The latest generation OrbitSecure software module re-written in the memory safe programming language Rust has been successfully demonstrated aboard the International Space Station (ISS) with protocol design formally proven via the Alloy specification language. This demonstrates key modern cybersecurity requirements called for by the White House Office of the National Cyber Director in a report published last February.
"This successful demonstration positions SpiderOak at the forefront of the coming cyber-safe tidal wave of products and services."
Dave Pearah, SpiderOak
OrbitSecure is a zero trust software-only solution designed by SpiderOak to operate in extreme edge environments such as space securing information flow across disconnected, low-bandwidth, unsecure network conditions beyond the frontier of traditional cloud services. Working with strategic partner Axiom Space, SpiderOak executed validation testing on July 1, proving efficacy and formally verifying Rust enabled data security capabilities in orbit. This latest test comes less than a year after the successful demonstration of OrbitSecure done in partnership with Axiom Space on the ISS in 2023.
Memory safe programming languages like Rust have been identified in the government's National Cybersecurity Strategy as a key security building block in creating software systems that are secure by design. It is estimated that memory safety bugs are responsible for up to 70% of security issues in code written in memory unsafe languages, and evidence shows memory safety vulnerabilities are nearly eliminated when large code bases are migrated to a memory safe language. Rust is a modern, memory-safe system featuring runtime and performance characteristics well-suited to the demands of spaceflight control systems.
In addition to Rust, OrbitSecure employs formal protocol validation written in the Alloy specification language to provide vastly greater assurance that OrbitSecure's protocol performs exactly as designed across the network, eliminating entire categories of vulnerabilities.
"This successful demonstration positions SpiderOak at the forefront of the coming cyber-safe tidal wave of products and services that will provide the backbone to the burgeoning space economy," said SpiderOak CEO Dave Pearah. "We are excited by both the successful demonstration of our next generation memory safe OrbitSecure software on the ISS, and that our security philosophy is aligned with how our nation's leadership thinks about 21st century space cybersecurity."
"SpiderOak is a great example of a company stepping up to rebalance the responsibility for cybersecurity from users to developers. When we spoke with the White House about their plan to increase developer use of memory safe programming languages, we couldn't think of a better test than to put it into orbit," said Tom Patterson, Quantum and Space Security lead at Accenture. "After investing in SpiderOak in 2023, we continue to collaborate, using critical secure-by-design principles in order to launch cyber into space for our clients."
This next level cyber secure design and assurance, once the sole domain of complex service engagements or custom software, is available to the mass market in a commercially available software package.