I'd be very interested in the opinion of community members on the Cloud Constellation Corporation's SpaceBelt™ programme, which is building an independent, space-based (Low Earth Orbit) cloud storage network for enterprises and governments wishing to escape the political complexities, jurisdictional constraints and cybersecurity-related risks inherent in the architectures of terrestrially-based data-centres and associated infrastructures.
Any feedback on the 90 second long video would be very welcome.
DECLARATION: I am involved (at the time of writing) in a purely 'advisory' capacity. I do find the concept fascinating and personally I can see all sorts of implications from extra-terrestrially hosted crypto currencies, space-based Key Management systems, space-based HSMs, jurisdiction hopping cross-border data transfers....I'm sure you get the idea.
But what do other security professionals think?
I really look forward to your feedback (positive, neutral and/or negative)
Thanks
Ben WOODS
So, first of all, let me state up front that I'm not a lawyer. I don't even like them that much. However, the first thing that comes to mind regarding this is that trading various national regulations for the not-universally-recognized-and-probably-not-fully-litigated "space law" frontier, such as the moon treaty and what not, doesn't seem like it would really be "better" as opposed to "differently bad."
In terms of technology, I'm sure you're aware that space is a harsh, unforgiving environment fraught with peril and unique dangers. Few processors are sufficiently radiation hardened and certified for operating in space, usually older ones or very expensive, custom designed SoCs. Spacecraft must be designed with multiple redundant systems which are constantly error-checking each other's memory, using their own as parity. The classic BOFH line of "cosmic rays" being at fault are actually relevant. Sun spots, ion storms, atmospheric interference, etc. are all going to come into play and need to be accounted for. Data integrity is at stake in this case, so appropriate file system selection (such as ZFS), in addition to properly designed and tested redundant hardware is a must. Hopefully this operation actually has electrical and aerospace engineers who have been around the block.
From a security standpoint, I do think it could raise the bar for the types of attackers who could target the system. You're mostly dealing with nation states at that point, in terms of "Cyber," although let's just say that sniffing data from Iridium SATCOM is something anyone can do with stuff bought off of the internet (HackRF, I'm looking at you...). In terms of disaster planning though, you're asking for issues with at least the following, as far as I can see:
So, it is an interesting idea but it seems hoping for a speedy and effective Brexit might be the easier way to avoid GDPR 😉
Hey Badfilemagic
Many thanks for your comments
I too had initial reservations regarding several of the concerns you raise but the teams working on this project are indeed highly competent and experienced. I'm no expert on satellite technology so I am not really in a position to comment, but suffice it say a contract has already been signed with Virgin Orbit for a launch in Q1 2019.
In terms of data 'redundancy'/'resilience' the initial launch will feature 12 interconnected satellites (each satellite will always have of Line of Sight via laser to at least 2 other satellites at any one time) and, of course, the 'hosted' memory (we're talking multi-petabytes) & CPUs will have been fully tested tor the temperature extremes and radiation. If you're interested you can find out more about the patent here
Yes...space debris! Interesting one! Again...I'm not really in a position to comment but these are Low Earth Orbiting (LEOs) satellites (c. 500 km above the earth's surface) and I understand this is not a 'plane' of high risk for collision! And anyway...you could argue that any terrestrial data centre is equally, if not more, at risk from a meteor hit, or perhaps even a plane crash!
Being a Brit by the way, I really like your comment about Brexit. Would you, however, believe that the rough price for these 12 satellites in orbit is circa $500 million...all in, for the full dozen!? Last time I heard....Brexit was going to cost about £50 billion GBP in 'checking out fees' alone! Besides...I'm not sure escaping GDPR would be the primary motivating factor for 'renting' memory space on these satellites. Having said that...I have a 'gut feeling' that the extra-jurisdictional status of the data hosted in these interlinked satellites is where the real value lies!
Thank you again for your input...really interesting. Especially pleased you didn't simply dismiss the idea as 'fantasy'!
Ben
Hi Radar
Only feedback has been from Badfilemagic.
I have, however, posted similar questions on LinkedIN and had a fair amount of feedback. Most is very positive with people saying what a great idea it is. But the recurring negative is the susceptibility of Low Earth Orbit satellites to space debris
I'm currently doing some research to address this and will update this discussion (and those on LinkedIN) when I have collated the relevant information
Is there anything specific you wanted to ask, Radar?
Ben
Interested to hear what other Community members think about this ...
Sounds like a very fascinating idea ... but is this actually going to happen? Is it a vendor product, or more conceptual? Just want to make sure the discussion and feedback is more focused on the technology and that it's not advertising 🙂
Hi Katy
This isn't intended as advertising...I'm genuinely interested in the Community's feedback for what is effectively a completely new idea? There are no competitors...nobody has ever done it before...it is essentially a completely new concept to the word of information security and data privacy/protection
But yes...to answer your question...there are plans for it to happen. Whether it will or not is another matter but, as things stand, the launch of the first dozen satellites is currently set for the first quarter of 2020!
Would it help if I were to avoid referring to any company names?
Please let me know if there's anything else I can do in order to be able to keep the discussion 'open'?
Many thanks
Ben
Understood KaityEagle!