03 May What Cybersecurity for the space sector? Ideas from the CYSAT conference
Threats to space are increasing. Such is the observation made by many specialists and players in Cybersecurity and space at the CYSAT conference held in Paris on 6 and 7 April. At Station F, they reflected on ways to better guarantee Cybersecurity in the space sector.
“The world is no longer stable,” explained Philippe Rosius during a presentation on the security and surveillance operations he leads at the European Union Space programme Agency (EUSPA). Indeed, as war returns to Europe, space infrastructures are increasingly the victims of threats and attacks, as demonstrated by the 24 February cyberattack on the KA-SAT satellite, which deprived thousands of customers—some of which living in Ukraine—in Ukraine—of Internet access.
At the same time, as the spectre of insecurity looms in space, public actors (states, etc.) and private stakeholders (companies, individuals, etc.) are increasingly dependent on space infrastructures. In view of this, one of the speakers in the debate on the protection of space data uttered a wise phrase: “You need to win the war before the war.” This means protecting both the ground segment (control centres, etc.) and the space segment (satellites), which are under attack and under threat.
For CGI consultant Christian Rückriegel, protection of the ground segment requires specific governance: “Governance for ground segments is more important than ever,” he explained. According to him, such governance must combine cybersecurity and the space sector through risk management or supply chain management, as the latter is increasingly subject to cyberattacks (for example with NotPetya) and contains numerous vulnerabilities.
As for the protection of the space segment, the conference highlighted the original collaboration with ethical hackers developed by the American armed forces in the form of a competition (Hack-A-Sat) that aims to hack a satellite. The winners of last year’s edition, Aris Adamantiadis and Xavier Mehrenberger, came to explain how their activity is useful for the cybersecurity of satellites. Indeed, ethical hacking enables to detect flaws and vulnerabilities of satellites, which can then be corrected, they explained.
The lucky winners of the Hack-A-Sat competition had the opportunity to discuss with Danilo D’Elia, Public Affairs Director at YesWeHack, a Bug Bounty platform that connects companies and public organisations with ethical hackers who are tasked with identifying security flaws in their IT systems in exchange for bounty-based compensation. During a workshop dedicated to securing SpaceTech through ethical hacking, it was demonstrated that Bug Bounty is increasingly used for space infrastructures (notably those of SpaceX with Starlink), which contain more common—and therefore vulnerable—components.
Finally, as several discussions have shown, the European Union appears to be necessary to secure space infrastructures and data. The concept of European sovereignty is no longer taboo and is increasingly asserting itself in the space sector thanks to a powerful and high-quality industry and system dedicated to it (as demonstrated by the various programmes managed by EUSPA, such as Galileo, EGNOS or Copernicus). Also, some speakers insisted on the importance of creating a European pool of start-ups contributing to this space sovereignty. Nevertheless, concerning the protection of space data—which Christine Leurquin, Strategy Director for the European Union at RHEA Group, called for to be strengthened during a discussion on data protection—it seems necessary to increase European investments to better deal with the threats to which they are subject. As Etienne Gérain, founder of Priamos, explained during a debate on the estimation of cyber risks in space: “Cybersecurity is not a cost, it is an added value.”