Feature Assuming the weather and engineering gods cooperate, a US government-funded satellite dubbed Moonlighter will launch at 1235 EDT (1635 UTC) on Saturday, hitching a ride on a SpaceX rocket before being releasing into Earth’s orbit.

And in roughly two months, five teams of DEF CON hackers will do their best to successfully remotely infiltrate and hijack the satellite while it’s in space. The idea being to try out offensive and defensive techniques and methods on actual in-orbit hardware and software, which we imagine could help improve our space systems.

Moonlighter, dubbed “the world’s first and only hacking sandbox in space,” is a mid-size 3U cubesat [PDF] with a mass of about 5kg. Stowed, it is 34 cm x 11 cm x 11cm in size, and when fully deployed with its solar panels out, it measures 50 cm x 34 cm x 11 cm.

It was built by The Aerospace Corporation, a federally funded research and development center in southern California, in partnership with the US Space Systems Command and the Air Force Research Laboratory. It will run software developed by infosec and aerospace engineers to support in-orbit cybersecurity training and exercises.

This effort was inspired by the Hack-A-Sat contest co-hosted by the US Air Force and Space Force, now in its fourth year at the annual DEF CON computer security conference. 

The goal of Moonlighter was to move offensive and defensive cyber-exercises for space systems out of an on-Earth lab setting and into low Earth orbit, according to project leader Aaron Myrick of Aerospace Corp. Not only that, but the satellite needs to be able to handle multiple teams competing to seize control of its software without losing or damaging the whole thing and ruining the project. Thus, an onboard sandbox approach was taken.

“If you’re doing a hacking competition, or any sort of cyber activity or exercise with a live vehicle, it’s difficult because you’re potentially putting that vehicle’s mission at risk,” Myrick told The Register. 

“And that’s not a good option when you’ve spent a lot of engineering hours and a lot of money to get this launched. So we said if we want to do this right, we have to build this from the ground up.”

Sending to outer space … The Moonlighter satellite. Click to enlarge. Credit: The Aerospace Corporation

To this end, the small satellite runs a software payload that behaves like a real flight computer, which can — hopefully! — to be subjected to multiple, realistic attacks and commandeered without underlying critical subsystems being affected.

“This allows cyber experiments to be repeatable, realistic, and secure, while maintaining the health and safety of the satellite,” as Aerospace Corp put it.

Moonlighter’s first test will come in August when it will be part of the Hack-A-Sat 4 competition in Las Vegas. Five teams qualified for the contest’s final at DEF CON, during which they’ll get a crack at the bird.

This year’s annual competition will thus be the first time conference hackers get to test their skills against a live, in-orbit satellite. The top three teams will win a monetary price: $50,000 for first place, $30,000 for second, and $20,000 for third. 

Space Jam

James Pavur, lead cybersecurity software engineer at Istari, participated in the three earlier Hack-A-Sat competitions, and gave a talk on radio frequency attacks in outer space at last year’s DEF CON. 

He describes himself as a “passionate security researcher” when it comes to poking holes in satellites, and did his PhD thesis at Oxford on securing these kinds of systems. You also might remember him from his exploitation of GDPR requests.

Pavur participated in the qualification round for this year’s satellite hacking competition, though didn’t make it to the finals. 

The qualification round included “wicked-hard astrodynamics problems related to overall mechanics and positioning, figuring out where objects in space will be, and where they are going,” he told The Register. “It’s a lot of really deep mathematics on the physics side of things, and it requires a lot of expertise in embedded systems and reverse engineering.”

Space systems … are always under a degree of environmental attack that we’re not really accustomed to

There are a couple of things that make securing space systems unique, he explained.

“The most obvious is you can’t just go up there and reboot them,” he said. “So your risk tolerance is very low for losing access to communications to the device.”

Because of this, space systems are built in a risk-averse way, and employ redundancy to provide multiple communication pathways to recover a system if it fails, or to debug equipment that’s malfunctioning.

These pathways, however, also give miscreants more opportunities to gain access to, and ultimately compromise, a satellite. “They can all become attack surfaces that an attacker might target,” Pavur said.

Priorities

“The other big thing that makes space systems different is that they’re always under a degree of environmental attack that we’re not really accustomed to,” he added.

This includes physical threats, such as solar radiation, extreme temperatures, and orbital debris.

“So when people build space systems, and they’re deciding which risks to prioritize, they’ll often treat cybersecurity as a lesser risk against the absolutely certain aggressive environmental harms,” Pavur explained.

“They’ll make choices around costs and priorities that deprioritize cybersecurity concerns and elevate physical concerns.”

That’s not always a bad choice, he added, it’s just not a choice we typically have to make with ground-based networks and nodes. And it’s one of the reasons why space systems have struggled to keep up, cybersecurity wise, with their Earthly counterparts.

Then there’s the growing commercialization of the aerospace industry, coupled with hardware and software used in space becoming increasingly commoditized and mass manufactured, not unlike the tech used in ground-based systems.

“The bar is being lowered for entry to space,” Myrick said. 

“And that’s both for people that are trying to put things there but also for people that are willing and able to make other people have a bad day,” he continued, using last year’s Viasat debacle as an example of “a pretty destructive event that made people have a very bad day.”

“With Moonlighter, we’re trying to get in front of the problem, before it is a problem.”

Space security is national security

To be clear, Russia’s cyberattack on Viasat’s Ukrainian satellite broadband system — which knocked out service for tens of thousands across Europe as Putin’s army invaded its neighboring county — began with an intrusion into the company’s satellite ground infrastructure.

“But they used the satellite network to deploy, which is important,” Myrick said. “It highlighted the issue, and made it so it’s not theoretical.”

For many, both in government and the private sector, the Viasat security breach moved the issue of cybersecurity in space away from the stuff of sci-fi novels and into reality. 

“We are all aware that the first ‘shot’ in the current Ukraine conflict was a cyberattack against a US space company,” acting US National Cyber Director Kemba Walden told reporters at the RSA Conference in April, en route to the White House’s first space industry cybersecurity workshop.

Defending space systems against threats remains “urgent and requires high-level attention,” Walden said.

Space geeks and hackers

Still, the space industry hasn’t been the most welcoming of security researchers, even ethical hackers looking to find and disclose bugs before the baddies exploit them.

Pavur said he hopes Moonlighter will encourage more “acceptance of offensive security research,” in the aerospace industry. This could include companies offering bug bounties, hosting hacking competitions, or hiring penetration testers to stress test their systems.

“Hopefully a project like Moonlighter will get the industry thinking about ways they could apply the fact that space is really cool and fun, and that hackers are interested in it,” he said. “There are lots of incredibly talented security people who would like to make the space world more secure.” ®

Moonlighter is set to launch Saturday from the Kennedy Space Center in Florida on a SpaceX Falcon 9 rocket carrying supplies and equipment to the International Space Station. A live-stream of the lift-off should appear here.

Things like family leave, flexible working and promoting a culture of understanding are simple ways employers can support carers and parents.

Caring for dependents is a large part of the reason why many people work – they want to provide for their families. Nowadays more and more employers are cottoning on to this fact and they are providing benefits and supports for working parents, guardians and carers.

For example, in 2021, Pinterest announced it would be introducing minimum of 20 weeks’ parental leave, where before it offered 12 weeks. It also said it was adding paid leave for pregnancy loss, as well as IVF and egg freezing benefits.

The same year, fashion tech company Rent The Runway also said it would offer 20 weeks’ paid leave for all new parents.

And, more recently, Vodafone Ireland introduced new benefits including leave for pregnancy loss, fertility treatment and surrogacy. It consulted experts at Rotunda Hospital in Dublin to inform these new policy decisions, which were introduced last year.

‘If a company can be flexible, their employees tend to be happy to give back’
^{– AISHLING GOULDEN}

SiliconRepublic.com asked some companies about what kind of benefits they provide to workers with families and dependents.

Katie Banks, VP of global people and workplace at Nitro talked us through the company’s family policy, which it introduced last year.

All employees, not just birthing parents

It was designed for all employees, not just birthing parents, she said. It includes “flexible leave and fertility benefits for individuals undergoing fertility treatments, pursuing alternative paths to parenthood (such as adoption and surrogacy), or experiencing pregnancy loss at any stage”.

To further support family planning, Nitro partnered with an organisation called Maven to offer fertility treatment and related benefits to staff. The programme comes with a $500 stipend for baby bonding activities, such as lactation consultants and parenting classes.

KPMG’s inclusion and diversity manager Bethany Cotter said the company offers much the same perks as some of the companies already mentioned, including leave for maternity, paternity, adoptive, fertility, surrogacy, pregnancy loss and carer’s support.

It’s not just leave companies can offer though. Cotter said KPMG partners with an organisation called Talking Talent that provides maternity and paternity coaching. It also works with Platform 55 which runs on demand webinars on family-related topics.

And PwC has a similar type of scheme added on to its leave benefits, which it calls the “parents and carers pillar”. This is an employee-led programme which provides a support community to working parents and carers.

Really, the best way that workplaces can support parents and carers is to be understanding of people.

An understanding culture

Orla O’Neill of PwC’s people experience team described it as “an inclusive culture” that also treats staff like adults and trusts them to do their best work.

Life gets in the way sometimes, and everyone from CEOs to junior staff members should know that. Tolerance and compassion and good, solid ‘people-first’ values are beneficial for everyone when it comes to working – and that often has productivity advantages too.

As Aishling Goulden, head of HR at Viatris Ireland, pointed out, “if a company can be flexible, their employees tend to be happy to give back”.

For Viatris, the benefits that every employee in Ireland has access to include private healthcare for employees and their families, fully paid maternity leave for six months, career breaks, phased return-to-work schemes following extended leave, wellness programmes and fully supported educational assistance to upskill.

“We understand that outside of work our employees have many things to balance, whether it’s child-care, adult-care or self-care so being as flexible as possible with our employees is vital,” Goulden said.

Lorna Dunne, HR business partner at Henkel, agreed with Goulden’s point about culture, adding that Henkel has a “strong entrepreneurial spirit” that rewards as well as challenges employees. “We have created a supportive environment that caters to the needs of parents and families. Through a range of benefits and perks, we are committed to promoting work-life balance.”

Like the other companies featured in this article, these benefits and perks include fully paid maternity and paternity leave and the freedom for workers to design their own parental leave options.

Flexible working

Flexible and hybrid working is, of course, another way companies can support parents and carers. People with young children sometimes need just as much flexibility and understanding as new parents do.

According to Cotter, KPMG provides emergency childcare cover, which offers parents and guardians three days back-up childcare when their regular care arrangements fall through.

Not everyone likes to work at home with their kids, but for many the pandemic-induced switch to remote and hybrid working models was a godsend allowing them to spend more time with their families and get more work done.

Thankfully, a lot of employers realise this and they seem to be incorporating flexible working into their perks parental packages.

“We understand that parenting demands require adaptable work arrangements, which is why we offer flexible working options,” said Dunne from Henkel.

John Conneely, Dublin-based product manager with Personio, is one of thousands of parents who has juggled welcoming a new baby with work responsibilities. He explained that when he did his interview for the job he was concerned the fact he was becoming a parent soon might harm his chances.

“When I joined Personio, we already knew that we had a baby on the way. And even though I had mentioned this to my recruiter, I was still a little worried about letting my manager know.”

But, he said his manager was “excited and supportive”.

“We got right down to discussing the best options for me to take my parental leave so I could support my partner and child in those key first months of life. This people-centred approach has provided me with the flexibility I need to support my family whilst maintaining and progressing in my career.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Microsoft on Friday disclosed it will drop support for Cortana as a standalone app in Windows 10 and 11.

In a note to users, the IT giant said this doesn’t mean the voice-controlled digital assistant is going away completely, and will still be found in some other Redmond products – just not in Windows 10 and 11 as a standalone application.

“This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms,” the biz explained.

This isn’t a surprise at all, in a way, because Microsoft has been cramming Copilot-branded AI-powered functionality into every corner of its empire lately. With Cortana, you can open its app and tell it to run programs, find information, update your calendar… all things that these incoming AI features should be able to handle, making the Smurfette-blue digital assistant a little redundant.

“We know that this change may affect some of the ways you work in Windows,” Microsoft continued, “so we want to help you transition smoothly to the new options. Instead of clicking the Cortana icon and launching the app to begin using voice, now you can use voice and satisfy your productivity needs through different tools.”

And those tools are: voice-controlled functionality in Windows 11; the updated Bing search engine with its interactive chat-based interface for looking up info; all that Copilot stuff in Microsoft 365, allowing users to create and edit documents among other things using natural-language instructions; and most importantly Windows Copilot, a chat-based interface for controlling the OS and applications.

As we said, all of which makes the Cortana app redundant and ripe for replacement as Microsoft injects OpenAI’s GPT family of large language models into its products.

We’re told the standalone app support will be ditched in the latter end of this year. Cortana as a personal assistant arrived in 2014 as an answer to Apple’s voice-controlled Siri and Google’s Google Now, having been plucked from the Halo video game franchise.

Cortana fired and ads hired?

Early last month, Twitter user Albacore, perhaps a persistent pain in Microsoft’s side, reported that Redmond was toying with putting in-house ads in Windows 11’s Settings panel – and shared screenshots of test builds featuring those very pitches for Microsoft 365 and storage products in the UI.

And now, as documented by GHacks on Friday, some users who go to the Windows 11 Get Help app will see an in-house ad for the software giant’s Teams Essentials collaboration suite.

I came here for help, not a sales pitch … Screenshot of Windows 11. Hat tip: Ghacks

The Get Help support tool is there to help users who are having problems with or questions about the operating system, such as setting up a scanner or fixing Ethernet connections. At the top of the Get Help app interface – above the heading “We’re here to help” – is the sentence: “Increase productivity and collaboration all while staying organized, using a new meeting solution designed for small businesses.”

Clicking on the “Learn more” link brings the user to the Microsoft Teams Essentials webpage. ($4 per user per month!) Users can thankfully close the ad.

Again, we’re not surprised by this development. Redmond has for months been spamming its own banners and promos here and there throughout Windows in hopes of getting more people to subscribe to Microsoft 365 or sign up for various products and services.

In March 2022 it began testing ads in File Explorer, and there were reports eight months later that they could begin showing up in the Windows 11 sign-out menu. In April this year, there was talk from Microsoft of more ads coming to the Start Menu.

In addition, Microsoft in April updated its Weather app to show ads – as well as the MSN news feed – but removed most of that a month later after users revolted.

Reports in early May based on Albacore’s tweet about ads coming to the Settings page drew similar derision.

“It’s sad and hilarious at the same time,” one netizen opined. “The Settings app is what, 10 years old at this point? It STILL is an incoherent mess that barely replaces the good old Control Panel. Shoving ads in there just shows where their priorities are.”

Another user wondered whether Microsoft, which has invested billions of dollars in OpenAI to integrate the upstart’s GPT technologies into its ecosystem, would use this AI muscle to pick and display third-party ads in the operating system.

“Are GPTs going to devolve into the used car salesman of the tech world?” they asked. “I am sure [Amazon’s] Alexa and Google and others are in the same opportunity position.”

Users may not like the ads, but don’t expect Microsoft to pull them if they help bring in more money.

Microsoft declined to comment.