Satellite Data: Danger in orbit.

With more data going through satellites it will become a larger priority to protect that data. Satellites are becoming more and more involved with our daily lives. As our dependance on these increase, with companies like StarLink starting to provide direct internet service to customers, so too does the risk. Satellites are the most at risk they have ever been and are often completely unsecured from modern cyber attacks.

As recently as 2023 researchers out of Ruhr University in Germany have determined that most infrastructure satellites lack any modern protections. Going so far to say that even they could exploit them and that ransomware attacks on satellites are distinctly possible. Not to mention the fact even measures present in the early 2000s were lacking on many tested satellites.

So why is this important, well on top of the large amount of Internet providing Satellites, the larger ones in use for GPS and those which power the international trade connections are able to be targeted. It is still difficult to hack them without access to a ground station, but intercepting their signals or denying service can cost millions of dollars quickly.

This particular trend in cyber threat to orbital assets is on the rise, and so far only has a limited impact of the average consumer so far. Most impact is hitting large companies but as time rolls on the impact will only increase and its definitely something you should be aware of.

Dev-ops: A revolution in the design process

The newest trend in technical development and software engineering. This trend is being heralded by the biggest names in tech, like Amazon, Google and Microsoft, as the new way to operate.

So what is it? Well, traditional IT structure usually splits the Development (Dev) teams and Operations (Ops) teams into distinct departments with their own leadership and directions. This was done for a number a small reasons, like different success metrics and responsibilities; however it has now proved to be a bit slow and outdated. DevOps combines these two into a single team.

This allows for cooperation and communication between the groups. The best part about that is, now, the people charged with running the network during normal business operations can work with the developers. Normally, Ops has no real influence on how their system gets made or products are developed. So DevOps is a real shift in how companies operate. It may not seem like a big deal, but I imagine the Ops team is loving the change. With the ability to ask for or veto features they end up getting a product that actually is user friendly.

This previous culture shift in tech development was called Agile. Agile focuses on making small incremental, well-tested changes to products while also being able to handle change and incorporate customer feedback. DevOps builds on those Agile principles, aiming to maintain those strengths while combining the Dev and Ops teams. This integration allows for quicker communication, feedback, and ultimately positive changes for users and customers.

Zero Trust Architecture: Always on the lookout.

Cyber Threats are skyrocketing, companies have to respond. The solution seems to be, trust no one. Zero trust is a security model that is summed up well by the phrase: trust no one, and always verify.

Most networks have operated along a defense in depth strategy, and while each of these can take many forms the basic principle are the same. Starting with n outer perimeter where verification takes place, similar to a security checkpoint. Then a DMZ which tries to protect the internal local network from outsize traffic. This is then followed by a trusted zone for the organizations user and a privileged zone for admins.

The issue is that now, with threats becoming so advanced and hackers adept at tricking users, having a trusted zone at all is a big risk. If threats manage to break in from the outside or steal employee credentials through social engineering, they can gain access to a section of the network that is very hard to defend.

This is where zero trust Architecture comes into play. Redesigning the network to allow for no trusted zones at all means this security gap is gone. This also means that every connection and action a user or employee takes is constantly verified. Its like having a security checkpoint at every door, and even if you get through one door you are still checked at every other door.

Now this has some drawbacks. It is complicated to implement and can be expensive and difficult to manage if done wrong. It also limits access, causes increased latency on the network and complex credential processes. So all in all its a lot more annoying to work on these systems as the average employee. Sadly though with data breaches happening basically every day… they really don’t have any choice. It wont make me feel any better about my work computer taking 10 minutes to log me on though.