Abstract: 

During 2024 the NRO through its vendors SpaceX and Northrup Grumman, launched more than 100 satellites. This was more satellites than in the entire history of the NRO in one year.

The NRO has gone through a paradigm shift over the past two years. The old days of a multiyear satellite development that cost a billion dollars are gone. The new way is to build fast, to be agile in every way, including cybersecurity and risk management, and to quickly launch reconnaissance satellites into a multi-capable proliferated constellation. Over the last 10 years common IT made the leap to Space vehicle, satellite bus, and all communications in between. This means the same vulnerabilities could exist on satellites that exist on ground systems.

This talk will focus on how the NRO and its vendors adapted to the paradigm shift and how teams worked together to use commercial capabilities, security best practices, and the NIST Risk Management Framework to deliver this critical constellation. Today, more than 100 new satellites are in orbit is proof that it’s working.

Many factors went into making this agile transformation. Lance will discuss these including lessons learned and how it is to work with a very innovative forward leaning vendor.   

LEARNING POINTS: Lance will provide several examples of how to adapt risk methodologies to a satellite environment and how teaming between government and vendors worked to buy down risk.

PROFILE: Lance Dubsky is the CSO for Quintillion Subsea Operations LLC., and has served as a CISO in the public sector (Meggitt PLC) and private sector (NRO/NGA), protecting and defending intelligence, aerospace engineering, data storage and REIT.  Lance was FireEye’s Chief Security Strategist and is a veteran of the U.S. Air Force. As a cyber leader he frequently discusses cyber challenges, vulnerabilities and threat intelligence with executive leadership. One critical challenge is to determine how much cyber intelligence is enough and when you have it, what do you do with it.