Twins in Space - AI & DT for space cyber defence (part 1)

As cyber adversaries expand their reach beyond terrestrial networks, the risk to space-based infrastructure—satellites, spacecraft, and critical communications has never been greater. Recent cyber incidents targeting satellite networks and space systems have demonstrated the potential for adversarial manipulation, data breaches, and operational disruption. These threats have significant implications for commercial enterprises, financial institutions, and national security.

In this first article we will introduce key terminology used in future installments.

What is Counterspace?

Counterspace - deters, disrupts, denies, degrades or destroys space systems.

There are four main categories of Counterspace activity:

1. Kinetic - like a missile (destructive projectile stuff);
2. Non-kinetic - not a missile (e.g., information warfare);
3. Electronic - like an EMP (electromagnetic pulse); &
4. Cyber - software exploit against space infrastructure.

What is Cyber Counterspace?

Cyber Counterspace is the practice of employing offensive cybersecurity measures to exploit vulnerabilities in order to protect assets like satellites, spaceships and other organisational crown jewels in space-based systems from active or imminent attacks.

What does a Space System look like?

A basic space system comprises of a space and terrestrial ground and user segment.

Where is space exactly?

The theater of engagement exists across multiple orbits, including the following:

1. LEO - low earth orbit;
2. MEO - medium earth orbit;
3. GEO - geostationary earth orbit;
4. SSO - sun synchronous orbit; &
5. LP - lagrange points.

The European Space Agency has this cool visualisation of Gaia and Lagrange Points.

So, where does space start? Well, LEO starts at 180 KM from the surface of earth.

Introduction to FHE, AI & DT

Innovative technologies, such as Fully Homomorphic Encryption (FHE), AI-based threat detection and DT simulation, are revolutionizing space cybersecurity. Drawing from my experience in operationalizing and commercializing Snode's Cyber-AI platform, a patented real-time threat detection platform for encrypted communications, let's explore how cutting-edge security strategies like these mitigate cyber risks in space.

Digital Twin (DT)

A Digital Twin is a digital “mirror copy” counterpart of a physical (or digital) environment. It incorporates all changes, in real-time, and provides a digital copy of all attributes (over a time dimension). The concept of developing a “digital twin” date back to the 1960s at NASA (National Aeronautics and Space Administration). The term “Digital Twin” was first introduced by Dr Michael Grieves, an advisor to NASA, in 2002.

Digital Twin has bi-directional communication between the original and mirror. So interestingly, these are two concepts that are often confused with Digital Twin:

1. Digital model - no communication flow. &
2. Digital shadow - one way communication.

So, running a Formula 1 car in a wind tunnel simulation is more comparable to a digital model. While Snode's AI-based attack simulation is more aligned to a digital shadow.

Typical types of Digital Twin include:

1. Monitoring;
2. Predictive;
3. Prescriptive;
4. Autonomous;
5. Imaginary; &
6. Re-collective.

Fully Homomorphic Encryption (FHE)

So, in general, we (1) process, (2) transmit and (3) store data. Now, when you think of data encryption during transmission (1) - you may think of SSL (secure sockets layer). Similarly, if you think "encryption at rest" (3) - you may think of hard drive encryption.

What about encryption during processing? Well that's where we look to decrypt and then process (3). Now, you think to yourself - but what if it was possible to process encrypted data - that's way more secure right? Correct, that's what we call FHE baby!

FHE is also known as the "holy grail" of encryption. Here is a cool paper for OpenFHE.

AI-based threat detection

This is a broad topic, since there is a range of AI-based approaches to threat detection.

However, for the scope of this article, lets focus our attention on the most prevalent:

1. The most common use case is machine learning (ML) for anomaly detection. This is both supervised and unsupervised learning ML algorithms that detect anomalies.
2. Deep Learning (along with ML) for cybersecurity classification. This is one of my favourites, especially Bayesian Classification, which is used in your SPAM filter. Deep Learning can help classify malware and is also used in behavioural analytics.
3. Reinforcement Learning which is used for adaptive defence. We use this in Snode's SOC for incident response automation, but its also used for prescriptive analytics.

If you keen to see and example of how we implement this at Snode check out this post:

Using AI for real-time attack simulation at scale (part 2)

This is the second article in a three part series, describing the process we follow at Snode Technologies to go from initial idea (part 1) to functional prototype (part 3). Quick recap (part 1) In the first part we decided to use AI-based attack simulation modelling, to help us prioritise

Art of DefenceNithen Naidoo

Specifically,... the following two sections:

High-level overview

At a macroscopic (conceptual) level, this would be the basic system representation.

Sub-component overview

We split the system (above) into three sub-components (for detailed design):

1. Classification and correlation.
2. Attack simulation modelling.
3. Supervised ML (re)-training.

A detailed explanation of Cyber AI from ideation to prototype - and now in production.

Conclusion

In part 2, we will unpack the current challenges with regards to Cyber Counterspace.

Subscribe to be notified and as always, if I got anything wrong,...