Becoming a Space Computer Hacker

Like most MIT alumni, Gregory Falco PhD ’18 does very cool things. Unlike many MIT alumni, he can’t talk about a lot of them. An assistant professor in Cornell University’s Sibley School of Mechanical and Aerospace Engineering, he works on space security, developing ways to safeguard US space systems from hacking, cyberattacks, and directed energy weapons. He’s also the director of Cornell’s Aerospace Adversary Lab, which works to develop new security paradigms for space systems.  

“Most of the work that we do, after it gets out of equation world, makes its way to operators and becomes highly classified,” he notes. Even parts of his MIT PhD research were labeled by NASA Jet Propulsion Laboratory (JPL) as too sensitive to be published. 

Back in the days of John Glenn and Neil Armstrong, NASA didn’t need to worry about cyberattacks, but in the 21st century, space security has become a major issue. Hackers, including both individuals and nations, have mounted major attacks on NASA, other civilian space agencies and companies, and even US military space systems. Yet despite the importance of space and satellite systems to our economic, communications, and defense infrastructure, not enough is being done about security, believes Falco. Imagine the chaos, for example, if someone held America’s civilian or military satellite networks hostage with a ransomware attack or took down our GPS satellites.

That’s where people like Falco come in. Much of his work centers on the civilian and commercial sector, although there’s also a lot of overlap with the military. Most space technology is “dual use” in nature, meaning systems such as satellites, control and navigation software, and sensors are used for both civilian and military purposes without substantial changes. 

Falco didn’t start out intending to become a superstar space computer hacker. As a kid, he liked physics and engineering, and he enjoyed playing tennis. He combined those passions when he designed a “better racket,” even working with companies to help sell the design. This early glimpse into entrepreneurial life led him to consider going to school for business—but he soon decided that going to business school didn’t seem interesting, so he chose hotel school instead, because it sounded more fun. 

An undergraduate degree in hotel administration led to an executive position at the IT management consulting company Accenture, where Falco eventually became the head of the company’s smart cities efforts. It would prove to be the gateway that led him into digital security and to MIT. 

At the Institute, he says, “I had a very interdisciplinary PhD process where I was in the Department of Urban Studies and Planning, doing research at the Department of Electrical Engineering and Computer Science, and applying my research with the MIT Sloan School of Management. I wanted to work in this industrial control and critical infrastructure sector, an undefined area of study.” While at MIT, Falco also founded the industrial internet security company NeuroMesh in 2016. 

It was at an international competition hosted at MIT—that he attended with his PhD research group led by principal research scientist Dr. Howard Shrobe—where Falco was finally exposed to the space business. “[NASA JPL] happened to have a booth there, and they asked, how would you like to hack into a space system instead of the electric grid? And I said, that’s badass,” he recalls with a laugh. “That’s what changed my trajectory.”          

At the time, JPL and NASA more broadly had become increasingly focused on cybersecurity in the wake of a series of hacks on their computer networks, culminating in a 2018 attack that compromised some ongoing missions. Falco was just the type they were looking for, and JPL proceeded to fund his doctoral research in cybersecurity at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). After graduation, he went on to complete a postdoc at Stanford University and an assistant professorship at Johns Hopkins University before settling at Cornell, where he continues to work at the cutting edges of cybersecurity and space infrastructure, while also consulting with an alphabet soup of federal agencies in the civilian, defense, and intelligence sectors, including DARPA, AFRL, NIST, and NASA. 

“I've been very actively involved in the national security and policy community, trying to take some of the research that we’re doing in the lab [at Cornell] and then make sure that we are not caught by surprise as a nation from a policy, regulatory, and geopolitics standpoint,” he says. He’s also the founding chair of the Institute of Electrical and Electronics Engineers’ international technical standard for space cybersecurity—200 individuals and more than 25 countries are involved in developing the standard. He was also recently named the North Atlantic Treaty Organization (NATO) country director for a new NATO program called HEIST that reroutes data from submarine communication cables (the path for 95 percent of the world’s internet traffic) to satcom networks in the event of subsea attacks. Some of his research has also been spun off into various startups for commercial use, including ransomware kits for space vehicles. 

Falco’s career trajectory has been anything but conventional or predictable, which he attributes to his MIT experience. “I think the fact that MIT has this ability to allow people to explore every interest they’ve possibly had and find the right permutation of that interest is what allowed me to do what I do today,” he says. “It’s really interesting how you might start someplace and then end up somewhere very different. I think MIT helps to foster that. They take the oddballs and then let them do whatever they think they need to do to make an impact.” 

Photo (top): Ian MacLellan.