We are very excited to announce a new upcoming course, « Aerospace Cybersecurity: Satellite Hacking » led by Angelina Tsuboi in collaboration with PenTestMag.
This comprehensive course will delved into the captivating world of satellite hacking while emphasizing strategies to safeguard these critical systems. Key topics will cover included satellite communication basics, tracking and identification methods, vulnerabilities and threats, signal analysis, and protocol exploitation. This course not only provided insights into hacking techniques but also stressed the significance of protecting satellites from potential attacks.
This 18-hours course will dive deep into the groundbreaking world of aerospace cybersecurity by teaching the skills necessary to conduct reconnaissance, communication dissection, decoding, and vulnerability analysis of satellite systems through interactive activities and tutorials.
Throughout this course, you will explore the fundamentals of satellite hacking, starting with hands-on CTF exercises that teach the basics through practical application by utilizing online tools and scripts.
Topics covered in this course include
Satellite Identification & Reconnaissance using OSINT tools
Orbital Parameters and Mechanics
Two-Line Element Set Extraction and Interpretation
Angelina Tsuboi is a programmer, mechatronics developer, and cybersecurity researcher who is currently working for NASA. She is interested in educating others about the exciting field of aerospace cybersecurity in conjunction with developing her own programs and research in the field.
About PenTest Magazine
PenTest Magazine is a monthly downloadable IT security magazine and an online course platform, devoted to penetration testing and all things on offensive cybersecurity. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.
Russia’s cyberattack on ViaSat on the eve of its invasion of Ukraine put the cyber fragility of space systems high on the agenda and the need to secure them a top priority. Yet, space companies lack the required knowledge and the U.S. lacks skilled personnel and has no training programs. Until now.
Indeed, I will speak about the first program dedicated to cybersecurity of space systems.
This is a 10-week synchronous teaching and interactive webinar series that will provide participants with in-depth understanding of the cyber threats to space systems and the tools to develop and implement effective strategies for managing cyber risks to space-based infrastructure.
This new space-cybersecurity program focused on the unique issues arising in the context of protecting space-based assets from cyber attacks.
This program lasts 10 weeks and consists of a 60 minute live virtual session and one to two hours of asynchronous work each week. Each course will be independently taught by an industry professional and the program leads.
After successfully completing this program, participants will be prepared to manage the cyber threats space-based assets.
In this program, participants will earn a digital badge that can be shared on social media platforms, including LinkedIn and could also earn 3 credit waivers toward either the Kelley School of Business (Indiana University) Executive Education Cybersecurity Management certificate (a 12 credit hour graduate certificate), which can then be applied to the MS in Cybersecurity Risk Management— or choose to apply the 3 credit waivers directly to the MS program.
This 10-week virtual instructor-led program runs Sept 11 to Nov 13.
You can find out more about the Program and sign up here.
CyberInflight team is part of the contributor list of the SPARTA framework. The last version published on July 18, 2023, adds more than 60 attack references provided by their market intelligence team.
SPARTA is the the Aerospace Corporation’s Space Attack Research and Tactic Analysis framework. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.
SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.
You can check here an analysis of the Thales satellite hacking demo CYSAT 2023 by SPARTA team
Congratulations to Matthias POPOFF and Héloïse Do Nascimento Cardoso for their contribution.
Do not hesitate to contact them if you need to run any consulting or intel. mission. Get more info of the contribution here.
You can learn more about SPARTA in our article here.
You can check here a quick comparaison of recently released Cybersecurity Frameworks for Space Sector between SPARTA (Space Attack Research and Tactic Analysis), the SPACE-SHIELD (The Space Attacks and Countermeasures Engineering Shield from ESA), TREKS (The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles Cybersecurity Framework)
Thales has been notified by the European Space Agency (ESA), on behalf of the European Union Agency for the Space Programme (EUSPA) and the European Union represented by the European Commission, of two major contracts for cybersecurity of Galileo Second Generation (G2G) programme.
Together, these contracts represent a total value of over 60 million euros (excluding options) and confirm the Group’s key role in the cybersecurity of the second generation of the Galileo programme as Thales will be in charge of all elements of the security and resilience of G2G.
On 17 May 2023, Thales was awarded the contract for security monitoring on the G2G system infrastructure.
This award follows the cybersecurity specification and design contract for the Galileo Second Generation system, which was confirmed on 17 April 2023. It will significantly improve the performance of the second-generation Galileo system, with the introduction of new services, stronger resilience functionality, and future additional features for the PRS1 navigation service for government users.
As a major partner of the EU Space Programme to ensure the security of the Galileo system, Thales, as a European leader in cybersecurity, has been working with the Agency for over 20 years to contribute to the security of the Galileo programme, Europe’s largest satellite programme, providing sovereign and critical positioning, navigation, and timing services.
From left to the right: Sylvain Loddo – Head of Galileo Ground Segment Management Office | Ennio Guarino – Head of Galileo and EGNOS Programme Department | Lionel Salmon – Cybersecurity of Information Systems Director | Alexandra Porez – Thales GALILEO Programme Cybersecurity Director
Europe’s largest satellite system security monitoring programme
As part of G2G IOV SECMON, Thales is leading the consortium, including the Italian group Leonardo, to expand the scope of security monitoring and include the new assets in the G2G system. It will also introduce automated incident response and network traffic monitoring. In addition, the solution will be capable of storing significant amounts of incident response data. To meet this challenge, Thales will deliver a solution built on a scalable, flexible architecture derived from its Cybels range of security supervision products and incorporating big data capabilities.
A cybersecurity contract for better protection from quantum threats
New threats from quantum computers capable of breaking existing cryptographic algorithms have the potential to compromise long-term data security. Thales has been tasked by ESA within the consortium it leads to draw on its world-renowned cryptography expertise.
Under the “G2G System Engineering and Technical Assistance for security and PRS” contract, Thales will specify and verify the new cybersecurity for the G2G system – taking into account new threats to space systems, security maintenance requirements, improvements to the PRS service for government users– and prepare for system certification. One of the major challenges is to ensure a smooth transition from G1G to G2G while maintaining the level of security and performance offered by the G1G system for member states.
“Thales thanks ESA, EUSPA and the European Commission for its continued confidence in the Group’s expertise in space systems and cybersecurity for critical systems. These security contracts for Galileo Second Generation will bring Europe a more robust system with better protection from quantum threats – a major challenge for the space industry in the decades ahead – and will draw on the Group’s unparalleled big data expertise to provide more effective security monitoring of the world’s leading satellite positioning system,”
said Pierre-Yves Jolivet, VP Cyber Solutions, Thales.
The cybersecurity of satellite systems has become a growing concern for satellite operators and space agencies, particularly against a backdrop of geopolitical tensions. Today, thousands of satellites are in orbit, and it is estimated that 10,000 more will be added over the next 10 years, due to the multiplication of uses, from everyday life with the Internet of Things to defense applications.
Through the signing of these two contracts, Thales’s expertise in scalable and flexible architecture and security equipment and protection against cyberattacks will enable the G2G program to strengthen its ability to detect and respond to new cyberthreats. The end-to-end solution proposed by Thales experts will contribute to the development of greater security and resilience of satellites.
In parallel, Thales Alenia Space has been notified of major contracts to design and build with its European consortium the G2G Ground Mission Segment and execute System Engineering Activities. The company will also provide 6 of the 12 satellites of the constellation.
Cybersecurity at Thales
As a global leader in cybersecurity, Thales is involved at every level of the cyber value chain, offering solutions ranging from risk assessment to protection of critical infrastructure, supported by comprehensive threat detection and response capabilities. Its offer is built around three families of cybersecurity products and services, which generated sales of €1.5bn in 2022:
Global security products around the CipherTrust Data Security Platform the SafeNet Trusted Access Identity & Access Management as a service solution, and the broader cloud protection & licensing offerings
Sovereign protection products including encryptors and sensors to protect critical information systems
Cybels solutions portfolio, a complete suite of cybersecurity services including risk assessment, training and simulation, and cyberattack detection and response
Drawing on more than 40 years of experience in cybersecurity and space activities, Thales applies the principles of « cybersecurity by design » to the products it develops for satellite operators and space agencies. With more than 4,000 cybersecurity specialists, Thales helps to ensure the security of satellite systems for national and European space programmes – in particular Europe’s Galileo satellite navigation programme – and at the international level. With its combined expertise in cutting-edge satellite systems and cybersecurity solutions relying on the latest military technologies, Thales offers governments, institutions and enterprise customers a comprehensive range of cybersecurity solutions to guarantee robust protection of all the elements of a space system. In April 2023, Thales demonstrated its expertise in offensive security at CYSAT, managing to take remote control of an ESA demonstration satellite, in order to anticipate and respond to current and future threats.
Galileo is European Union’s global navigation satellite system (GNSS). Operational since 15 December 2016, Galileo’s initial services are fully interoperable with GPS, while offering users an expanded range of performance and service levels, along with far more accurate positioning. All smartphones sold in the European Single Market are now guaranteed Galileo-enabled. In addition, Galileo is making a difference across the fields of rail and maritime transportation, agriculture, financial timing services and rescue operations. Unlike the American GPS, Russian GLONASS and Chinese Beidou satellite navigation systems, which are operated by the armed forces, Galileo is the world’s only GNSS system under civilian control.
To date, Galileo is scheduled to comprise a constellation of up to 38 first-generation satellites, transmitting stations for satellite control and telemetry, transmitting stations for mission data, two security monitoring centres (in Saint-Germain-en-Laye and Madrid), two system control centres (Oberpfaffenhofen and Fucino) and 16 stations for orbit control and clock synchronisation.
Galileo Second Generation is designed to be flexible and adapt to user needs in the decades ahead. It will also be more robust to withstand the challenges of a constantly changing world, especially the threats of jamming and cybercrime. With unrivalled accuracy and additional authentication capabilities, Galileo will be the world’s most advanced GNSS system.
In parallel, Thales Alenia Space has been notified of major contracts to design and build with its European consortium the G2G Ground Mission Segment and execute System Engineering Activities.
Galileo is Europe’s global navigation satellite system (GNSS). With unrivalled accuracy and additional authentication capabilities, Galileo will be the world’s most advanced GNSS system.
CyberInflight released a new Space Cybersecurity Weekly Watch for Week 30 (July 17 –23, 2023). The team consolidates a weekly watch with all the space cybersecurity news you shouldn’t miss.
In this new Space Cybersecurity Watch, you will find 19 articles about company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.
The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education and important news.
Overview of this Space Cybersecurity Weekly Watch
There were relatively little news this week in the field of space cybersecurity. On the market front, Thales has been selected by ESA for two contracts to provide cybersecurity for Galileo Second Generation. In the USA, the government has awarded two contracts. The first is for Leonis via the Office of the Director of National Intelligence to provide intelligence, technical, financial, and management services. The second was awarded by the US Space Force to Anduril. Also on the market front, this week Safran acquired part of Collins Aerospace.
An interesting piece of regulatory news this week is the publication of the UK’s National Space Strategy-Plan into Action. On the Threat Intelligence front, it’s worth nothing this week that the Russian Navy has deployed make shift GPS Jammers towar ships for the St. Petersburg Parade. On the technological front, the Hyperspace Challenge has been launched by the US Space Force, and companies are invited to submit technology proposals. Finally, surfing on the wave of serious games and hacking competitions, RUVDS and Positive Technologies have launched a Russian CTF sports hacking competitions with a server-satellite as the keyelement.
CyberInflight team is now proud to be in the contributor list of the SPARTA framework. The last version published on July 18, 2023, adds more than 60 attack references provided by our market intelligence team. Get more info here.
CyberInflight (www.cyberinflight.com) is an independant consulting and business intelligence company dedicated to the topic of Aerospace Cybersecurity. CyberInflight’s goal is to raise the global cybersecurity awareness of aerospace stakeholders providing them with refined information and analysis. Its expertise combines strategic market intelligence and technical proficiency, both required in the demanding field of cybersecurity.
With the permission of Florent Rizzo, founder and CEO of CyberInflight, we are sharing below an analysis by a CyberInflight analyst of the attack on the Russian satellite telecom.
On June 28-29, 2023, a series of messages on a Telegram channel claimed a large-scale cyber attack against Dozor-Teleport. Along with the claim messages, numerous files to download, an audio recording, and several screenshots were made available. The attacker(s) claimed affiliation with the Wagner Group without providing any additional evidence.
The information was first picked up on Twitter by pro-Ukrainian accounts. It quickly leaked to numerous cybersecurity news sites worldwide. Within 12 hours, major news outlets such as The Washington Post reported the information. Within 24 hours, the information was present on a range of media platforms.
During this dissemination, the information underwent a true game of « Chinese whispers. » The initial articles simply reproduced the information as it was published on Twitter or Telegram, barely mentioning that it was what the attackers claimed. Subsequently, various media outlets started amplifying the information. Headlines suggested that a Russian military satellite network had been hacked before articles began appearing about hacked Russian military communication satellites.
In general, several issues continue to arise regarding the treatment of information about attacks in the space domain:
Once the word « satellite » is mentioned, the information suddenly gains interest in terms of cybersecurity. The reason is simple: the combination of space and cyber can quickly evoke fascination. The downside is that sensationalist headlines often multiply.
There is a clear lack of perspective regarding information related to cyberattacks. The need to be the first to publish information (which is understandable) leads to approximate or poorly verified information spreading rapidly.
The study and questioning of sources are rarely emphasized. Many press articles simply republish what has already been said without verifying the primary source of the information. As a result, basic information quickly becomes considered as true. For example, based on a given analysis on Twitter, it has been repeated by numerous media outlets that it was the first attack on a satellite provider since Viasat, which is false.In the era of OSINT (Open-Source Intelligence), the amount of available information is considerable, but there is a lack of necessary reflection for understanding the information. Consequently, certain major cyberattacks that occurred over a year ago, such as the Viasat attack, remain particularly vague in both their execution and impact.
CyberInflight’s Space Cybersecurity Market Intelligence report
CyberInflight released in April 2023, a strategic report as a unique resource on the space cybersecurity domain consolidating all necessary information to better comprehend the market and make insightful decision making.
CyberInflight is at the forefront of this domain and one of the only market intelligence company to have consolidated such amount of information in a single document.
In this Space Cybersecurity Market Intelligence report, you will find :
Interview campaign (~30 interviewees from the entire value chain)
Sector trends and dynamics
Strategic analysis and forecast
You can find here the excerpt of the last Space Cybersecurity Market Intelligence 2023 Report edited by CyberInflight.
CyberInflight’s Space Cybersecurity Weekly Watch
CyberInflight are releasing also a Space Cybersecurity Weekly Watch. The team consolidates a weekly watch with all the space cybersecurity news you shouldn’t miss.
In this Space Cybersecurity Watch, you will find Articles, company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.
The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education, important news.
You can find here some samples of their last Space Cybersecurity Market Intelligence 2023 Report.
This article describes a comprehensive 3-day Space Domain Cybersecurity course organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework.
This Space Domain Cybersecurity course examines the practical issues of developing and sustaining a secure cyber environment through all phases of the space mission lifecycle. The course is organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework. The SpaDoCs Framework provides a comprehensive and systematic model for understanding and tackling all critical issues of cybersecurity in the space domain. An examination of the Key Objectives—confidentiality, integrity, availability—provides the foundation for the course. From there, the space domain is examined layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers. Threats and vulnerabilities at each layer are highlighted. Finally, first principles of cybersecurity are discussed (domain separation, process isolation, and others) as well as key enablers (such as vision and strategy) to help frame plans for action to address the cybersecurity issues exposed by this course. Course exercises center around practical application of the material to real- world space mission scenarios.
At the end of this course you should be able to :
Describe the big picture challenges of cybersecurity in the space domain as organized in the SPAce Domain Cybersecurity (SpaDoCs) Framework
List and define key objectives of cybersecurity (CIA Triad), the first principles of secure systems, along with cybersecurity enablers
Identify cyber threats to and vulnerabilities of space missions and systems
Characterize the various layers of the space domain and the elements that comprise them
Apply cybersecurity first principles to specific space domain threats and vulnerabilities
Associate specific cybersecurity enablers with various space domain threat or vulnerability scenarios
Analyze threats and vulnerabilities and their attack vectors for various space domain scenarios at each layer
Formulate inputs and issues to a cybersecurity assessment plan for a given space domain scenario
Space Domain Layers: Enterprise Layer, Mission Layer, System Layer, and DevOps Layer
Threats and Vulnerabilities
First Principles of cybersecurity applied in the space domain
Enablers of security and mission success in space enterprises
The space and cyber domains have developed in parallel over the past several decades. The two domains evolved separately and have employed different architectural frameworks to guide their evolution.
An example of this difference is the fact that space systems typically maintain distinct command and control networks that operate separately from mission data communications. Computer and cyber systems typically do not maintain separate networks. Establishing best practices for cyber protections and collaboration across space enterprises requires collaboration across the different architecture frameworks,
terminologies and even cultures.
The Space Domain Cyber Security (SPADOCS) framework has been introduced to bridge the space and cyber domains with the goal of enhancing collaboration and information sharing across mission, company, international and government boundaries.
The Space Domain Cybersecurity (SpaDoCs) Framework provides a comprehensive and systematic model for understanding and tackling cybersecurity in the space domain.
SpaDoCs Framework is a process framework to organize, understand and educate
What is SpaDoCs Framework ?
SpaDoCs Framework describes the big picture challenges of cybersecurity in the space domain.
The framework describes the space domain layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers.
Threats and vulnerabilities at each layer are highlighted, keeping in mind that Confidentiality, Integrity and Availability (aka CIA Triad) are the foundation and the key objectives of cybersecurity.
SpaDoCs Framework characterizes the various layers of the space domain and the elements that comprise them
SpaDoCs Framework describes the practical issues of developing and sustaining a secure cyber environment through all phases of the space mission lifecycle.
What can SpaDoCs Framework be used for ?
SpaDoCs Framework allows to identify cyber threats to and vulnerabilities of space missions and systems
SpaDoCs Framework allows to apply cybersecurity first principles to specific space domain threats and vulnerabilities
SpaDoCs Framework allows to associate specific cybersecurity enablers with various space domain threat or vulnerability scenarios
SpaDoCs Framework allows to analyze threats and vulnerabilities and their attack vectors for various space domain scenarios at each layer
SpaDoCs Framework allows cybersecurity professionals to formulate inputs and issues to a cybersecurity assessment plan for a given space domain scenario.
To go further
If you’re interested in cybersecurity applied to space domain or if you want to learn more about SpaDoCs Framework, I recommend the following training course. It is a comprehensive 3-day Space Domain Cybersecurity course organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework.
You can find more informations about this course here or here.
Le 5 juin dernier avait lieu, dans le cadre des Lundi de l’IHEDN (Institut des hautes études de défense nationale), une conférence à l’École militaire (Paris 7e) sur le thème de l’OSINT = Le nouveau nerf de la guerre ?
Il y avait 3 connaisseurs de ce domaine qui en ont résumé les enjeux stratégiques sous la forme de 3 approches différentes :
L’OSINT pour le journalisme
L’OSINT dans le judiciaire pour les analyses criminelles et les investigations numériques (fraudes, #cybermenaces)
L’OSINT en géographie qu’on appelle aussi GEOINT (Geospatial intelligence).
Qu’est-ce que l’OSINT ?
OSINT signifie Open Source INTelligence, c’est à dire le renseignement en source ouverte. L’OSINT est une méthode de collecte et d’analyse de renseignements en utilisant des sources d’information accessibles au public. Il s’agit d’une approche qui consiste à recueillir des données à partir de sources telles que les médias sociaux, les sites web, les forums de discussion, les bases de données publiques, les rapports gouvernementaux, les articles de presse, etc.
L’objectif principal de l’OSINT est de rassembler des informations exploitables sur des sujets spécifiques, tels que des individus, des organisations, des événements ou des tendances, en utilisant des sources qui sont librement disponibles et accessibles à tous. Cette méthode permet d’obtenir des informations pertinentes pour divers domaines, tels que la sécurité, le renseignement, la défense, la lutte contre la criminalité, la veille concurrentielle, la gestion des risques, etc.
Les professionnels de l’OSINT utilisent souvent des techniques de collecte automatisée d’informations, telles que le web scraping (extraction de données à partir de sites web), l’analyse de données massives, la recherche avancée sur les moteurs de recherche, la surveillance des médias sociaux et d’autres outils spécialisés pour trouver, trier et analyser les informations pertinentes.
Il convient de souligner que l’OSINT se concentre uniquement sur des sources d’information publiques et légales, et ne viole pas les lois sur la confidentialité ou les droits d’auteur.
Il faut souligner que l’ère de l’internet de masse a notamment popularisé cette discipline qui est désormais accessible à tout un chacun.
Replay de la conférence OSINT = Le nouveau nerf de la guerre ?
Le résumé de la conférence sur « l’OSINT = Le nouveau nerf de la guerre ? » se trouve ici.
Le replay en vidéo se trouve ci-dessous
Au delà de l’OSINT
Il est important de noter que l’OSINT est souvent complété par d’autres méthodes de collecte de renseignements, telles que le renseignement humain (HUMINT), le renseignement signal (SIGINT) et le renseignement d’origine électromagnétique (ELINT), pour obtenir des informations plus complètes et précises.
On vient de parler de GEOINT (Geospatial intelligence), de SIGINT (Signals intelligence), de HUMINT (Human Intelligence), de ELINT (Electronic Entelligence).
Nous en profitons pour vous faire découvrir d’autres domaines de l’OSINT :
IMINT = Image Intelligence
COMINT = Communications Intelligence
L’OSINT et la cybersécurité
La cybersécurité est un autre domaine d’application de l’OSINT. En effet, l’OSINT permet d’enrichir sa stratégie de Cyber Threat Intelligence (CTI) comme l’explique cet article.
L’OSINT et le spatial
L’OSINT s’applique aussi au spatial avec ce qu’on appelle de façon informelle le Satellite-OSINT. A ce sujet, on peut vous recommander l’article sur le Space-Based Intelligence in Cybersecurity, abordé dans l’article ici ou ici.
La question de la vulnérabilité des systèmes spatiaux aux cyberattaques a longtemps été ignorée pour des raisons communes avec les systèmes industriels de type SCADA (Supervisory Control And Data Acquisition).
La réalité et l’expérience montrent que le monde d’aujourd’hui n’est plus le même que le monde d’avant. Il est désormais indispensable de se poser la question de la vulnérabilité des systèmes spatiaux aux cyberattaques.
Les satellites de dernière génération comme ceux de SpaceX cherchent à tirer les coûts vers le bas si bien qu’ils utilisent pour la plupart des logiciels Open Source. Cela les expose d’avantage à des cyber-menaces comme n’importe quel autre autre matériel informatique.
La chaîne logistique, à l’ère de la mondialisation est souvent internationalisée. Il est difficile de la maîtriser complètement. L’introduction de composants ou de logiciels malveillant n’est pas complètement impossible pour un acteur motivé qui s’en donnerait les moyens. On peut imaginer par exemple l’introduction de backdoor dans les composants ou les logiciels du satellite.
Les stations au sol avec lesquelles communiquent les satellites ne sont pas si isolées que ça. C’est le même constat pour les centres de Contrôle-Commande qui pilotent les satellites via les stations au sol. Ils ont pour la plupart besoin de communiquer avec l’extérieur comme avec des centre de données même si cela se fait via des liaisons sécurisées sur internet.
Les accès aux satellites sont certes impossibles physiquement mais un accès via leur station au sol ou via leur système de Contrôle-Commande restent possibles. C’est une porte d’accès potentielle pour un acteur malveillant.
Les logiciels font parties inhérentes des satellites, lanceurs et systèmes spatiaux. On parle de « on board satellite software » ou de « Software-defined satellite ».
Les acteurs commerciaux qui ont intérêt à baisser les coûts ont tendance à ignorer la cybersécurité des systèmes spatiaux en utilisant des logiciels Open Source, en réutilisant du code logiciel d’autres programmes, voire même en réutilisant du vieux code.
Techniquement, seule la redondance technologique des stations au sol, des réseaux électriques et des hardware et software à bord des satellites, peuvent permettre d’éviter les interruptions de service. Mais un logiciel mal codé, même s’il est redondé, reste vulnérable.
C’est dans cette optique que nous avons décidé de nous intéresser de plus en plus aux logiciels. A cette occasion, nous rappelons que le MITRE vient tout juste de sortir les 25 plus grandes failles de sécurité des logiciels pour l’année 2023 (Top 25 most dangerous software weaknesses)
La liste est basée sur une analyse de la base de données publique du NIST (National Institute of Standards and Technology) appelée « National Vulnerability Data » ou NVD. Le NIST a pris les causes principales des incidents de sécurité pour les 2 dernières années 2021 et 2022 et les a mappées sur les CWE (Common Weaknesses Enumeration).
Un total de 43.996 CVE de la base « Known Exploited Vulnerabilities » (KEV) ont été examinés et un score a été attaché à chacun d’entre-eux basé sur la prévalence et la sévérité.
Au top de la liste, vous avez : Out-of-bounds Write, Cross-site Scripting, SQL Injection, Use After Free, OS Command Injection, Improper Input Validation, Out-of-bounds Read, Path Traversal, Cross-Site Request Forgery (CSRF), and Unrestricted Upload of File with Dangerous Type.