Enable breadcrumbs token at /includes/pageheader.html.twig

Zero Trust Brings Flexibility to Launch Enterprise

The architecture could alter how the U.S. Space Force manages launch ranges.

The flexibility enabled by Space Launch Delta 45’s addition of zero-trust architecture to its launch enterprise could enable U.S. Space Force guardians and U.S. Air Force airmen to conduct their launch mission-related tasks from really anywhere. In June, the Space Force and its mission partners at Cape Canaveral successfully launched into medium earth orbit the fifth Lockheed Martin-built Global Positioning System III Space Vehicle, SV05, aboard SpaceX’s Falcon 9 launch vehicle. Credit: SpaceX

U.S. Space Force Chief of Space Operations Gen. Jay Raymond, USSF (l), and Brig. Gen. Stephen Purdy Jr., USSF, commander, Space Launch Delta 45, and director, Eastern Range, examine mission-related communication solutions at Cape Canaveral Space Force Station, Florida, in May. Space Launch Operations are supported by both the Air Force and the Space Force, providing a unique environment for operations and digital solutions such as zero trust. Credit: U.S. Space Force photo by Airman 1st Class Thomas Sjoberg

The U.S. Space Force Space Launch Delta 45’s addition of zero-trust architecture to the launch enterprise could bring earth-shattering flexibility to its mission operations, its commander says. Under a year-long pilot effort, officials at Patrick Space Force Base, Florida, Space Launch Delta 45’s headquarters, and nearby Cape Canaveral Space Force Station, its launch range, have installed zero trust-related software and hardware into the launch mission system and are conducting beta testing and evaluation of the capabilities. The advent of applying zero-trust principles—including more advanced cybersecurity; software-defined perimeters; continuous monitoring; endpoint security; network management; and identity, credential and access management; amongst other aspects—to its network, communications and launch command and control systems could enable U.S. Space Force guardians and U.S. Air Force airmen to conduct their launch mission-related tasks from anywhere.

“I like it from a flexibility perspective,” says Brig. Gen. Stephen Purdy Jr., USSF, commander, Space Launch Delta 45 and director, Eastern Range, who is also an engineer and computer scientist. “The ability to disaggregate from specific networks and users, so that you have nothing that is trusted and you have to go do an analysis on every particular line and data flow coming through, obviously is more complicated. It will allow for a much more in-depth cyber posture, which is very important to us. But it is the flexibility piece of zero trust that is key because now we can get after really unique layouts in how we do things, instead of trying to maintain our legacy heritage mission IT [information technology].”

Responsible for the Eastern Range, Space Launch Delta 45 is expecting quite the uptick in rocket and aircraft launches at Cape Canaveral in the coming years. Even the amount of launches over the last year has grown sharply, the commander says, and he predicts that they will need future systems to support multiple launches at one time.

“A few years ago, we only launched five to seven rockets,” Gen. Purdy notes. “In the last 12 months, we had on the order of 250 requests, 50 countdowns and 37 launches. And that was just with a couple of launch providers. We’ve got multiple other providers that are building actively and several more right behind them. In three to four years, we tell ourselves to be prepared to launch a couple hundred missions a year, a couple a day. We may have a call-up a few hours before a launch, and we’ve got to be ready.”

Zero trust will support this considerable launch demand increase by enabling a shift from the mission control center paradigm of requiring all officials to be in-person and tied to a specific computer in the control room, he continues.

“We need to develop new ways of doing business,” the commander states. “From the old school mindset of how we had to get the whole team together into one particular center, five or six times a year, to now where we kind of need the whole system to be up and running all the time, that will have to happen due to the additional flexibility, because we’re not going to have extra people. Disaggregating all those pieces and allowing us to set up dynamic environments and dynamic connections to manage different missions is incredibly important. And zero trust will help significantly with that flexibility.”

The Air Force is sponsoring the base’s pilot with the Air Combat Command (ACC) as lead command and the ACC’s chief technology officer, Stephen Hazelhorst, overseeing the effort. Space Launch Delta 45 officials jumped at the chance to participate in one of the two first significant Air Force zero-trust architecture pilot programs this year, the general notes. “There was strong advocacy by our folks to go after this,” Gen. Purdy shares.

The other pilot features Beale Air Force Base, California, adding the cybersecurity measure to its traditional enterprise system. Both pilots, when successful, will be replicated across the services to apply zero trust to other base enterprises and major mission systems. Patrick Space Force Base’s environment is an unusual facility, though, which makes its application needs a little more complicated, the commander notes.

“This base is really unique,” Gen. Purdy says. “We also have a lot of airmen here and a lot of guardians. We’re a mixture of Air Force and Space Force. We’re also a mixture of operations and acquisitions. And we’re a mixture of U.S. government launching activity and commercial activity. We are operations, but we’re not quite operations. We are launching rockets, managing a range, but it’s not space operations. It’s not aircraft operations, and it’s not exactly like all other range operations. It is a little different.”

As such, the zero-trust components need to protect the distributed use of the range management systems, including weather systems, radar, telemetry and command/destruct indicators, plus all of the systems they use to communicate and receive data from other launch stakeholders. For example, the general explains, the weather officers have to tap into the Internet to pull in weather intelligence while range personnel currently use internal hard-line communications for each one of the telemetry devices to bring data in. And because each launch process varies based on the specific companies or customers—whether it is NASA, the commercial sector or the Defense Department—Patrick has different data streams and services to manage on the range.

“From a range perspective, what we’re usually doing is looking at our interfaces,” Gen. Purdy states. “We have quite a few folks managing the up status/down status of weather systems, radar, telemetry, command/destruct. Those are kind of classic range pieces that we are managing. It’s not necessarily the rocket itself. A different group of people manage that, but we get that data fed to us, so we are monitoring the beeps and squeaks of the rocket and how they’re doing, how much fuel they are using. And it’s also not the satellite or the payload, which sometimes the payload is people. There is a different group of people that are monitoring the status of that and we get that information as well. We’re on common phone circuitry so we can all talk to each other on different channels. And from a range perspective, we are managing the site, managing the location and managing the status of the skies from an air perspective, working with the FAA [Federal Aviation Administration] and managing sea activity. We are making sure our boxes are cleared out, and we feed that to the launch lead. I, as the range lead, once [I’ve seen] the range is clear to go, it goes over to the owner of the rocket and the payload to make sure that they’re ready to go and then we go into our countdown process.”

In the future, the base will have all sorts of additional data streams, which will also need to be protected by zero-trust components, Gen. Purdy notes. “What’s the status of our cyber activity, our cyber defense stream, or what’s the status of counter-UAV [unmanned aerial vehicle] systems,” he says. “What’s the status of the base itself? What is the status of our electricity? What is the status of our operation center, all of those pieces. The modern tools that we are developing allow for all these additional streams to come in. So, it’s much more modular, plug-and-play than our current existing system, which is almost a sixties-ish era system.”

The officials had to set aside funds and personnel to participate in the zero trust pilot effort, and that is an opportunity cost, the general acknowledges. However, the possible payoffs from integrating zero-trust architecture into the launch-related mission systems far exceed any of those expenses.

He has assigned three people—a program manager, an engineer and a security expert—to lead their zero-trust effort, and they are supported by other Space Launch Delta 45 officials and various Air Force factions, including the ACC and the 16th Air Force.

So far, the initial beta testing they conducted this fall has been successful. “Zero trust is a really complex layering of all sorts of applications and aspects, and we’re trying this capability and then trying that capability, and adding in some more capabilities,” Gen. Purdy explains. “They managed to get from a personal, commercial device all the way into the system in a legal way, so proof-of-concept demonstrated, which is awesome. Now we’ll go through and get that in shape for real, making sure there’s no leaks. Making sure we didn’t allow anyone else in and trying different technologies and aspects. We’re cycling through all of that.”

They have tried out the zero-trust components during launches, also an initial success. “At one of the launches a few months ago...,” Gen. Purdy explains, “I was running the traditional system through our traditional pieces, and right next to me was our vice [president] of operations, running a really significant upgrade, our new system, with all sorts of new GUIs [graphics user interfaces], the interface screens, and all sorts of new data presentations. But I didn’t have any of that. It was completely a test run. And we had that whole thing in parallel running together. It worked really great. And zero trust can plug right into that, and allow us to run a main [operation] normally and then also in parallel, run in a test environment, to see how it works.”

In addition, the officials have discovered different segmentation approaches and how to set out data and applications when applying zero trust. “We already sent that [information] back to the ACC, and it’s been quite a value to them,” he shares.

Space Launch Delta 45 is adding its zero-trust efforts on top of its key digital modernization efforts, which are supporting increased collaboration and improving communication tools, all in support of that groundbreaking flexibility that zero trust will enable. “We are slowly bringing them in and then broadening that within our greater launch community and then broadening that to our greater acquisition community,” the general adds. “Zero trust is a little bit like that. It’s an opportunity to operate within our own enclave, but we’ve got the great structures in place, we’ve got normal cyber communications squadron structures in place, normal ATO [authority to operate] structures, but we own the acquisition and the R&D[research and development], so we can easily move some pieces around without too much difficulty to try new things and work it.”

The facility is reliant on the Air Force for its infrastructure and IT, which also presents a unique aspect, Gen. Purdy mentions. “Digital is very important to us, but it is also interesting in that we are also dependent on the Air Force to upgrade the IT systems,” he says. “Now that’s from an administrative perspective. From a mission perspective, we do manage that ourselves. Our acquisition platform has systems and IT activities that we are handling on the mission side for our ground control systems and ground communications. And so, the ability to continually improve our IT systems is important.

When you get down to zero trust, in particular, the Air Force is pursuing it to improve their security posture and their flexibility. The Space Force immediately benefits from that.”

This article is SIGNAL Media's fifth piece in a series about the U.S. Air Force's significant expansion into zero-trust architecture. The first article, Air Force Greatly Widens the Aperture on Zero Trust, examines the Air Combat Command's 18-month plan to implement zero trust and its comprehensive view to employ the cybersecurity measure across its bases, weapon systems and missions. The second article, Zero Trust Is Key Enabler of Air Force’s Agile Combat Employment, looks at the service's first main use cases in applying zero trust to support Agile Combat Employment. The third article, Ensuring the Feasibility of Zero Trust, looks at how the 688th Cyberspace Wing is making sure that the operational and engineering aspects of missions and base operations mesh with zero trust. The fourth article, The 16th Air Force Enables Zero Trust considers how the two year-old Numbered Air Force is using zero trust as a core technology that supports their information warfare efforts.