The Air Force Research Laboratory’s Information Directorate in Rome, N.Y., is one of several U.S. Department of the Air Force and Department of Defense entities that are changing the way they approach building secure and resilient space systems by inviting the global security research community to hone their space domain hacking skills in an open and collaborative environment.
On Aug. 7-9, 2020, the Department of the Air Force and DOD’s Defense Digital Service will premiere the Space Security Challenge 2020, a mixture of virtual workshops and prize challenges related to securing space systems, including a live Capture-The-Flag style satellite hacking competition dubbed “Hack-A-Sat.”
“We are excited about this year’s Hack-a-Sat Challenge at DEF CON Safe Mode,” said Dr. Will Roper, the Air Force and Space Force acquisition chief. “Space is an increasingly important contributor to global economies and security. Letting experts hack an orbiting satellite will teach us how to build more secure systems in the future.”
Both departments are working in close coordination with DEF CON’s Aerospace Village to virtually showcase the team’s mission: build a diverse community committed to promoting and developing aerospace cybersecurity expertise and knowledge through positive collaboration.
The virtual workshops are intended to support and generate burgeoning interest across the aerospace security domain, while the CTF competition will challenge some of the world’s most skilled hacking teams to test their skills at hacking a government satellite system.
Over 2,000 teams made up of over 6,000 individuals earned points based on their accuracy and speed solving binary challenges during the jeopardy-style CTF Qualification Event in late May. Eight of the most talented teams have been invited to the Hack-A-Sat final event where they will be challenged to reverse engineer and operate satellite systems in order to earn “flags,” or binary codes. Additionally, there are several aerospace cyber security virtualized workshops and educational opportunities aimed to improve the security, safety and resilience of space systems through virtual “hands-on” learning. By enabling this type of collaboration, DDS and the Department of the Air Force intend to learn from the community and change how space systems are acquired, secured and integrated.
Spectators and researchers looking to immersive themselves in the Hack-A-Sat contest and learn more about the challenges of cybersecurity in space are invited to visit hackasat.com to access the 3D Hackers’ Den experience. A 3D Satellite Ops Center will broadcast live programming throughout the three-day event including a keynote show titled “Between Two Nerds” where DDS Director, Mr. Brett Goldstein, and Dr. Roper will talk candidly about why securing this domain is imperative to maintain life as we know it. A live broadcast agenda can be found at hackasat.com.
Whether it’s learning to attempt to send messages to a mock aircraft or mimicking the types of commands used to hack a mock satellite, workshop participants will learn about aviation and aerospace through play. Visit dds.mil/defcon/ to learn more about Bricks in the Air, the 4 bay avionics workshop designed with the LEGO® Bricks’ Technic series, CPX SimpleSat and DDSat-1, the satellite hacking workshop, and Nyan-Sat, the ground station hacking workshop developed in partnership with Red Balloon Security. On Aug 6, 2020, the vibrant, web-based virtual reality environment goes live at dds-virtual.com. In order to play, participants only need a Twitch account. Not required — a verified email address or special VR equipment. The first 500 to complete one of the Bricks in the Air, CPX SimpleSat or DDSat-1 challenges will receive a free Bricks in the Air t-shirt.
The CTF competition and virtual workshops are meant to be educational and revelatory; the DoD does not condone hacking for malicious gain. In bringing together two often-perceived at-odds communities—the DoD and hackers—the department aims to tackle the unforeseen security risks in aerospace systems, attract security research talent and influence a more resilient design and development process for future assets.