Home Blog Page 2

De qui se MOOC-t-on ? Liste des meilleurs MOOCs sur la Cybersécurité

0

J’ai découvert, il y a un certain temps, le monde merveilleux des MOOCs. J’ai voulu découvrir de quoi il s’agissait en participant à des MOOC liés à la cybersécurité, mon domaine d’activité professionnelle et j’ai été agréablement surpris. J’ai découvert que ce support était très pédagogique et permettait de faire passer des messages clairs et synthétiques auprès du grand publique. Je recommande vivement ce support pour ceux qui veulent s’initier à un domaine, se former ou se tenir informer.

C’est pourquoi, j’ai décidé, à la demande générale (d’un certain Christophe), de créer cet article dans le but de rassembler l’ensemble des MOOCs, des cours et des formations disponibles en ligne dans le domaine de la cybersécurité et de la sécurité de l’information.

Si vous en connaissez d’autres, n’hésitez pas à commenter cet article pour que je puisse les rajouter. Et surtout, n’hésitez pas à partager cet article au plus grand nombre car il est important de rappeler que la sécurité est l’affaire de tous.

PS : tout jeu de mot est indépendant de ma propre volonté (se rapprocher du même Christophe pour en savoir plus)

Les MOOCs en ligne

  • MOOC de l’ANSSI (FR): Il s’agit d’un MOOC pour se former à la sécurité du numérique. Il rassemble l’ensemble des informations pour s’initier à la cybersécurité ou approfondir ses connaissances. Le MOOC est accessible gratuitement jusqu’au mois d’avril 2021. Le suivi intégral du MOOC vous fera bénéficier d’une attestation de réussite. https://secnumacademie.gouv.fr/
  • MOOC de la CNIL sur le RGPD (FR): Ce MOOC rassemble l’ensemble des informations pour s’initier au RGPD et comprendre les enjeux de la mise en conformité de son organisme. Le MOOC est gratuit et accessible jusqu’au mois de septembre 2021. En suivant le MOOC, vous pourrez obtenir une attestation. https://atelier-rgpd.cnil.fr/
  • MOOC de l’INRIA sur Protection de la vie privée dans le monde numérique (FR) : Ce MOOC élaboré par des chercheurs d’Inria, aborde la notion d’identité numérique et les problèmes de vie privée associés à l’usage des outils numériques. Apparemment, ce MOOC est clos depuis le 17 juin 2019. Il faut attendre qu’il soit de nouveau ouvert. https://www.fun-mooc.fr/courses/course-v1:inria+41015+session03/about
  • MOOC de l’INRIA – Code-Based Cryptography (US) : Il s’agit d’un MOOC élaboré par l’INRIA sur la cryptographie. Il présente l’état de l’art de la cryptographie. Il aborde les différents cryptosystèmes existants (symétrique, asymétrique), la théorie des codes, etc .. Ce MOOC date de 2016 mais il reste ouvert exceptionnellement. https://www.fun-mooc.fr/courses/course-v1:inria+41006+archiveouvert/about
  • MOOC de l’université de Bretagne – Défis et enjeux de la cybersécurité (FR) : Ce MOOC a pour but d’aborder les principaux aspects, tant sociétaux que techniques, de la cybersécurité. Apparemment, ce MOOC est clos depuis le 17 juin 2019. Il faut attendre qu’il soit de nouveau ouvert. https://www.fun-mooc.fr/courses/course-v1:ubs+160001+session01/about
  • MOOC du CNAM – Protection des données personnelles – le nouveau droit (FR) : Ce MOOC présente les règles applicables en matière de protection des données et de la vie privée en France et en Europe. Il permet de bénéficier d’une présentation actualisée de la nouvelle réglementation applicable. https://www.fun-mooc.fr/courses/course-v1:CNAM+01032+session02/about

Les cours et formations en ligne

Udemy

  • Udemy est une plate-forme d’apprentissage et d’enseignement en ligne qui propose des milliers de cours sur des centaines de thèmes. Udemy propose régulièrement toute l’année des promos sur les cours Cyber (à surveiller). En ce moment, la plupart sur à 10€. Voici le lien vers les cours de cybersécurité https://www.udemy.com/courses/search/?src=ukw&q=cyber%20s%C3%A9curit%C3%A9

Security Symposium

  • Security Symposium est un ensemble de vidéos sponsorisés par Intel et Red Hat qui couvrent principalmeent les aspects liés à la sécurisation des nouvelles technologies comme le conteneurs, l’automatisation de la sécurisation des plateformes et des tests de conformité, la gestion opérationnelle de la sécurité (patching,…), etc … A découvrir ici : https://www.brighttalk.com/summit/4551-security-symposium/

[Book] The Battle Beyond: Fighting and Winning the Coming War in Space

0

Fundamentally, Paul Szymanski and Jerry Drew remind us that–more than just simply a clash of weapons–all warfare manifests as a competition between human minds. The same holds true in the battle beyond in outer space.

The contests of space warfare will test the knowledge, experience, fears, beliefs, stamina, and will of the people, their military commanders, and their political leadership like never before.

It is thus essential to prepare for the military implications of wars that extend into space, to root space warfare in the military thought of the past, to adapt it to the needs of the future, and to complete its integration as an essential part of the Western way of war.

Beginning with the word “war” itself, Szymanski and Drew guide the reader through a comprehensive consideration of the levels of warfare as viewed through the eyes of experienced space warfare practitioners. They make relevant centuries-old terms of art, linking the Napoleonic thought of the past to the network-dependent wars of the future and explaining esoteric disciplines like orbital warfare and electromagnetic operations in a way that will appeal to both novices and veterans of the discipline.

In so doing, they expand upon the existing lexicon of war, instructing the reader on how to fight and win the coming war in space. Rich in symbology, illustrations, and historical examples, this book could not come at a more critical time for the security of the United States and its Allies.

Biographie des auteurs

Paul Szymanski and Jerry Drew – Source : Paul Szymanski’s Linkledin page

Paul Szymanski has 49 years of experience in all fields related to space control: policy, strategy, simulations, surveillance, survivability, threat assessment, long-range strategic planning, and command and control. In addition, he has a comprehensive experience base, having worked directly with multiple services (Air Force, Army, Navy, Marines), civilian agencies (NASA, DARPA, FEMA), and from the Pentagon (Secretary of the Air Force) to systems development (Space and Missile Systems Center – SMC/ASP/XRJ), technology development (Air Force Research Lab) to operational field test (China Lake Naval Test Center).

Jerry Drew is currently the chief of joint space training in the Department of Joint, Interagency, and Multinational Operations at the U.S. Army Command and General Staff College. He holds a Bachelor of Science in art, philosophy, and literature from the U.S. Military Academy and a Master of Science in astronautical engineering from the Naval Postgraduate School where his thesis work focused on applied robotic manipulation using small spacecraft.

How to buy it

This book is avalaible on Amazon here for 33,90€

Reaching for the Stars with Zero Trust: Space Domain Applications

0

In this article, we will explore if we can apply Zero Trust in space domain, for example in satellites or space missions, how and why ?

What is Zero Trust Architecture (ZTA)

The Zero Trust security model, coined by analyst firm Forrester Research, is a holistic approach to network security that mandates no user or machine should be implicitly trusted, either outside or inside of the network. The concept has evolved as a way to minimize cyber threats and data breaches by not granting automatic trust based on network location.

Understanding Zero Trust Principle and Architecture:

Zero Trust operates on the concept “Never Trust, Always Verify”. At its core, it’s designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and including simplified granular user-access control.

In a Zero Trust architecture, security isn’t treated as a one-size-fits-all model. It aims to eliminate uncontrolled access to resources by assuming that a user, system, or device is potentially compromised, regardless of if they are inside or outside of the security perimeter.

Implementing Zero Trust includes but not limited to: Identify Sensitive Data, Micro-segmentation, Multi-factor Authentication (MFA), Real-time Monitoring and Analytics, User Access Control

Application & Scope:

Zero Trust can be applied to any IT environment, from on-premises data centers to public clouds, and from network to endpoints. This approach is highly effective in protecting users and data in today’s perimeter-less workplaces, where employees, contractors, and partners need to access applications from various locations, networks, and devices.

Importance & Future of Zero Trust:

The increasing complexity and fluidity of modern IT environments make traditional perimeter-based security models obsolete. Evolving security threats, remote workforce, digital transformations, cloud adoptions, and complex supply chains led to an increase in the number of digital touch-points that can serve as entry points for sophisticated cyberattacks.

Zero Trust’s focus on securing every access point draws a promising future for IT security. It emphasizes understanding the behavior of network users and devices, thereby enabling early detection and mitigation of potential threats. It offers greater visibility into network activities, lowers the risks of security breaches, and improves compliance by implementing granular data control.

From organizations looking to secure their remote workforces to businesses wanting to lock down their supply chains, Zero Trust is poised to become the new normal for cybersecurity. As entities come to grips with a ‘trust no one’ model, they will be better positioned to tackle the cybersecurity threats of the future.

Does Zero Trust apply to the space domain?

In theory, the Zero Trust model could feasibly be applied to the space domain. The fundamental principles of identity verification, least privilege access and real-time monitoring that define Zero Trust are universally important for any operational technology, including space missions or satellites.

Security in the space domain is critically important. Satellites and other space technology manage a wide range of sensitive data and information, from global positioning data to confidential national security information.

Why Apply Zero Trust in the Space Domain?

Protecting Sensitive Information: Considering the increasing cost and strategic importance of space systems, as well as the sensitivity of the data they handle, implementing a robust security posture like the Zero Trust model is crucial.

Remote Accessibility: Like many other systems in the digital age, space platforms are remotely accessed. Zero Trust principles don’t inherently trust any request for access, making it harder for an unauthorized user or a potential hostile actor to gain control.

Increased Cyber Threats: As technology advances, so does the sophistication of cyber threats. Applying Zero Trust principles can help protect against potential cyberattacks targeting space assets.

Implementing Zero Trust in Space Domain

For implementing Zero Trust in the space domain, we need to consider several elements:

Authentication: Implement stringent verification measures to corroborate the identities of all users and devices that interact with the system.

Encryption: As data travels from Earth to space and back again, it needs to be encrypted to protect against interception.

Monitoring & Analytics: It’s crucial to monitor network behavior and traffic patterns continuously. Anomalies or irregularities can indicate potential threats that require immediate attention.

Limited trust: Only provide access to systems and data that are absolutely necessary for each user or device.

What are the challenges applying Zero Trust in the Space Domain?

An interesting challenge here is the vast distance of space and the latency it imposes on operations. The implementation of Zero Trust will have to consider the time delay for authentications as well as a secure and efficient key exchange mechanism for encryption.

Thus, applying the principles of Zero Trust in the space domain offers an exciting opportunity in providing secure and reliable communications. While it presents its unique challenges, given the importance of assets in the space domain, the need for enhanced security measures is undeniable, and a Zero Trust model may be the best way forward.

Cloud Security Alliance launched CCZT, the industry-first “Certificate of Competence in Zero Trust”

0

The Cloud Security Alliance (CSA) is a non-profit organization that focuses on promoting best practices for securing cloud computing environments. It was established in 2008 and has since become a leading authority on cloud security, bringing together industry experts, companies, and government entities to address the challenges and concerns related to security in cloud computing.

The Cloud Security Alliance (CSA) announced the 15th november 2023, the launch of the Certificate of Competence in Zero Trust (CCZT), an authoritative zero-trust training and credential program claimed to be a first in the cybersecurity industry.

In this article, we will describe what the Cloud Security Alliance (CSA) is, then we will go back over the main principles of a Zero Trust Architecture (ZTA) in detail, and finally we will explain what the Certificate of Competence in Zero Trust (CCZT) is.

What is Cloud Security Alliance (CSA)

The primary goals of the Cloud Security Alliance include: Educating and Raising Awareness, Developing Best Practices, Research and Thought Leadership, Certifications and Programs, Collaboration, Advocacy.

The Cloud Security Alliance plays a crucial role in advancing the understanding and implementation of security in cloud computing. By providing resources, best practices, and fostering collaboration, CSA helps organizations navigate the complex landscape of cloud security, ultimately promoting a safer and more secure cloud computing environment for businesses and individuals alike.

What is Zero Trust Architecture (ZTA)

The Zero Trust security model, coined by analyst firm Forrester Research, is a holistic approach to network security that mandates no user or machine should be implicitly trusted, either outside or inside of the network. The concept has evolved as a way to minimize cyber threats and data breaches by not granting automatic trust based on network location.

Zero Trust Maturity Model Pillars from CISA

Understanding Zero Trust Principle and Architecture:

Zero Trust operates on the concept “Never Trust, Always Verify”. At its core, it’s designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and including simplified granular user-access control.

In a Zero Trust architecture, security isn’t treated as a one-size-fits-all model. It aims to eliminate uncontrolled access to resources by assuming that a user, system, or device is potentially compromised, regardless of if they are inside or outside of the security perimeter.

Implementing Zero Trust includes but not limited to: Identify Sensitive Data, Micro-segmentation, Multi-factor Authentication (MFA), Real-time Monitoring and Analytics, User Access Control

Application & Scope:

Zero Trust can be applied to any IT environment, from on-premises data centers to public clouds, and from network to endpoints. This approach is highly effective in protecting users and data in today’s perimeter-less workplaces, where employees, contractors, and partners need to access applications from various locations, networks, and devices.

Core Zero Trust Logical Components from NIST Special Publication 800-207

Importance & Future of Zero Trust:

The increasing complexity and fluidity of modern IT environments make traditional perimeter-based security models obsolete. Evolving security threats, remote workforce, digital transformations, cloud adoptions, and complex supply chains led to an increase in the number of digital touch-points that can serve as entry points for sophisticated cyberattacks.

Zero Trust’s focus on securing every access point draws a promising future for IT security. It emphasizes understanding the behavior of network users and devices, thereby enabling early detection and mitigation of potential threats. It offers greater visibility into network activities, lowers the risks of security breaches, and improves compliance by implementing granular data control.

From organizations looking to secure their remote workforces to businesses wanting to lock down their supply chains, Zero Trust is poised to become the new normal for cybersecurity. As entities come to grips with a ‘trust no one’ model, they will be better positioned to tackle the cybersecurity threats of the future.

What is Certificate of Competence in Zero Trust (CCZT)

The Certificate of Competence in Zero Trust (CCZT) is the authoritative Zero Trust training and certificate that delivers the knowledge needed to understand the core concepts of Zero Trust. Developed by CSA, the trusted industry leader for cloud security certificates, the CCZT builds knowledge to drive the definition, implementation and management of Zero Trust over time.

Who is CCZT for?

With Zero Trust established as the future of information security, a Zero Trust based approach will inevitably become a requirement for organizations and a required skill for security professionals. Here are just a few examples of those who should prepare for this inevitability with the CCZT:

  • The C-Suite, managers, and decision makers to build a Zero Trust governance and risk posture
  • Security engineers, architects, analysts, and administrators to protect devices and build/ automate controls
  • Compliance managers to identify the key components of the Zero Trust Governance
    Framework and how it supports an organization’s risk and compliance programs

What is the CCZT exam structure?

The CCZT is an open-book, online exam with 60 multiple choice questions covering six core areas of Zero Trust knowledge. Testers have two attempts to complete the exam in the allotted 90-minute timeframe and achieve a minimum passing score of 80%.

What does CCZT cover?

The CCZT evaluates an individual’s knowledge and expertise in these six areas of critical Zero Trust knowledge:

Are there required prerequisites?

There are no prerequisites required for the CCZT, however it is helpful to have your Certificate of Cloud Security Knowledge (CCSK) or a basic understanding of security fundamentals. Completing the ZTT is also highly recommended to prepare for the CCZT.

How do I prepare for the CCZT exam?

There are currently three options to prepare for the exam. Comprehensive CCZT Study Guides are included with the purchase of all CCZT exam tokens.

  1. Study on your own. Use the free prep-kit to facilitate your independent learning style. The kit includes a CCZT knowledge guide, this FAQ, overview presentation, and authoritative sources to help you prepare.
  2. Self-paced training online. If you need training flexible enough for your schedule and budget, self-paced online training may be a good fit. The CCZT is based on CSA’s Zero Trust Training (ZTT), an online course that delivers the fundamentals needed to understand the core concepts of Zero Trust covered in the exam.
  3. Instructor-led training online. This option is good for organizations with tight travel budgets or individuals who prefer a more personal instruction. Learn remotely while still being able to interact with your instructor. Look for a course that fits your schedule.

What is the cost?

The CCZT exam, including study guides, costs $175 and is valid for two years from time of purchase. CCZT instructor-led training with exam and study guides is $1895. The ZTT online course, exam and study guides bundle can be purchased for $455. All listed pricing is confirmed for 2023 only. CSA corporate members qualify for special CCZT pricing and discounts are also available for group training.

Is a digital badge available?

Yes. A CCZT digital badge is issued upon successful completion of the exam. Leverage the CCZT digital badge on your social media channels and resume to showcase your knowledge and validate your expertise.

More infos about CCZT

Check CSA website here

Very proud to have earned the Kelley School of Business – Space Cybersecurity Professional Certificate

0

I’m pleased to announce that I have obtained a new certification: Kelley School of Business Executive Education Space Cybersecurity from Indiana University – Kelley School of Business !

I’m very proud to took part of this program dedicated to cybersecurity of space systems provided by the top-ranked Indiana University – Kelley School of Business.

I took part in this program on my own time and as an evening course.

As a cybersecurity professional and space passionate, my wish was to develop my knowledge and skills in order to better understand cybersecurity for space systems.

It was a 10-week synchronous teaching and interactive webinar series that will provide participants with in-depth understanding of the cyber threats to space systems and the tools to develop and implement effective strategies for managing cyber risks to space-based infrastructure.

The Kelley Space-Cybersecurity program is one of the first program in the United States, and indeed globally, to offer specialized focus on protecting the cybersecurity of space assets.

At the end of this program, I have now the capability to develop and implement effective strategies for managing cyber risks to space-based infrastructure. I also gained in-depth understanding of cyber threats, and how to manage related issues including supply chain security.

It was a great opportunity for me to explore cybersecurity challenges specific to space systems.

I would like to thank for creating this program:

  • Scott Shackelford JD, PhD as the JD Executive Director in the IU Center for Applied Cybersecurity Research; and Provost Professor in the Kelley School of Business – IU

  • Eytan Tepper as Visiting Assistant Professor & Director, Space Governance Lab at Indiana University Bloomington

I would like also to thank for their contribution and presentation:

  • Gregory Falco, LEED AP, Professor at the Cornell University
  • Henry Danielson, Professor at the California Polytechnic State University-San Luis Obispo
  • Brandon Bailey, cybersecurity senior project leader at The Aerospace Corporation
  • Nick Saunders, Chief Cybersecurity and Data Officer, Government Systems at Viasat
  • Scott Nelson, Senior Advisor Space-Cyber Nexus
  • Michael Campanelli, Aerospace Practice Manager – Worldwide Public Sector
  • Erin M. Miller, Executive Director at Space ISAC

More information

  • All informations about this course here
  • Check my certification digital badge here

Viasat Attack: A Space Cyber Attack Post Mortem Investigation

0

Introduction

In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization’s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken to further mitigate the impact moving forward (Chapter 3). Finally, I will think about what the attacked organization could have done beforehand to prevent the attack (Chapter 4).

Disclaimer, details and references

To do this analysis of the Viasat cyber attack, I used 3 articles, documents or papers detailed below:

First, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University). In their open-source intelligence, they reconstructed the lifecycle of the attack. They specified that however, without first-hand knowledge of ViaSat’s systems, they cannot be certain about their hypothesis.

Viasat’s statement (2) on Wednesday, March 30th, 2022 provides a somewhat plausible but incomplete description of the attack. In a statement disseminated to journalists (3), Viasat confirmed the use of the AcidRain wiper in the February 24th attack against their modems.

At the DefCon 31, Mark Colaluca and Nick Saunders from Viasat presented a talk named Defending KA-SAT. During this talk, they argued not to believe everything that you can read on the internet. It’s often simply inaccurate. They told that there is no evidence or proof of the claims. There is no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference. Regarding, the possibility that wiper-malware was deployed and erased the hard drives of the modems, they answered that modems don’t have hard drives.

1. Summary of chronology of events

The Ukrainian conflict shown the potential and temptation of targeting space assets during an armed conflict between two states. Telecommunications satellites are vital to both national security and the economy. But unfortunately, they are also increasingly vulnerable to cyber-attacks and increasingly targeted by malicious actors.

Regarding the Ukrainian conflict, one example is the cyber-attack on the Viasat satellite company.

The Viasat attack was a cyberattack on American communications company Viasat affecting their KA-SAT network, on 24 February, 2022. Thousands of Viasat modems got hacked by a deliberate cyber event. Thousands of customers in Europe, especially in Ukraine, have been without internet for a month since.

Viasat is an American communications company based in Carlsbad, California, with additional operations across the United States and worldwide. Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

This attack began approximately one hour before Russia launched its major invasion of Ukraine. UK and US intelligence assesses that Russia was almost certainly responsible for the attack.

According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access via internet to the trusted management part of the KA-SAT network.

The vulnerability used by the attackers is CVE-2018-13379, corresponding to a vulnerability in the Fortinet firewall discovered in 2019.

Once on the trusted management segment of the KA-SAT network, the attackers issued commands to select specific beam spots and then signal to the modems.

They overwrote part of the flash memory in modems, making them unable to access the network, but not permanently damaged. The satellite itself and its ground infrastructure were not directly affected.

With their open-source intelligence, the team [1] (Nicolò Boschetti, Nathaniel Gordon and Gregory Falco) schematized the entire attack lifecycle in the diagram below.

Figure 1 : The anatomy of the ViaSat attack broken into seven levels of escalation. From : Nicolò Boschetti (Cornell University) and Gregory Falco (Cornell University) – 2022

2. Criticism of the organization’s response to the cyber attack

ViaSat seems to be a company with dual-use satellites – satellites that can serve both civil and military. Presumably, Viasat was not prepared to be a military target in. I think that dual-use commercial space companies must be aware and prepared to be a military target in.

Viasat also appears to be a geographically dispersed organization. The ground segment of Viasat is called KA-SAT Network. Launched and owned by Eutelsat, the KA-SAT network was acquired by ViaSat in 2020. During the acquisition transition period, the management of the ground segment was still in the hands of the Eutelsat subsidiary Skylogic. Each subsidiary is responsible for different elements of the KA-SAT infrastructure.

This organizational complexity makes challenging to have homogenous security controls and the geographic dispersion of the organizations and their integration through corporate acquisition did not help with the managerial coordination of the attack response. When responding to the attack, there was an apparent lack of coordination of ViaSat, Eutelsat, and Skylogic.

3. Additional suggestions that could have been taken to further mitigate the impact moving forward

As additional steps that I can suggest is the need for an agile and software-enabled strategy to quickly respond to attacks. Indeed, the AcidRain wiper malware resulted in the development of a lot of inoperable modems. Shipping tens of thousands of modems is undoubtedly time-intensive and costly.

Given the critical nature of the satellite communication system, it is unacceptable for such a delay. Viasat need to deploy a better agile response to attack like the possibility to deploy a software update that was developed to restore access for users.

4. What the attacked organization could have done beforehand to prevent the attack

This attack is a concrete example of malicious operations carried out by a group of adversaries during a space-cyber war.

To combat cyber-attacks on space systems, states should adopt national policies to defend against threats to space-based assets and applications. This won’t prevent space-cyber hostilities, but it could provide protections against space-cyber threats.

Verification and Validation before launch are also very important. Space systems, once launched and deployed, are subject to limitations around structural modifications. For example, Terminals, Modems or End User Equipment are not easily replaced or modified.

Viasat should also do penetration testing in order to test robustness before deploying their equipment. They also need to ensure there equipment are hardening as the good security level.

Viasat need to do threat modelling for Space Systems. Threat modelling plays a crucial role in risk mitigation. Threat modelling helps to identify the security requirements of a system or process and is far more cost-effective than reacting to a breach or attack

Viasat need also to do security risk analysis. Risk analysis allows to identify risk and their likelihood and impact on a system. Risk analysis allows also to identify mitigation plan to reduce risks.

Viasat as satellite providers must be concerned about its supply chains and vendor ecosystems. Given the critical nature of the satellite communication system, Viasat need to monitor its supply chain. Supply chain has been identify by ENISA, the European Union Agency for Cybersecurity, as the mainly attack threat vector in 2021. Viasat should engage in supply chain security best practices such as conducting extensive vendor cybersecurity evaluations.

Finally, Viasat should establish a strong patch management program in order to maintain a regular security update.

Main References

Detecting Aircraft Spoofing With Fly-Catcher

0

Aviation technology is vulnerable to a wide range of cyber threats. Hackers can easily spoof “ghost” aircraft into the sky.

In order to tackle this issue, Angelina Tsuboi, a pilot and a cybersecurity researcher developed a device called Fly Catcher to detect instances of aircraft spoofing on ADS-B. She also flew it on a plane over the coast of Los Angeles.

Fly Catcher monitors the ADS-B 1090MHz frequency to detect spoofed aircraft by ground-based hackers using a custom AI model and neural network.

The device consists of a 1090MHz antenna, FlightAware SDR, a custom 3D chassis and a Raspberry Pi, and scans nearby ADS-B messages and runs them through a neural network to detect fake aircraft transmitted by bad actors.

You can check out the project GitHub here.

You can also read the project article on Medium here.

Watch Fly Catcher in action on YouTube

Angelina’s Website: https://www.angelinatsuboi.net/

The Interstellar Integrity (i2) magazine interviewed me about my passion for space and cybersecurity

0

I’m very proud to be featured in the second edition (nov 2023) of Interstellar Integrity (i2) released by ethicallyHackingspace(eHs)®.

Thank’s to William Ferguson for this interview :

  • I introduce myself and my personal background
  • I explain my passion for space and cybersecurity
  • I explain my work about the analysis of the Viasat Cyber Attack with the MITRE ATT&CK Framework (MITRE)
  • I describe my engagement and how I built the best community on LinkedIn and Discord for space and cybersecurit

An excerpt of the Interstellar Integrity (i2) – second edition (nov 2023)

I’m very proud to be featured alongside the following space cybersecurity professionals:

Full issue of the Interstellar Integrity (i2) – second edition (nov 2023)

In this issue, you can also check Data Space with SpaceGPT.

More informations

  • You can read the full issue of the second edition of Interstellar Integrity (i2) here.
  • You can read my article about the analysis of the Viasat cyber attack with the MITRE ATT&CK framework here.
  • You can join my LinkedIn group about Space Cybersecurity Community here.

L’Aéro Recrute, un nouveau programme dont je suis Ambassadeur : Pour mettre en avant la filière de l’Aéronautique, du Spatiale, de la Défense et de la Sécurité

0

Je suis fier de rejoindre le programme L’Aéro Recrute. Je suis nommé Ambassadeur pour la filière Aéronautique et Spatiale.

A ce titre, vous pouvez me contacter via mon profil Ambassadeur sur My Job Glasses afin d’échanger avec moi.

L’aéronautique et le spatial sont à l’aube de plusieurs révolutions. Pour relever ces défis environnementaux et technologiques, L’AÉRO RECRUTE.

Notre filière est spécialisée dans l’étude, le développement, la réalisation, la commercialisation et la maintenance de tous programmes et matériels aéronautiques et spatiaux, civils et militaires, ainsi que de systèmes de défense et de sécurité.

De l’ingénierie à la production, en passant par la maintenance, plus de 25 000 recrutements sont prévus en 2023 partout en France, tendance qui devrait se confirmer les prochaines années.

Talents de tous horizons, du CAP au Bac+8, ouvrez-vous à de nouvelles opportunités dans des métiers de pointe et de passion où l’innovation est partout.

Pour en savoir plus sur L’ Aéro Recrute

My work about the Viasat attack analysis featured in the SIGN.MEDIA #2 newsletter

0

I’m very proud to be featured by Olga Nasibullina and Tatiana Skydan in THE SIGN.MEDIA #2 newsletter.

Olga Nasibullina works mainly on cybersecurity workforce development, government relationships, cyber diplomacy and space cybersecurity.

Tatiana Skydan is the founder of the Podcast Bar & co-founder of The SIGN media.

Tatiana and Olga mentionned my work about the Viasat attack analysis:

  • I compared the 4 frameworks that can be used for the space sector: MITRE ATT&CK, SPARTA, SPACE-SHIELD and TREKS.
  • I explain why I choose the MITRE ATT&CK Framework
  • I identified Tactics, Techniques and Procedures (TTPs) from the MITRE ATT&CK matrix that have been used by the hackers
  • I mapped them on the MITRE ATT&CK Navigator in order to have the complete attack chain.

  • I drawn a diagram as a Cyber Kill Chain showing all TTPs mapped on the entire attack life cycle of the Viasat cyber attack.

Thank’s again to Tatiana and Olga to have referenced my work in their THE SIGN’s newsletter.

To know more

Last Posts

Hacktivism Goes Orbital: Investigating NB65’s Breach of ROSCOSMOS

0
In March of 2022, Network battalion 65 (NB65), a hacktivist affiliate of Anonymous, publicly asserted its successful breach of ROSCOSMOS’s satellite imaging capabilities in...

Successfully passed the “Certificate of Competence in Zero Trust” (CCZT), the first Zero Trust...

0
I february 2024, I successfully passed the Certificate of Competence in Zero Trust (CCZT) from the Cloud Security Alliance (CSA). This certificate is a logical...

“Space Cybersecurity” magazine special edition from PenTest and Hakin9

0
PenTest and Hakin9 are very proud to present with a special edition, created in a collaborative process between experts in the field of space...

“Introduction to Cybersecurity in Space Systems” with Tim Fowler is coming up during the...

0
Tim Fowler will provide a training course called "Introduction to Cybersecurity in Space Systems" at "The Most Offensive Con that Ever Offensived – Bypass...

Aerospace cybersecurity manuals bundle : satellites, drones, airplanes, and signals intelligence systems

0
Angelina Tsuboi is a programmer, mechatronics developer and Engineer, a pilot, a Scientific Researcher and cybersecurity researcher. She is currently working for NASA. She...

Popular posts

Description of the Elements of a Satellite Command and Control System

1
In order to be able to analyse the various threats and identify the risks facing a space system, it is necessary to describe precisely...

Cartographie des acteurs étatiques du cyber en France

0
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...

Install KYPO Cyber Range Platform on Openstack and Ubuntu in AWS cloud

4
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...

Qu’est-ce que le grand Commandement De l’Espace (CDE) créé par la France pour la...

0
Le Commandement De l’Espace (CDE) a été créé par arrêté le 3 septembre 2019. Il succède au Commandement interarmées de l’espace (CIE). Il rassemble...

What are the threats to space systems?

0
In this article, we will try to identify the various threats to space systems. This article is a synthesis of the CSIS (Center for Strategic...