Paper Modelsempty Spaces The Blog

by



Within any grading environment, the same knobs and tools will have different effects depending on the color space you’re operating in. Under the hood, every knob and tool is driven by simple math, and as a result their behavior is subject to the influence of any math that precedes and follows them—including the math used to transform color spaces. Paper(less) Space 2020 is Deakin University’s School of Architecture and Built Environment’s annual student exhibition showcasing outstanding work from architecture, construction management, landscape architecture and planning students, at both an undergraduate and masters degree level to which it seems the future has come early this year.

  1. Paper Modelsempty Spaces The Blog Example
  2. Paper Modelsempty Spaces The Blog Ideas
  3. Paper Modelsempty Spaces The Blog Template
  4. Paper Modelsempty Spaces The Blog Examples
Paper Modelsempty Spaces The Blog

McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork, Ireland

The essence of Space 4.0 is the introduction of smaller, cheaper, faster-to-the-market satellites in low-earth-orbit into the value chain and the exploitation of the data they provide. Space research and communication prior to Space 4.0 was primarily focused on astronomy and limited to that of governments and large space agencies. As technology and society evolves to consume the “New Big Data” from space, Space 4.0 looks set to become the next battleground in the defense against cybercriminals. Space 4.0 data can range from earth observation sensing to location tracking information and applied across many vertical uses cases discussed later in this blog. In the era of Space 4.0 the evolution of the space sector is rapidly changing with a lower cost of launching, combined with public and private partnerships that open a whole new dimension of connectivity. We are already struggling to secure our data on earth, we must now understand and secure how our data will travel through space constellations and be stored in cloud data centers on earth and in space.

Low Earth Orbit (LEO) satellites are popular for scientific usage but how secure are they? The Internet of Things (IoT) introduced a myriad of insecure devices onto the Internet due to the low cost of processors and high-speed connectivity, but the speed in its adoption resulted in a large fragmentation of insecure hardware and software across business verticals.

Space 4.0 is now on course for a similar rapid adoption with nanosats as we prepare to see a mass deployment of cheap satellites into LEO. These small satellites are being used across government, academic and commercial sectors for different use cases that require complex payloads and processing. Many nanosats can coexist on a single satellite. This means that the same satellite backbone circuit infrastructure can be shared, reducing build and launch costs and making space data more accessible.

To date, satellites have typically been relay type devices repeating signals to and from different locations on earth in regions with poor internet connectivity, but that is all set to change with a mass deployment of smarter satellite devices using inter-satellite links (ISL) in constellations like Starlink which aim to provide full high speed broadband global coverage. As the Space 4.0 sector is moving from private and government sectors to general availability, this makes satellites more accessible from a cost perspective, which will attract threat actors other than nation states, such as cyber criminals. Space 4.0 also brings with it new service delivery models such as Ground Station as a Service (GSaaS) with AWS and Azure Orbital and Satellite as a Service (SataaS). With the introduction of these, the satellite will become another device connecting to the cloud.

In our research we analyze the ecosystem to understand the latest developments and threats in relation to cybersecurity in space and whether we are ready to embrace Space 4.0 securely.

Space 4.0 Evolution

What is the Industrial 4th Revolution? The original industrial revolution started with the invention of steam engines then electricity, computers and communication technology. Industry 4.0 is about creating a diverse, safe, healthy, just world with clean air, water, soil and energy, as well as finding a way to pave the path for the innovations of tomorrow.

The first space era, or Space 1.0, was the study of astronomy, followed by the Apollo moon landings and then the inception of the International Space Station (ISS). Space 4.0 is analogous to Industry 4.0, which is considered as the unfolding fourth industrial revolution of manufacturing and services. Traditionally, access to space has been the domain of governments and large space agencies (such as NASA or the European Space Agency) due to the large costs involved in the development, deployment and operation of satellites. In recent years, a new approach to using space for commercial, economic and societal good has been driven by private enterprises in what is termed New Space. When combined with the more traditional approach to space activity, the term “Space 4.0” is used. Space 4.0 is applicable across a wide range of vertical domains, including but not limited to:

  • Ubiquitous broadband
  • Autonomous vehicles
  • Earth observation
  • Disaster mitigation/relief
  • Human spaceflight
  • Exploration

Cyber Threat Landscape Review

The Cyber Threat Landscape has evolved greatly over the past 20 years with the convergence of Information Technology (IT), Operational Technology (OT) and IoT. Protecting consumers, enterprises and critical infrastructure with the rapid parallel innovation of technology and cybercriminals is a constant challenge. While technology and attacks evolve rapidly the cybercriminal motive remains a constant; make money and maximize profit by exploiting a combination of users and technology.

Cybercriminals have much more capabilities now than they did 10 years ago due to the rise of Cybercrime as a Service (CaaS). Once an exploit for a vulnerability has been developed, it can then be weaponized into an exploit kit or ransomware worm, such as WannaCry. Cybercriminals will follow the path of least resistance to achieve their goal of making money.

Nearly every device class across the business verticals, ranging from medical devices to space Very-small-aperture terminals (VSAT), have been hacked by security researchers, as evident from Blackhat and Defcon trends.

From a technology stack perspective (hardware and software) there have been vulnerabilities discovered and exploits developed across all layers where we seek to establish some form of trustworthiness when connected to the internet; browsers, operating systems, protocols, hypervisors, enclaves, cryptographic implementations, system on chips (SoC) and processors.

Not all these vulnerabilities and exploits become weaponized by cybercriminals, but it does highlight the fact that the potential exists. Some notable weaponized exploits are:

Some recent major industry vulnerabilities were: BlueKeep (Windows RDP Protocol), SMBGhost (Windows SMB Protocol), Ripple20 (Treck embedded TCP/IP library), Urgent 11 (VxWorks TCP/IP library), Heartbleed (OpenSSL library), Cloudbleed (Cloudflare), Curveball (Microsoft Crypto API), Meltdown and Spectre (Processor side channels).

Spaces

Cybercriminals will adapt quickly to maximize their profit as we saw with the COVID-19 pandemic and the mass remote workforce. They will quickly understand the operating environment changes and how they can reach their goals by exploiting users and technology, whichever is the weakest link. The easiest entry point into an organization will be through identity theft or weak passwords being used in remote access protocols such as RDP.

Cybercriminals moved to the Dark Web to hide identity and physical location of servers or using bullet-proof providers to host their infrastructure. What if these services are hosted in space? Who is the legal entity and who is responsible?

McAfee Enterprise Supernova Cloud analysis reports that:

  • Nearly one in 10 files shared in the cloud with sensitive data have public access, an increase of 111% year over year
  • One in four companies have had their sensitive data downloaded from the cloud to an unmanaged personal device, where they cannot see or control what happens to the data
  • 91% of cloud services do not encrypt data at rest
  • Less than 1% of cloud services allow encryption with customer-managed keys

The transition to the cloud, when done securely, is the right business decision. However, when not done securely it can leave your services and data/data lakes accessible to the public through misconfigurations (shared responsibility model), insecure APIs, and identity and access management issues. Attackers will always go for the low hanging fruit such as open AWS buckets and credentials through vendors in the supply chain.

One of the key initiatives, and now industry benchmark, is the MITRE ATT&CK framework which enumerates the TTPs from real word incidents across Enterprise (Endpoint and Cloud), Mobile and ICS. This framework has proved to be very valuable in enabling organizations to understand adversary TTPs and the corresponding protect, detect and response controls required in their overall defense security architecture. We may well see a version of MITRE ATT&CK evolve for Space 4.0.

Space Cyber Threat Landscape Review

Threat actors know no boundaries as we have seen criminals move from traditional crime to cybercrime using whatever means necessary to make money. Likewise, technology communication traverses many boundaries across land, air, sea and space. With the reduced costs to entry and the commercial opportunities with Space 4.0 big data, we expect to see cybercriminals innovating within this huge growth area. The Cyber Threat Landscape can be divided into vulnerabilities discovered by security researchers and actual attacks reported in the wild. This allows us to understand the technologies within the space ecosystem that are known to contain vulnerabilities and what capabilities threat actors have and are using in the wild.

Vulnerabilities discovered to date have been within VSAT terminal systems and intercepting communications. There have been no vulnerabilities disclosed on actual satellites from figure 1 below.

Figure 1 – Security Researcher space vulnerability disclosures

To date, satellites have mostly been controlled by governments and the military so little information is available as to whether an actual satellite has been hacked. We do expect to see that change with Space 4.0 as these satellites will be more accessible from a hardware and software perspective to do security analysis. Figure 2 below highlights reported attacks in the wild

Figure 2 – Reported Attacks in the Wild

In McAfee’s recent threat research, “Operation North Star”, we observed an increase in malicious cyber activity targeting the Aerospace and Defense industry. The objective of these campaigns was to gather information on specific programs and technologies.

Since the introduction of the cloud, it appears everything has become a device that interacts with a service. Even cybercriminals have been adapting to the service model. Space 4.0 is no different as we start to see the adoption of the Ground Station as a Service (GSaaS) and Satellite as a Service (SataaS) models per figure 3 below. These services are opening in the space sector due to the acceleration of vendors into Space 4.0 to help keep their costs down. Like any new ecosystem this will bring new attack surfaces and challenges which we will discuss in the Threat Modelling section.

Paper Modelsempty Spaces The Blog

Figure 3 – New Devices and Services for Space 4.0


So, with the introduction of cheap satellites using commercial off-the-shelf (COTS) components and new cloud services is it just a matter of time before we see mass satellite attacks and compromise?

Space 4.0 Data Value

The global space industry grew at an average rate of 6.7% per year between 2005 and 2017 and is projected to rise from its current value of $350 billion to $1.3 trillion per annum by 2030. This rise is driven by new technologies and business models which have increased the number of stakeholders and the application domains which they service in a cost-effective way. The associated increase in data volume and complexity has, among other developments, resulted in increasing concerns over the security and integrity of data transfer and storage between satellites, and between ground stations and satellites.

The McAfee Supernova report shows that data is exploding out of enterprises and into the cloud. We are now going to see the same explosion from Space 4.0 to the cloud as vendors race to innovate and monetize data from low cost satellites in LEO.

According to Microsoft the processing of data collected from space at cloud-scale to observe the Earth will be “instrumental in helping address global challenges such as climate change and furthering of scientific discovery and innovation”. The value of data from space must be viewed from the perspective of the public and private vendors who produce and consume such data. Now that satellite launch costs have reduced, producing this data becomes more accessible to commercial markets, so we are going to see much innovation in data analytics to improve our lives, safety and preservation of the earth. This data can be used to improve emergency response times to save lives, monitoring illegal trafficking, aviation tracking blind spots, government scientific research, academic research, improving supply chains and monitoring the earth’s evolution, such as climate change effects. Depending on the use case, this data may need to be confidential, may have privacy implications when tracking and may have substantial value in the context of new markets, innovation and state level research. It is very clear that data from space will have much value as new markets evolve, and cybercriminals will most certainly target that data with the intent to hold organizations to ransom or sell data/analytics innovation to competitors to avoid launch costs. Whatever the use case and value of the data traveling through space may be, we need to ensure that it moves securely by providing a trustworthy end to end ecosystem.

As we progress towards the sixth digital era, our society, lives and connectivity will become very dependent on off-planet data and technology in space, starting with SataaS.

In Part 2 we will discuss remote computers in Space, the Space 4.0 threat model and what we must do to secure Space 4.0 moving forward.

McAfee would like to thank Cork Institute of Technology (CIT) and their Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork, Ireland for their collaboration in our mission to securing Space 4.0.

paper models

This weekend, I made these paper models. They are made from PDF files that you print, cut, fold and glue together. The models are very well designed; cutting out all the parts is time-consuming, but it’s amazing that you can make something so realistic from a couple of sheets of paper!

You can now see my tutorial below with tips on how to cut and assemble models like these – as the instructions are all written in Japanese it helps to know them before you get started!

Tutorial: Cut & Fold Paper Models

This tutorial was originally published on my old papercraft site, Folding Trees.

If you look around on the internet, there are a multitude of printable cut-out-and-fold paper models available to download. They look amazing, but how easy are they to actually put together? How accurate do you have to be for them to look good? And, as a lot of them have instructions in Japanese, how easy is it to follow the instructions without understanding the text? In this tutorial, I’ll give you some hints and tips to make the process a bit easier!

My sample paper models are the Cape Penguin and Japanese Leaf Turtle models from the Konica Minolta Environmental Papercraft site. I like these models because they only use 2 sheets of paper each, and the animals are realistically designed. (For reference, the penguin is 6″ tall, and the turtle is 6″ long.) Check the end of this post for other paper model resources.

Paper modelsempty spaces the blog examples

Printing the patterns

The instructions on my models say to use paper of between 0.20 and 0.24mm thickness (that’s about twice the thickness of regular copy paper). I think thin cardstock would be the best choice, if you have it available, but I used the thickest copy paper I could find (marked 28lb) and it was fine. Also, please note that these Japanese PDF files are designed to print on A4 size paper. North Americans with letter-size paper: remember to set the PDF Page Scaling to Shrink to Printable Area. If you forget this, the top and bottom of each page will be missing from your printouts. Not that I would ever make a mistake like that (ahem).

Understanding the line markings

Before you start cutting, you should make sure you understand where to cut! Below, I have annotated the legend for the cutting lines on the patterns I used – the line markings may vary on different diagrams, but the Japanese text should be the same for each type of cut or fold, so you should be able to match them up using my legend:

The fine dotted lines are positioning lines for attaching the pieces later – do not fold or cut along these lines.

Cutting the pieces

Use a sharp craft/xacto knife and a self-healing mat (or some thick scrap cardboard to rest your work on) to cut along all the ‘cut’ lines for each piece. You do have to cut accurately for the piece to come together properly, so cut slowly and carefully. If you haven’t tried papercutting before, you can use a metal ruler along the line you want to cut to guide you. I did this for my first model, then braved freehand cutting, which is much faster. Blades of time for mac. The easiest way I have found to control the knife is to rotate the work so you make all your cuts in the same direction – from left to right (right-handers) or right to left (left-handers).

Folding

Refer back to the instructions to see where you need to fold the pieces. I recommend you score each line first – this makes it much easier to make your fold in the right place. To do this, use a blunt pointed tool (e.g. a bone folder or a darning needle) and a ruler to ‘draw’ along each line. You don’t need to press hard – you don’t want to cut into the paper, just dent it so it will naturally crease along that line when you fold the paper. I scored all the lines on the front side of the paper, and then mountain- or valley- folded each line as shown in the instructions.

Paper Modelsempty Spaces The Blog Example

Assembly

Paper modelsempty spaces the blog example

Once everything is cut and folded, it’s time for the fun part: assembling the model! The tabs are all numbered in the order you need to stick them down. Refer back to the diagrams in the instructions if you aren’t sure where to stick the tabs – it is not always obvious, but the instructions have diagrams with arrows showing where each tab should be stuck.

Paper Modelsempty Spaces The Blog Ideas

A note on adhesives: Don’t use a glue stick! It doesn’t grab the paper tightly enough, and your model won’t stay together. A general purpose white glue (I used Tacky Glue), applied sparingly to each tab, works very well. Apply glue to the first tab and position it. Hold the two layers of paper in place for a few seconds until the glue ‘grabs’ the paper and it stays in position when you release your pressure. Then apply glue to the next numbered tab, and repeat the process until all the tabs are glued down and the model is complete!

Conclusion

Paper Modelsempty Spaces The Blog Template

Making paper models is time-consuming and precise, but the end results can be quite amazing. Seeing your model come together at the end is worth all the effort of painstakingly cutting out all those pieces. Just take your time and enjoy the process 🙂

Paper Modelsempty Spaces The Blog Examples

Here are some of my favourite sites where you can find paper models to print and assemble:

  • Konica Minolta Environmental Papercraft (the models above are from this site)