Interview with Mr. Toshio Nawa, a Leading Cyber Security Expert, on the Risks and Countermeasures against Cyber Attacks in the Space Industry
With everything connected to the network, the risk of cyberattacks is increasing and the damage they cause is spreading.
In the space industry, attacks on satellites and ground stations have actually occurred, and the demand for cyber security from infrastructure providers continues to increase.
In light of this, WARPSPACE has brought in Toshio Nawa, a world-renowned specialist in this field, as Chief Cybersecurity Counsel to strengthen cyber risk management in the services we are building.
We asked Mr. Nawa why cyber risks are increasing in the space industry.
Mr. Toshio Nawa
He was engaged in CIC (Combat Information Center) operations for destroyers in the Maritime Self-Defense Force. He then worked at the JPCERT (Japan Computer Emergency Response Team) before joining the Cyber Defense Institute. Currently, while concurrently holding positions in several domestic and international security professional organizations and government agencies, he provides practical operations (cyber intelligence, incident response, cyber exercises, etc.) and advice (providing insights, decision-making support, etc.) related to a cyber threat response.
From Self-Defense Forces to Cyber Security Specialist
-First of all, please tell us about your career history.
After graduating from high school, I joined the Maritime Self-Defense Force. Since I chose this career path for financial reasons, I actually did not know the distinction between ground, maritime, and air, and I joined the Maritime Self-Defense Force because there happened to be an available position.
Since I liked mathematics and physics and was confident in my calculation skills, I was assigned to the CIC, which was in charge of information processing. I then moved to the Air Self-Defense Force, where I continued to do similar defense-related information processing. I first learned about cyber security around the year 2000. It was through my interaction with the U.S. military.
An aptitude test conducted while I was at the Officer Candidate School showed that I had a strong programming competency orientation, so after graduation I was assigned to a position designing and modifying operational systems for the Air Self-Defense Force. It was there that I became acutely aware of the importance of cyber security.
Then, by a fortunate chance, I moved to the JPCERT in December 2005. In the U.S., the Morris Worm incident in the 1980s, which caused the spread of a computer virus and a series of service outages, led to the establishment of the CERT Coordination Center, which conducts cybersecurity research and development. JPCERT is the Japanese version of the CERT Coordination Center.
After working for several private companies and research institutes, JPCERT is now engaged in what is called “active defense”.
-How did you come to join WARPSPACE?
It all started with the COO, Mr. Azuma, who is a trustworthy person.
I had the opportunity to work with him at my previous workplace and knew his personality.
I am also a member of the Space Security Subcommittee established by the Cabinet Office. I had seen and heard the company name WARPSPACE several times there and had the impression that they work on a quite challenging project.
And when he approached me, I wanted to support WARPSPACE from the perspective of cyber security.
Cyber criminals gather in growing industries
－I would like to ask you again, “What is cyber security”?
In a word, cyber security for me is to protect profits. If I were to add a little more, I would say that it is a means to protect life, body, and property. Many experts in other countries have a similar view.
In the past, information security was something of an added value for society. Today, however, cyber security has become critical. If a cyber attack were to occur, many industries would be affected, including finance and healthcare. Transportation…… for example, if an aircraft is cyber-attacked, the worst case could have serious consequences for life and body.
-Is the space industry also a target of cyber attacks?
Between nations, there are already cyber attacks in the space sector. Currently, the focus is on cyber reconnaissance, which is presumed to be in preparation for future destructive attacks.
In addition to cyberattacks that are part of military operations, the growing business area is also attractive to criminals, attracting a variety of cybercriminals like hyenas. Given the pattern of cases that have occurred in closely related industries, it is natural that the space industry will also experience cyber attacks and cyber crimes targeting private companies in the future.
I don’t know when this will happen, but I think it will peak within 5 to 10 years.
－What kind of cyber-attacks do you foresee in the space sector?
The first is “eavesdropping”. It is difficult to directly access and eavesdrop on satellites in space, so ground stations are actively targeted. At the same time, they steal information from space agencies, companies, etc., about the people they belong to.
The second is “jamming”. Communication networks that utilize satellites provide services to various industries, which can be hit if they are shut down. Instead of stopping it completely, it could be disguised as a system failure to dramatically lower the volume of communications and reduce the quality of service.
Lastly, there is “deception gimmickry”. Communications taking place in space cannot be seen by the human eye. This is why satellites are vulnerable to deception attacks. One of the methods is a “man-in-the-middle attack,” in which an attacker may think he or she is communicating with a satellite in space, but the attacker may switch the communication destination to something completely different.
-What are the motivations behind cyber attacks?
Cyber attackers can be categorized into three main groups. The first is a “cyber attack group” under the order or support of a state. Cyber attack groups of this size are said to have both an ordering and a practical side, making it difficult to grasp the whole picture.
The second is “economic criminals,” who account for 90% of cyber criminals. They do not care what means are used as long as they make money. The third is the “fun criminal’’. They want to be recognized, or they want to be noticed by everyone by committing cyber attacks, and they have a massive desire for self approval.
There are many different kinds of people, but we call them all “threat actors”.
Is space the last stronghold to protect our lives?
-What do you think is the importance of the space industry?
I think the best thing about the space industry is that it enables us to use all the resources on the Earth.
Japan has a declining birthrate and an aging population, and the budget required for social security is only going to increase. With a declining population, the only way to increase GDP is to mechanize industry, but the conventional infrastructure has been exhausted and is reaching a plateau.
But what we have not yet begun to do is space infrastructure! I am hopeful that we can make productivity and efficiency increasingly higher by introducing space related technologies without having to dynamically alter the existing industrial base.
One such example is Starlink, the satellite communications service of billionaire Elon Musk’s SpaceX. I think it’s a great idea to provide service from space to areas that don’t yet have sparse Internet connectivity.
With an Internet connection, drones and quasi-zenith satellites services will become more widespread, and transportation will become more efficient.
-Finally, what is your enthusiasm as Chief Cybersecurity Counsel at WARPSPACE?
My enthusiasm is to assist like a guard or an emergency medical technician! Like a guard standing guard at the entrance of a facility with a gun, I will proactively communicate possible threats from a cybersecurity perspective and provide strict advice on how to take necessary action.
I will also ensure that we are prepared for normalcy, especially in the event of a cyber attack, so that our fundraising and business continuity will not be affected!
-Thank you very much!