The Complex

The White House responds to the "Stop CISPA" petition

Just in case there was any question, the White House says that the now dead-in-the-water Cyber Intelligence Sharing and Protection Act, CISPA, does not do enough to protect privacy rights.

"Even though a bill [CISPA] went on to pass the House of Representatives and includes some important improvements over previous versions, this legislation still doesn't adequately address our fundamental concerns," Todd Park, the U.S. chief technology officer, and Michael Daniel, the White House's cybersecurity coordinator, said today in the Obama administration's official reaction to a petition on whitehouse.gov titled, Stop CISPA.

The White House threatened to veto CISPA earlier this month. However, that action is likely unnecessary after Senate staffers indicated that their chamber will not take up CISPA following the House's passage of the bill last week. (The Senate is in the early stages of crafting its own cyber-information-sharing bill, Senate intelligence committee chair, Dianne Feinstein told Killer Apps recently.)

Still, the White House, Senate, and House all want legislation that, at a minimum, allows businesses to quickly share information on cyberthreats with each other and the government, as Killer Apps reported last week.  

To meet the approval of the White House and the Democrat-controlled Senate, any such bill would probably have to protect civil liberties by mandating that personally identifiable information be scrubbed from any data shared by companies, requiring that data be shared with a civilian government agency like the Department of Homeland Security instead of going straight to a military organization, and providing limited protections from lawsuits for companies that violate antitrust laws when sharing cyberthreat information.

Wikimedia Commons

National Security

The Air Force wants to protect its spacecraft from cyberattack

We've been inundated with information about the threat that foreign cyber attacks pose to U.S. power systems, banks, and transportation infrastructure for years now. Now, the Air Force's research arm is turning its attention toward protecting space systems from cyberwar.

The military relies on its massive fleet of spacecraft -- from satellites to secret space planes like the X-37B shown above -- to do everything from providing precision navigation and targeting to passing secure communications from stealth bombers to their bases as they fly over hostile territory. It's such a critical asset that Air Force officials, worried about enemies like China or Russia taking out U.S. satellites with anti-satellite missiles, that the service occasionally practices operating for "a day without space," in order to get used to the notion that it may not be able to rely on its orbital infrastructure.

Anyone who has been paying attention to cyberwarfare knows that it would be far cheaper to disrupt or take down U.S. space assets via cyber attack than it would be to develop and launch a missile.

Just imagine if an enemy were able to scramble secure satellite communications or manipulate GPS coordinates, thus sending U.S. troops to the wrong locations.

The Air Force Research Laboratory (AFRL) has kicked off a new program looking at technology that would protect spacecraft from these kinds of cyber attacks.

(The Ohio-based lab is the Air Force's far-out research lab, responsible for developing insect-sized UAVs, stealthy, special ops transport jets, and air-breathing engines capable of propelling aircraft at speeds up to Mach 6.)

"AFRL seeks to gain understanding of the state of industry research pertaining to protecting both ground- and space-based assets that provide space services, ranging from the space parts supply chain to the conduct of integrated space operations," reads this RFI that was updated last week.

In English, that means that the Air Force wants to protect from cyber attacks the networks of every firm that has a hand in building spacecraft or space control systems, and of course the actual spacecraft once they are aloft.

Here are some highlights of the specific cyber-defense technology the lab is interested in:

  • Novel techniques, technologies, and systems to enable spacecraft mission assurance in a contested cyber environment.
  • Analytic tools to help understand space systems' current vulnerabilities to cyber attack and how to design future systems to resist cyber- attack.
  • Technologies that will allow survivable spacecraft missions under adverse cyber stress.
  • Technologies for effectively allowing space systems to distinguish among anomalies caused by system failures, enemy actions, and environmental effects.
  • Survivable command, control and communications, autonomous self-healing systems, and trusted architectures.
  • Methodologies for spacecraft cyber defense-in-depth, focusing primarily on threat avoidance through vulnerability mitigation, and allowing mission survival with graceful degradation under cyber-attack.
  • Novel software or procedural approaches for providing protection to existing space systems.
  • Technologies to provide indications of an active cyber-attack against a spacecraft.

So, if you want to drop that iPhone app you've been working on and get in on this project, you have until May 6 to pitch the service on  your "interests and capability," according to the RFI.

U.S. Air Force