect or change the source code, bugs and vulnerabilities are more easily found and fixed. But some can linger for years. As cybersecurity expert Bruce Schneier has pointed out, “Open source means that the code is available for security evaluation, not that it necessarily has been evaluated by anyone. This is an important distinction.”
Knausenberger, who spoke on Monday at a space forum as part of the America’s Future series, acknowledged common concerns about open code. But, she said, “If you're paying attention to how many people are touching that code and who is touching that code, you're mitigating that risk significantly.”
She pointed to a January memo from Defense Department CIO John Sherman encouraging wider use of open source software so long as it's done safely. One of those safety measures is the use of software containers, which basically allow users to run code that’s been “contained” away from the operating system. The Defense Department’s Platform One uses a container service called Iron Bank to serve as a repository where open source software can be stored and inspected before deployment.
The Defense Department is eager to piggyback on the innovation coming out of the commercial space sector in the form of cheaper launches and more rapid construction of satellites. But the Pentagon remains unwilling to tolerate as much security risk as private companies do, said Erin Miller, the executive director of the Space Information Sharing and Analysis Center, or ISAC. “To me, that's one of the biggest challenges and it's actually what the White House saw when they announced the need for Space ISAC.”
She said that the Center supports various communities of interest to look at security issues that will affect the future of commercial space, such as how adversaries might use AI to attack space systems and vulnerabilities that might exist in small satellites.