Feb 23 2023

RCMS23: How Space Force Acquisition Teams Balance Security with Functionality

The service branch is increasing cybersecurity protections for satellite constellations and collaborative cloud environments.

Space Force acquisition teams want to balance functionality with security in the IT and network infrastructure under development in order to become the “first digital force,” according to the U.S. Space Systems Command’s CIO.

Speaking Wednesday at the Rocky Mountain Cyberspace Symposium 2023, Col. Jennifer Krolikowski said Space Force just launched a project to create a digital backbone for its acquisition mission, from devices to the cloud.

Space Force already works with a data fabric for added security and to enable better decision-making, and the service branch is embracing agile development and automation. But the only way to reduce its technical debt when it comes to cybersecurity is to ensure the systems it deploys are not only functional but secure.

“It’s actually not an either/or,” Krolikowski said. “It’s a symbiotic relationship.”

That’s why Space Force acquisition teams are prioritizing risk management frameworks, program protection, supply chain security and cryptography, she added.

Click the banner below to follow our coverage of RMCS 2023 on Twitter.

Space Force Working to Secure Satellite Constellations

Perhaps nowhere is this more evident than in Space Force’s transition from architecting big, monolithic satellites with command and control to constellations like SpaceX’s Starlink, where each satellite is a node in a larger mesh.

“It starts to become that much more important for us to make sure we secure those things so that we can keep that massive constellation up, self-heal it as things may happen to it,” Krolikowski said. “As we shift into the constellations, it’s imperative that we as the acquisition community start to really understand what that risk is — and get the commanders involved to assume that risk — as well as a full-site picture of functionality versus patching or what have you, so that they can actually still accomplish their mission.”

A functional, unsecure system is useless because its availability drops to zero if hacked. Fortunately, Space Force is starting to see more investments in its security efforts, Krolikowski said.

READ MORE: How the Air Force is laying the groundwork for zero trust.

Cloud for Hybrid Work and Zero Trust: The “800-Pound Gorilla”

One of Space Force’s biggest pain points is connecting with hybrid contractors within the same network to share data and collaborate. The service branch needs secure cloud environments for digital engineering and DevSecOps, Krolikowski said.

Users and tools are certified in such environments, which the Air Force is finding is conducive to the hybrid work IT and cyber workforces are increasingly seeking.

“I don’t think it should matter where the talent lives if I now have the tools to connect them to the team and to the mission,” said Maj. Gen. Anthony Genatempo, program executive officer for the Command, Control, Communications, Intelligence and Networks Directorate within the Air Force Life Cycle Management Center.

While the Air Force and at large is starting to plan for zero-trust security architectures, acquisition teams need stable funding from Congress.

“A lot of you probably have seen the fan chart concerning zero trust and all that involves,” Genatempo said. “If there was ever an 800-pound gorilla for the acquisition community to try to tackle, that’s it.”

aapsky/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.