Sift recently deployed on-premises (on-prem) to [COMPANY] to support its airgapped environment for critical, real-time operations. This post outlines what airgapped environments are, why they’re necessary, and how Sift’s on-prem deployments enable partners in national security or defense-adjacent operations.

[Content disclaimer: Content markings and redactions are stylistic and for fun. No sensitive material, classified or otherwise, is disclosed or involved in this writing. Sift’s relationship with this organization is public. Sift is CMMC2 and NIST-compliant.]

The stakes have never been higher

In a new age of great power competition, the race back to space has explicit national security implications. Just as Sputnik was an inflection point for the U.S. national security community during the Cold War, today’s hard-tech community faces  similar crossroads when reckoning with modern technology’s reliance on space. Unsurprisingly, the U.S. military has declared that access to and use of space is a core national security interest. Furthermore, the U.S. Space Force has identified ways that foreign actors such as China and Russia could threaten U.S. government and allied commercial satellites. The war between Russia and Ukraine has underlined how these space-based capabilities are essential to the modern battlefield. Broadband from commercial providers is essential in resisting a stronger conventional adversary. Satellite imagery pairs with drone footage and other intelligence to feed actionable intelligence to units in the field to exploit transient vulnerabilities. 

While seemingly remote to domestic commercial organizations, the risk of foreign intervention cannot be understated. At the start of Russia’s invasion of Ukraine in February 2022, Viasat, a private global communications company specializing in satellite communications, was the target of a cyber operation attributed to Russian state-sponsored actors. The hack compromised 5,800 Enercon wind turbines in Germany and impacted thousands of organizations throughout Europe.

While the attack targeted modems in ground stations on Earth and not satellites themselves, the risks are clear. Companies cannot compromise their security lest a bad actor is able to penetrate ground systems and take control of a satellite. Such a breach would not just represent data loss and a rogue satellite – this would pose an existential risk to the company and other satellites in vicinity, to say nothing of the pending government involvement.

Necessary security measures: airgapped environments

To manage these risks, a variety of security measures become necessary. One of these is the creation of “airgapped environments.” Airgapped environments are networks or systems that are isolated from any unsecured networks, such as the internet, to prevent unauthorized access and breaches. The “airgap” refers to the environment’s physical or logical separation that protects critical data from remote attacks or malware. But as a result of this separation, data needs to be moved in and out of the environment through a security process which is usually manual. Airgapping was once used primarily by government agencies to guard national secrets. But as the race back to space has increasingly expanded to include a growing number of private companies, space and satellite operators need to work in secure environments for national security, cybersecurity, compliance, and to win government business.

The challenge: more security, more problems

Of course, highly-secure systems come at a cost. Because an airgapped environment is inherently isolated from the internet and cloud services, there is no such thing as automatically updating or patching software. There’s no remote administration of the network, and even basic tasks like checking documentation or downloading a library becomes a time-intensive hassle. Instead, updating software involves networking work-arounds to securely jump the airgap. Even worse, it could require using storage devices like USBs or DVDs to physically move data through a tedious security process. This frequently leads to outdated software that lags weeks or months behind its non-airgapped counterparts and introduces the risk of human error. 

This challenge is exacerbated when there’s software outside of the airgapped environment that is able to perform analysis and deliver capabilities that you’d like to enjoy while inside the airgapped environment. No one likes to have to move in and out of the security threshold to juggle these workflows. On the altar of security, speed and collaboration have been sacrificed. Or has it?

The solution: Sift inside the airgap

To support [COMPANY]’s airgapped environment, Sift deployed on-prem. [COMPANY] already uses Sift outside of its airgapped environment on its test floor and production line. [COMPANY]’s ground software team uses Sift for hardware-in-the-loop (HITL) testing and greatly benefits from Sift’s ability to detect anomalies quickly and conduct speedy root-cause analysis. Seeing this, their flight software team wanted Sift’s capabilities inside the airgap for real-time, mission-critical operations.

Sift partnered closely with [COMPANY]’s engineers to stand up the on-prem development environment. While the deployment had its challenges, the collaboration ultimately equipped [COMPANY] to handle future Sift deployments in their mission environment independently. With this foundation [COMPANY] can now self-serve, spinning up Sift instances tailored to their operational and compliance needs, and supporting the rigorous security requirements needed to win government contracts.

Once deployed inside the airgap, Sift delivers far more than just enhanced security. [COMPANY]’s current data architecture routes data from their office to the cloud and then back. Sift being on-prem eliminates that loop and its latency. Their airgap also makes their TVAC testing more resilient against power and network outages. In the event of a power or network outage, any satellites undergoing testing in a TVAC would face significant risk due to pressure and temperature testing. Sift’s on-prem instance allows for continual observability of hardware assets, a crucial feature for the team. 

Within mission control, Sift’s Grafana plugin surfaces key performance indicators and enables operators and engineers to conduct real-time root-cause analysis during mission-critical operations. The on-prem setup also supports teams outside the airgap: a controlled, one-way data channel now allows essential satellite operations data to be shared securely and quickly across the organization for broader analysis.

Furthermore, [COMPANY] is able to build proprietary and custom tools on top of Sift in the airgapped environment to enable them to run mission controls during operations and review data in new ways that are tailored to their use-case. With an on-prem deployment, [COMPANY] gets to have its cake and eat it too: all of the security of an airgapped environment with the latest and greatest software.

Looking ahead

Instead of only helping [COMPANY]’s flight software team build the satellites while they’re on the ground, Sift is going to play a key role in supporting [COMPANY]’s ground software team during mission operations. With Sift’s observability platform on both sides of the airgap, [COMPANY]’s engineers will be able to leverage its capabilities regardless of their current working environment. 

Interested in learning more? We'd love to hear from you.