The Space Force’s second annual Hack-A-Sat contest in December will reflect its commander’s determination to be the first truly digital military service, organizers told Air Force Magazine in an interview at the recent DEF CON hacker convention.
Hack-A-Sat was one of the principal attractions at DEF CON’s Aerospace Village—one of the many specialist areas of the convention, each focused on a different variety of hacking expertise.
The competing teams will try to hack each other’s “flat sat” hardware—an earthbound duplicate of the technology inside a real satellite—while defending their own. But before the event gets underway Dec. 11, the teams get to familiarize themselves with the systems they’ll defend and, using a digital twin—a software model that behaves exactly as the flat sat hardware would—to practice attacking those systems.
“The digital twin is for training purposes,” said Stephen Colenzo, technology transfer lead at the Air Force Research Laboratory. “But when it’s game time, it’s all going to be on the real hardware, and they’re going to be remoting in via VPN.”
But smart teams will continue using the digital twin even once the contest is underway, explained Capt. Charles “Aaron” Bolen, Space Force Hack-A-Sat team lead, because it can be used to practice hacking attacks and play out the consequences of defensive measures, such as patching, in more or less real time. ”They can use it offline to practice [attacks] and send commands to it to test things out before they go ahead and execute in the [contest] environment,” he said.
Bolen added that this was reminiscent of the way the Space Force worked to secure its systems. “This is very much the way we really develop space vehicles—testing it [on the software twin] and then running it on actual hardware.”
As he spoke, hackers in the neighboring Car Hacking Village repeatedly set off the alarm on an online vehicle organizers had brought to the floor.
Hackers like to get hands-on access to the systems they’re trying to break into, and Hack-A-Sat organizers brought both a prototype of the flat sat they‘ll be using for the contest in December, and a digital twin of it, that visitors could interact with.
Last year, the first Hack-A-Sat had to pivot after DEF CON 2020 went into “safe mode” and became a purely remote event as a result of the COVID-19 pandemic. The organizers, who had planned for each team to have hands-on access to their flat sat hardware onsite, sent each competitor their own flat sat instead. COVID-related shipping and customs delays meant two teams got their hardware late and one didn’t get theirs until the morning of the competition itself, explained AFRL Program Manager DeliaRae Jesaitis. “It was a real nail-biter,” she said.
This year, rather than risk such delays, all eight of the flat sats—one for each team that qualified for the 2021 contest—will be co-located at a Space Force facility, with the teams porting in to their hardware flat sats via VPN. They will be able to monitor it via CCTV, said Bolen.
“The hope is that, to the competitors, it doesn’t feel any different to being on the spot,” he said. “The advantage is that everyone gets to sleep in their own beds at night … and it allows for maximum participation” when international travel was still extremely disrupted and in-person involvement would be limited by social-distancing requirements. “So, this is definitely allowing for a lot more people to be involved than probably could be if it was in-person,” he concluded.
Eight teams from the United States, Poland, Germany, and Romania qualified for the contest out a field of more than 1,000 who registered to take part in the initial challenges. The eight teams are competing for $100,000 in prize money ($50,000 for first place, $30,000 for second place, $20,000 for third place), and all of them get to keep their flat sats.
The contest lasts for 24 hours, a relatively humane duration, since contestants typically don’t sleep during a capture-the-flag contest. It’s also the shortest duration that eliminates any possibility of advantaging a team because of which time zone they’re in, explained Bolen.
The global aspect of the hacker audience is one of the things that makes Hack-A-Sat valuable to Space Force, said Col. Wallace “Rhet” Turnbull, who runs defensive cyber operations for the USSF Space Systems Command in Los Angeles.
“It’s a good way to engage with the [hacker] community and get people interested in working to secure space” from cyberattacks, he said.