It has been 50 years, since the Mankind’s greatest expedition landed on the Moon…truly astonishing!!
History tells that, Humans have always tried to push their limits to reach out to challenging places and that time during 1969, to leave their Homeland – “Earth” to land on the Moon, has to be one of the most phenomenal achievements. In this blog, I am aiming to present an overview of the Apollo 11’s AGC from a Security Engineering viewpoint, based on the facts available across the internet.
Modular approach in the Spacecraft design…
The Apollo 11 mission had 3 distinct spacecrafts/Modules –
- The Command Module (carrying the Astronauts),
- The Service Module (carrying Oxygen, Water and Power) and
- The Lunar Module (used for descent and ascent on the Moon’s surface)
What came back to the Earth was only the Command Module (with the Astronauts) which had the right design at it’s broader end to handle the enormous friction (that burns objects) with the Earth’s atmosphere during it’s re-entry.
what we learn is to always have a modular design approach in your security engineering processes viz., segregation of duties and separation of concerns so as to prevent malicious activities and make it harder for the attackers.
Software Programming…
What under pinned the mission was the Apollo Guidance Computer (AGC) [programmed in Assembly language (Lower level language) ], that was used for guidance, navigation and control of the Spacecraft. The Assembly level code if not written and tested correctly can have lots of issues viz., errors, runtime exceptions. So my guess is that, there must have been lots of manual testing and simulation to ensure that the AGC would operate as expected.
As security engineers, we need to ensure that any sort of exceptions or errors are handled carefully i.e., not revealing sensitive data or stacktraces to the end users. There are still areas in security testing which can’t be automated and requires human intervention for example, detecting broken authentication (OWASP – A2:2017-Broken authentication that can lead to session hijacking etc. ) by reviewing session management implementation.
So how was the Assembly code Secured?
The only threat in those days seems to be a human error and hence most of the code was held in a read-only part of the memory (a.k.a magnetic core rope memory) barring some code that was held in a read-write area, that can be overridden by the Astronauts (Privileged user access) on-board Apollo 11, using a Display unit (DSKY interface). There is some story behind the core rope memory that was hand woven in the factories by women and was hence nicknamed, LOL! (Little Old Lady Memory), factoring in the limited capacity of the memory. (Reference: wikipedia)
There is a very famous picture of one of the Software Team Lead – Margaret Hamilton, standing next to a pile of the printed Source code. Don’t think in my wildest dreams that a mission critical code will be made available publicly these days…However, now the entire AGC source code is made available on Github for reference.
Safeguarding the AGC from extreme environmental conditions
To be able to predict the challenging corrosive conditions in the command module and designing the AGC in a way to withstand tough conditions was commendable.
For Security engineering teams, that raises a question, is our software product resilient enough to be able to withstand DDoS attacks or a ransomware attack? How do we ensure the same level of security when our Disaster recovery and Business continuity plans are executed?
What do we learn from this Software Engineering classic?
Apart from the above points that I mentioned, the foremost thing that we can learn is, Innovation… To take risk with human lives by leveraging technology in those days was something phenomenal.
In today’s age People don’t take much of a chance and live a risk free life. Events like these remind us that we need to get out of our routine lives and push our limits… Think out of the box and try new things. I am not saying aim for the Solar system literally but, at-least take a pause and visualise where you want to be in life?
In simple terms…Live life beyond your imagination ๐
Cyber Vyber 
Leave a comment