Category Archives: Department of Defense

REvil, the Ransomware Hackers System Identified

Posted on by

Ahead of the three-day Fourth of July weekend, the REvil gang is suspected to be behind a new ransomware attack Friday that affected at least 200 companies in the U.S.

REvil, based in Russia, was likely behind the JBS Meat Packing attack in May, according to the FBI. The Flashpoint Intelligence Platform has suggested that former REvil members were involved in the recent Colonial Pipeline attack earlier this year as well, allegedly done by the DarkSide ransomware group. More here from Newsweek.

Per the FBI’s most recent statement:

Updated July 4, 2021: 

If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations, follow guidance from Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA) to shut down your VSA servers immediately, and report your compromise to the FBI at ic3.gov. Please include as much information as possible to assist the FBI and CISA in determining prioritization for victim outreach. Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat.

Original statement:

The FBI is investigating this situation and working with Kaseya, in coordination with CISA, to conduct outreach to possibly impacted victims. We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.

Additionally:

Kaseya had expected that it would be able to patch and restore its VSA software-as-a-service product by today, but technical problems its developers encountered have blocked the rollout. As of 8:00 AM EDT today, the company was still working to resolve the issues it encountered.

Reuters quotes US President Biden as offering, yesterday, a relatively upbeat preliminary assessment of the consequences of the ransomware campaign: “It appears to have caused minimal damage to U.S. businesses, but we’re still gathering information,” Mr. Biden said, adding “I feel good about our ability to be able to respond.”

That said, the US Government is continuing its investigation and is signalling an intention to do something about REvil and other gangs or privateers. Among other things, the US Administration said that it has communicated very clearly to Russian authorities that the US wants the REvil operators brought to book. CBS News reported yesterday that White House press secretary Psaki said that the US had been in touch with Russian officials about the REvil operation, and that if Russia doesn’t take action against its ransomware gangs, “we will” TASS is, of course, authorized to disclose that Russia not only had nothing to do with the attack, and that it knew nothing about it, and that in fact Moscow had heard nothing from Washington about the matter.

But, outside government cyber experts have uncovered the following:

Hat tip source

Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals.

According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain ‘decoder[.]re’ in addition to a ransomware page available in the TOR network.

***

The domain was included within the ransom notes dropped by the recent version of REVil, it came in the form of a text file containing contact and payment instructions.

revil map

Typically, the collaboration between the victim and REVil was organized via a page in TOR, but in the case their victim is not able to access the Onion Network, the group prepared domains available in Clearnet (WWW) acting as a ‘mirror’.

revil
TOR host

 

revil
WWW host (decoder[.]re)

To access the page in WWW or TOR – the victim needs to provide a valid UID (e.g.,”9343467A488841AC”). The researchers acquired a significant number of UIDs and private keys as a result of ransomware samples detonated and through the collaboration with victims globally. The private keys determine if the same functional process is available on both resources confirming, they’re delivering exactly the same content.

Like decryptor[.]cc and decryptor[.]top in previous REvil / Sodinokibi versions, decoder[.]re is used to grant the victims access to the threat actors WEB-site for further negotiations. The application hosted on it contains ‘chat’ functionality enabling interactive close to real-time communications between the victim and REVil.

The threat actors also used a disposable temporary e-mail address created via https://guerrillamail.com to anonymously register the domain name, which was later used for name servers too, this also allowed them to park other elements of their infrastructure. Such e-mails could only be used a limited number of times, for example all communications with them would be automatically deleted within 1 hour.

Resecurity was able to collect the available and historical DNS records, then create a visual graph representing the current network infrastructure used by REVil and shared it with the cybersecurity community. According to experts, such a step may facilitate proper legal action against ransomware, as well as outline parties responsible for such malicious activity, as the uncovered details raise significant questions regarding the reaction from hosting providers and law enforcement.

revil map

Based on the network and DNS intelligence collected by experts, the IPs associated with it have been rotated at least 3 times in Q1 2021 and were related to a particular cloud hosting and IoT solutions provider located in Eastern Europe, which continues to service them.

It’s hard to believe such malicious activity has gone unnoticed by certain governments resulting in damage to thousands of enterprises globally.” – said Gene Yoo, Chief Executive Officer of Resecurity.

President Joe Biden has ordered U.S. intelligence agencies to investigate the sophisticated ransomware attack on Kaseya presumably conducted by REVil, a notorious cybercriminal syndicate believed to have ties to Russian-speaking actors that’s previously gone after high-profile targets such as Apple and Acer.

The group is also believed to be behind last month’s successful attack on the world’s largest meat processing company, JBS, that extorted $11 million in ransom. REvil took official responsibility for the attack and released an announcement in their blog which is available in TOR network asking for $70 million payment from Kaseya – the biggest ransom payment demand known in the industry today.

The attack has already affected over 1,000 businesses globally disrupting their operations. One suspected victim of the breach, the Sweden-based retailer Coop, closed at least 800 stores over the weekend after its systems were taken offline.

The White House Press Secretary Jen Psaki said the US will take action against the cybercriminal groups from Russia if the Russian government refuses to do so.

The investigation is still ongoing.

About the author: Gene Yoo, Chief Executive Officer (Resecurity, Inc.)

Biden Gives Putin a List of Entities to not Hack

Posted on by

Yup…16 of them. All the other parts of infrastructure is okay or not as important? Does the same list apply to hackers from China, Iran or North Korea? Do they get a copy too?

Primer:

Remember MH17? Just for what context on Russian operatives, it is not just the United States.

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020. source

Live blog: Biden, Putin finish Geneva summit, confirms ... source

(notice Victoria Nuland at the table?)

FNC:

President Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are “off limits” to a Russian cyberattack.

Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.

“We’ll find out whether we have a cybersecurity arrangement that begins to bring some order,” Biden said. Putin, for his part, denied any involvement in a recent spate of cyberattacks that have hit major industries across the U.S.

“I looked at him. I said, ‘How would you feel if ransomware took on the pipelines from your oil fields?’ He said, ‘It would matter.’ This is not about just our self-interest.” the president said.

Biden refused to say if military action was on the table if Russia was found to be responsible for a ransomware attack.

“In terms of the red line you laid down is military response an option for a ransomware attack?” a reporter asked.

“Thank you very much,” Biden said as he abruptly tried to end the shorter-than-expected conference. “No, we didn’t talk about military response,” he said when pressed again.

Biden in another moment had said he didn’t make any threats but rather “simple assertions.”

Biden stressed the need for both nation “to take action against criminals that conduct ransomware activities on their territory.”

Putin, in his own press conference after the meeting, claimed that American sources say that a “majority” of the cyberattacks in the world come from within the U.S.

The number of organizations affected by ransomware has jumped 102% compared to the beginning of 2020 and “shows no sign of slowing down,” according to a research note last month from IT security firm Check Point.

Both Colonial Pipeline and JBS Holdings, a meat-processing company, have been subject to major cyberattacks, where against the guidance of the FBI they paid millions of dollars in ransom to resume operation. The Colonial Pipeline attack was linked back to a Russian hacking group.

 

 

SolarWinds Strikes Again and Again

Posted on by

Primer: The House Oversight and Government Reform Committee, chaired by Carolyn Maloney (D-NY) only held one meeting on SolarWinds and none related to the  DarkSide both of which have caused major interruptions in the supply chain and national security. It was last February that the committee hosted a session via WebEx with a few witnesses of which nothing was determined or solved.

The cyberattackers responsible for the SolarWinds hack targeted U.S. organizations again last week, Microsoft said.

The Russian hackers that U.S. intelligence says are behind the SolarWinds breach that previously compromised government networks went last week after government agencies, think tanks, consultants, and non-governmental organizations, said Microsoft Corporate Vice President Tom Burt.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Mr. Burt wrote on Microsoft’s blog. “While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian and human rights work.” More here.

***

Solarwinds Management Tools - Full Control Networks source details

New details are emerging from a cyberattack that hit about 3,000 email accounts and 150 government agencies and think tanks spanning 24 countries, including the U.S., this week.

Microsoft on Thursday evening announced that Nobelium, a Russian group of threat actors that targetted software company SolarWinds in 2020 as part of a months-long hacking campaign, recently attacked more U.S. and foreign government agencies using an email marketing account of the U.S. Agency for International Development (USAID).

USAID is aware of the attack, and a “forensic investigation into this security incident is ongoing,” USAID acting spokesperson Pooja Jhunjhunwala said in a statement to FOX Business. “USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA),” Jhunjhunwala said.

***

Source: The revelation caused a stir, highlighting as it did Russia’s ongoing and inveterate digital espionage campaigns. But it should be no shock at all that Russia, in general, and the SolarWinds hackers in particular, have continued to spy even after the US imposed retaliatory sanctions in April. And relative to SolarWinds, a phishing campaign seems downright ordinary.

“I don’t think it’s an escalation; I think it’s business as usual,” says John Hultquist, vice president of intelligence analysis at the security firm FireEye, which first discovered the SolarWinds intrusions. “I don’t think they’re deterred, and I don’t think they’re likely to be deterred.”

Russia’s latest campaign is certainly worth calling out. Nobelium compromised legitimate accounts from the bulk email service Constant Contact, including that of the United States Agency for International Development. From there the hackers, reportedly members of Russia’s SVR foreign intelligence agency, could send out specially crafted spearphishing emails that genuinely came from the email accounts of the organization they were impersonating. The emails included legitimate links that then redirected to malicious Nobelium infrastructure and installed malware to take control of target devices.

While the number of targets seems large, and USAID works with plenty of people in sensitive positions, the actual impact may not be quite as severe as it first sounds. While Microsoft acknowledges that some messages may have gotten through, the company says that automated spam systems blocked many of the phishing messages. Microsoft’s corporate vice president for customer security and trust, Tom Burt, wrote in a blog post on Thursday that the company views the activity as “sophisticated” and that Nobelium evolved and refined its strategy for the campaign for months leading up to this week’s targeting.

“It is likely that these observations represent changes in the actor’s tradecraft and possible experimentation following widespread disclosures of previous incidents,” Burt wrote. In other words, this could be a pivot after their SolarWinds cover was blown.

But the tactics in this latest phishing campaign also reflect Nobelium’s general practice of establishing access on one system or account and then using it to gain access to others and leapfrog to numerous targets. It’s a spy agency; this is what it does as a matter of course.

“If this happened pre-SolarWinds we wouldn’t have thought anything about it. It’s only the context of SolarWinds that makes us see it differently,” says Jason Healey, a former Bush White House staffer and current cyberconflict researcher at Columbia University. “Let’s say this incident happens in 2019 or 2020, I don’t think anyone is going to blink an eye at this.”

As Microsoft points out, there’s also nothing unexpected about Russian spies, and Nobelium in particular, targeting government agencies, USAID in particular, NGOs, think tanks, research groups, or military and IT service contractors.

“NGOs and DC think tanks have been high-value soft targets for decades,” says one former Department of Homeland Security cybersecurity consultant. “And it’s an open secret in the incident response world that USAID and the State Department are a mess of unaccountable, subcontracted IT networks and infrastructure. In the past, some of those systems were compromised for years.

Especially compared to the scope and sophistication of the SolarWinds breach, a widespread phishing campaign feels almost like a downshift. It’s also important to remember that the impacts of SolarWinds remain ongoing; even after months of publicity about the incident, it’s likely that Nobelium still haunts at least some of the systems it compromised during that effort.

“I’m sure that they’ve still got accesses in some places from the SolarWinds campaign,” FireEye’s Hultquist says. “The main thrust of the activity has been diminished, but they’re very likely lingering on in several places.”

Which is just the reality of digital espionage. It doesn’t stop and start based on public shaming. Nobelium’s activity is certainly unwelcome, but it doesn’t in itself portend some great escalation.

 

Details on the Pentagon Targeting Extremism

Posted on by

Image

Your task is to check out the resumes of each of these people. For further context keep reading.

*** The 17 page DARPA document is here.

Flags from the left-wing Antifa movement. Depictions of Pepe the Frog, the cartoon character that’s been misappropriated by racist groups. Iconography from the far-right Proud Boys, including the phrase “stand back and stand by” from former President Donald Trump.

They are all signs that extremists could be infiltrating the military, according to internal training materials that offer a more detailed view into the array of radical groups and ideologies the Pentagon is trying to keep out of the ranks.

“There are members of the [Department of Defense] who belong to extremist groups or actively participate in efforts to further extremist ideologies,” states a 17-page briefing obtained by POLITICO that was compiled by the DoD Insider Threat Management and Analysis Center, which is part of the Defense Counterintelligence and Security Agency.

“Be aware of symbols of far right, far left, Islamist or single issue ideologies,” it warns, stressing that members of the military and civilian personnel have “a duty and responsibility” to report extremist behavior or activity.

The materials were prepared as part of a broader Pentagon effort to crack down on extremists who may be lurking inside the military after dozens of ex-service members were arrested for their roles in the Jan. 6 attack on the U.S. Capitol to stop the certification of the presidential election.

The prevalence of extremists in the Defense Department appears to be small. For example, the 222,000-strong Marine Corps recently reported that it kicked out four members last year for extremist activity.

But the Pentagon says one is too many and the true numbers are not known because adherents who have been recruited by extremist groups or encouraged to enlist often organize and communicate in secret.

“No one truly knows,” Audrey Kurth Cronin, the director of American University’s Center for Security, Innovation and New Technology, told a House panel this week. “No serious plan can be built without defining the scope of the problem.”

The internal training materials focus on extremist behavior and symbolism — of all different stripes — and point out the risk of making false assumptions about people who do not pose any threat. This includes pointing out that religious conservatives are often mistakenly lumped together with white supremacists or other extremists.

The Department of Homeland Security has said white supremacist extremists are the most lethal terror threat facing the U.S. And while Republicans accused far-left groups such as Antifa of taking part in the insurrection, FBI Director Christopher Wray told lawmakers this month there’s “no evidence” those groups played a role.

Last month, Defense Secretary Lloyd Austin ordered a force-wide stand down requiring all units to discuss the threat of extremism within 60 days.

He called it the first step in “a concerted effort to better educate ourselves and our people about the scope of this problem and to develop sustainable ways to eliminate the corrosive effects that extremist ideology and conduct have on the workforce.”

The stand downs also include “listening sessions” to hear from Pentagon personnel about their experiences with activity, such as one held on Friday by a unit of the Army’s 101st Airborne Division.

The department published broad guidance for commanders to address address extremism, which focuses on reinforcing the military’s core principles enshrined in the oath they take to the Constitution and several case studies of military members who were prosecuted for engaging in extremist activity or plotting with radical groups.

But those materials did not identify specific threat groups, and Austin has provided wide leeway for individual units and commands to address the challenge as they see fit.

The internal briefing shared with POLITICO was compiled by the human resources office at the Defense Advanced Research Projects Agency, a small Pentagon agency of several hundred military personnel, civilian employees and contractors that manages research into breakthrough technologies.

Pentagon spokesman Jamal Brown noted that military units and individual components have been given broad authority to tailor their own approaches to addressing the extremist threat with their employees. He could not immediately say how many personnel have received this specific information and deferred questions about it to DARPA.

Jared Adams, a spokesperson for DARPA, explained in an email that “our training module was copied verbatim from the material provided by the DOD Insider Threat Management & Analysis Center of the Defense Counter Intelligence and Security Agency.

“We did not add any symbols and used all the imagery provided,” Adams said.

The briefing was sent to civilian employees as part of required training across the department for “Extremism and Insider Threat in the DoD.” Adams said it is required training to be completed by this month. Employees have to digest the material and then answer some questions.

The more detailed materials break down extremist movements into three main categories, including “Patriot” extremism, anarchist extremism, and ethnic/racial supremacy.

More here from Politico.

Your Questions Ready when the UFO Report is Released?

Posted on by

The anticipation is growing as we wait for the report that is slated to be released June 1st. Take notes from the text below if you want some details beyond flying saucers and green people…

The sightings which are not only common in the United States but they too are reported by other countries across the globe. Will these sightings be fully explained? Not likely. So here is a primer for the reader to consider:

    1. We are often told that the weird things in the heavens above are weather balloons, so just accept that answer. Well, there are balloons in the skies and they are not commonly for weather. In fact, those balloons have some very secretive objectives.

      These high-altitude balloons are the property of Raven Aerostar, a division of Raven Industries, based in Sioux Falls, South Dakota. In recent years, Raven Aerostar has been known for its collaboration with Google’s parent company Alphabet in Project Loon, an ambitious venture intended to extend Internet access to rural areas. The “Loon balloons” were designed by Raven Aerostar to fly at high altitude for extremely long durations. Project Loon announced it would shut down in January this year, despite making significant technical strides. Since then, Raven Aerostar has continued to develop its balloon technologies for other sectors, notably in the realm of intelligence and defense.

      ADSBExchange.com

      The high altitude balloons as seen on flight trackers off Southern California. They have caught people’s attention especially due to the fact that they can stay on station for long periods of time, seemingly flying against the prevailing winds in the area.

      The vehicles appear to be derivatives of Raven Aerostar’s Thunderhead balloon system. The Thunderhead balloons are designed to be able to persist over an area of interest in order to carry out a wide variety of tasks. According to the company, common applications include intelligence, surveillance, and reconnaissance (ISR) missions and acting as communications relays. Additionally, the balloons can also serve roles in augmenting navigational systems.

      Their recent appearance over both coasts of the United States appears to be a test of exactly this networking capability. Federal Communications Commissions records reflect an approved license for one of Raven Aerostar’s subsidiaries, Aerostar Technical Solutions, to fly balloons within a two hundred-mile radius around Vista, California from May 9th until May 30th this year.

      The stated purpose is to test networked radio systems, the Silvus 4400E and Silvus 4200E, on the high altitude balloons. Although the application only lists the California locations, further correspondence in FCC records show a conversation about permitting additional locations on the East Coast:

      Official Email

      The company appears to have aggressively pursued its balloon testing in recent years, with experimental radio license applications dating back until at least February 2020. Balloon tests had previously been approved and conducted across the Southeast and Southwest. For example, residents of Jackson, Mississippi may have noticed a meandering balloon track around May 4th this year. Click here for more crazy details.

       

    2. In December 2020, the government enacted the Intelligence Authorization Act, which called for the release of an unclassified and all-sources report on unidentified aerial phenomenon (UAP) — the official military term used for unidentified flying objects. The act was included in the mammoth appropriations bill that also included financial aid checks for people living with the economic fallout from Covid-19.The report will include a thorough analysis of
      1. Available data
      2. Intelligence reporting on UAPs

      It will be presented to the congressional intelligence and armed services committees on UAPs.

      When the Pentagon officially released the footage of the unidentified aircraft last year, the agency admitted that the videos aren’t exactly sure what is going on in the video, and that they cannot explain how the crafts are able to pull such maneuvers.

      It remains unclear whether the government believes these to be sightings of foreign aircrafts using technologies unfamiliar to the United States, or whether they believe the craft are not of this world.

What else should we be asking? Well, the military and the intelligence community has some exceptional tools that are helpful in this quest so we may wonder if they are used in processing this report. Tools such as Geo-Spatial, DARPA, and then the known and unknown tools of the Space Force.

There is spacial wide-and communications, satellites (beyond line of sight) and geospatial intelligence that could or should be exploited in this mission of identification.

But wait…there are non-government agencies as well that often contract to government agencies such as Maxar.

From a 2019 blog post on the Maxar site is the following for consideration:

The Space Safety Coalition (SSC) issued the “Best Practices for Sustainability of Space Operations.” This document, co-signed by 21 space companies, advocates that any spacecraft operating at 400 kilometers or more above Earth should include a propulsion system for maneuvering, allowing each spacecraft to move itself out of a potential collision path instead of relying on others to always maneuver around it, as well as a number of other common sense principles. This will create a safer space environment for all to operate in now and for generations to come.

Maxar Technologies fully endorses the “Best Practices for Sustainability of Space Operations” and encourages Congress to introduce legislation based on these best practices. Below is Maxar’s reasoning for supporting the “Endorsement of Best Practices for Sustainability of Space Operations.”

We rely on space for our everyday lives. Weather satellites enable us to forecast the next snowstorm, so we can stock up on food. GPS lets us navigate to a new destination, using maps that come from imaging satellites. GPS also provides the precise timing used for banking transactions and to make it possible for cell phones—and banking transactions—to work. And, of course, there is NFL Sunday Ticket on DirecTV.

Space is also a big place. To put this into context, between the lowest practical orbit (350 km above Earth’s surface) and geostationary orbit (100 times further up, at 35,000 km), the volume of “near Earth” space is about 270 times the volume of Earth! Current estimates indicate there’s 29,000 objects that are 4 inches or bigger being tracked in that space [1], so it seems like it would be pretty empty and we don’t have to worry about collisions, right?

Well, not exactly. There’s another aspect of space: orbital velocity. Satellites in space don’t stand still, but zip around in their orbits at high speed. In low earth orbit (closest to Earth’s gravitation pull), this is around 7.6 km/sec, or over 16,000 miles an hour! If two objects in space collide, it’s not a gentle nudge but rather a big resounding KABOOM. This results in a lot more small pieces of debris that need to be tracked. If you’re lucky, the collision may knock off a corner of your solar array, like happened when Maxar’s WorldView-2 satellite was hit back in 2016 by a small piece of debris. Fortunately, this had no impact on WorldView-2’s ability to operate. If you’re unlucky, you get a collision like the one between a defunct Russian Cosmos satellite and an Iridium communications satellite back in 2009, which was responsible for nearly doubling the amount of debris in that orbital band.

I’ve mentioned there are about 29,000 tracked objects in space. But there are a lot more pieces too small to track – an estimated 166 million pebble sized pieces [1] are zipping around in space.

While the probability of one of these pieces hitting a satellite is small (on the order of a million to one chance), each collision makes the problem worse. There’s actually a term for this, the Kessler Syndrome, in which each collision makes the problem exponentially worse. We don’t want that to happen, because if it did, it could make certain regions of near Earth space completely unusable for satellites or humans.

Fortunately, we’re quite a long time away from space becoming unusable. Companies are creating new ways to track objects on orbit, including a new commercial solution Maxar is testing, which is the first step in containing the space debris problem. But space, similar to other common areas (like the oceans), requires responsible actions by all space operators to keep it usable for future generations. This is where rules of the road come in, and I’d like to lay out a few common sense ones:

  • Propulsion. Spacecraft operating above 400 km altitude should be required to carry propulsion to executive timely and effective avoidance maneuvers. It’s simply not acceptable for a satellite operator to place the burden of avoiding a collision on other satellite operators; it’s everyone’s responsibility. This is why SSC‘s “Best Practices for Sustainability of Space Operations” advocates for spacecraft operators to adopt space operations concepts that enhance sustainability of the space environment. Why 400 kilometers? It’s a natural dividing line; the International Space Station operates at 403 km altitude (nobody wants to see the movie “Gravity” played out in real life), and below 400 km, atmospheric drag is enough to make those orbits “self-cleaning” (see below).
  • Encryption. Satellites with propulsion should be required to have encryption and authentication on their command link, to ensure that only the satellite operator can control how the propulsion is used. We don’t want a hacker to take control of a satellite and maneuver it into the path of another one to cause an intentional collision.
  • Navigation. Satellites with propulsion should be able to determine their position, and the operators of these satellites should be required to share this position data (along with any planned maneuvers) with a central repository, such as the Combined Space Operations Center (formerly known as the Joint Space Operations Center [JSpOC]), to facilitate safe navigation by all satellite operators. The U.S. government is working on a plan to move this repository to a civilian agency, such as the U.S. Department of Commerce, to enable a more open and accessible repository for all global satellite operators. This is akin to the use of automatic identification system (AIS) transponders in ocean-going vessels, which broadcast their location to other ships using AIS to enable safe navigation, and the data is available publicly online.
  • Littering. Satellites and launch vehicles need to be designed so they do not throw off debris during or after launch. While already largely adopted, it’s important that launch providers and space operators have a plan to deorbit launch materials at the end of their life or move them to a safe orbit that’s out of the way and won’t have collision risks.

We could, however, designate the region below 400 km altitude as an “experimental” zone where the above requirements would not be imposed. These orbits are low enough that any debris will tend to reenter Earth’s atmosphere, burning up within weeks to months, making them much less of a concern. And few, if any, commercial or government satellites operate at those altitudes. Leaving the below-400 km region available without the above restrictions makes operating in space still affordable for operators of the growing number of inexpensive, experimental or educational cubesats.

The commercial and government use of space is accelerating rapidly. It’s time we have a way to regulate space traffic, just like how traffic on Earth is controlled. Even though the first gas-powered automobile was created in the 1880s, it took until the 1910s (three decades!) to bring some sensibility to who had the right-of-way on the road with the invention of the stop light.

Maxar along with the other co-signers of the SSC believe it’s time to bring sensibility to space. We’re asking the U.S. space industry to unite behind these best practices and talk to their senators and representatives about introducing legislation that reflect these best practices. We ask our international industry partners to bring these ideas to their respective governments for consideration. The “Best Practices for Sustainability of Space Operations” is a starting point to getting rules of the road established in space – but, in the big picture, all four common sense principles I’ve outlined above need to be implemented to keep space a safe environment available now and in the years to come.