“The space sector is in need of new frameworks and methodologies specific to our unique operating environment” said Gregory Falco (Aerospace Security & Space Technology Asst. Prof at Johns Hopkins, Cybersecurity PhD from MIT).
The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA)
The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) framework was already in place. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions. SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle. You can learn more about SPARTA in our article here.
Space Attack Research and Tactic Analysis (SPARTA) matrix
The SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA
There was also the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA. SPACE-SHIELD is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD in our article here.
SPACE-SHIELD or ATT&CK Matric for Space
The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework
Now, after more than five years spent researching and working on space system cybersecurity, Dr. Jacob Oakley released the Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework.
About Dr. Jacob Oakley
Dr. Jacob Oakley is a cybersecurity professional and author with over 17 years of experience. A foremost expert on offensive cybersecurity, cyber warfare, and space system cybersecurity, he has advised Department of Defense (DoD) and Fortune 500 executives on strategic mitigation of risks and threats to globally distributed, multi-domain network architectures.
Dr. Jacob Oakley
The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity framework was developed to provide a taxonomy for understanding, protecting against, and decomposing cybersecurity compromises of space-resident systems, otherwise known as space vehicles (SVs).
TREKS is intended to provide a bridge between the existing frameworks available to address, categorize, taxonomize and analyze cybersecurity compromises of traditional terrestrial based network architectures and the future of cybersecurity for space where those frameworks become more applicable as compromises become more frequent, prolific, and acknowledged. This framework can provide a taxonomy that can be used to characterize foundational aspects of cyber threats to SVs in a way that allows for the identification of trends and enables analysis of this niche target set at the intersection of the space and cyber domains.
Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework
“This framework should be utilized to typify a space vehicle (SV) as a target, based on the function of that SV and an actor’s motivation for targeting it, tying those compromise characteristics to what vectors could be leveraged to exploit subsystems and execute effects related to said motivation. The initial version of this framework could be seen as satellite centric, but the intent is to continuously build out the understandings surrounding this taxonomy to best incorporate all manner of SVs, from satellites to weapons to crewed vessels, labs and beyond.” said Dr. Jacob Oakley.
The TREKS Companion: A Guidebook to the TREKS Cybersecurity Framework
The purpose of this guidebook is to act as a reference to the included TREKS cybersecurity framework and aid in its use by the offensive and defensive cybersecurity communities as well as space system owners and operators.
About future work
This guidebook will continue to be a living document, edited, and updated based on feedback from both the space and cyber communities, with new versions released as appropriate.
As was stated at the beginning of this guidebook, this is intended to be a continuously updated living document to make it easier to leverage and utilize the TREKS cybersecurity framework and act as a mechanism to keep the framework itself up to date.
“Like the Aerospace Corporation’s SPARTA framework contextualizes unique vulnerabilities and countermeasures for the space vehicle, the TREKS framework highlights the unique kill chain for the space vehicle. I encourage Space ISAC and others deep in the weeds of space cyber ops to consider leveraging this” said Gregory Falco.
For usage and licensing information please visit the treksframework.org website.
CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.
CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.
Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.
Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.
Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.
To find the full programme and more information on the event, visit: https://cysat.eu/
Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile about the Hacking demo at CYSAT 2023: world first or “déjà vu”❓ Here is what he knows 👇
We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.
Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT
#Hacking demo at CYSAT 2023: world first or “déjà vu”❓Here is what I know 👇
The exact claim is first “ethical hacking demonstration performed on a flying satellite” 🏅
⚠️ Every word counts!
1️⃣ in the real world
Since satellites have been used for intelligence and military communications oh boy they’ve suffered many cyber attacks. Some have been successful, many haven’t.
I’d say most of the “attacks” publicly disclosed have not actually managed to disturb the nominal operations of the space segment
Examples include the Luch-Olympe fly-by, the Viasat attack (the Ka-sat satellite is still working perfectly fine!), all the jamming / spoofing attacks in the black Sea or Iran, etc etc
For the very few which seem to be related to the space segment I’d be very careful as most of the time the actual facts remain scarce and hard to prove (example: ROSAT story in 1998)
2️⃣ Security research
Some researchers did some really interesting stuff to point out the vulnerabilities of space systems but to my best knowledge never actually went all the way
I’m thinking about James Pavur for example that was among the pioneers in space security. He made a big splash by showing he was able to #eavesdrop quite easily on sensitive data transmitted by satellite 📡 but never performed an experiment on the satellite itself.
3️⃣ Ethical hacking
In terms of ethical hacking the number one reference is the US Air Force competition Hack-a-sat.
💬 “it’s been done already in Hack-a-sat” is the number one comment I’ve read below the CYSAT articles.
Well, no. Not yet exactly.
Hack-a-sat 1, 2 and 3 were done on the ground. On flatsats. Nothing was flying in orbit. Check out the testimonials of European hackers at CYSAT 2021 and 2022.
However it is true that hackers will get the chance to hack “Moonlighter”, a flying 3U cubesat during Hack-a-sat 4 later this year 👾
4️⃣ Hack CYSAT 2022
There is also a bit of confusion regarding of what happened last year.
We had this idea of hacking a flying satellite back in the summer 2021 with CYSEC CEO and CYSAT co-founder Patrick Trinkler.
It took us a while to find a satellite operator that was okay to let hackers play with it
Finally I heard of OPS-SAT which I thought would be the ideal spacecraft to do a security demo.
Then it took David Evans and I some time to build the case to ESA’s management.
Finally in February 2022 we published the Hack CYSAT open call to invite hackers to submit their ideas, among them Didelot Maurice-Michel that blogged about a vulnerability he spotted and told ESA to fix it, which ESA did. But nothing was done on the 🛰️
5️⃣ random articles
Various articles out there are mixing the words “satellite” and “hacking”, like the guys that “hijacked” a satellite to play a movie, etc etc. None of them did what we claim the Thales team did at CYSAT.
👉 So to me it looks like it had never been done before but maybe I’m wrong!
👇 PLEASE comment below if you have other references!
Check this demo in video
All 2023 CYSAT videos are online
All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.
A propos de CYSEC
CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.
The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.
CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.
CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.
Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.
Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.
Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.
To find the full programme and more information on the event, visit: https://cysat.eu/
Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile what was the point of the Thales demo at CYSAT. First, Mathieu what was NOT part of the demo.
We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.
Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT
For the short-medium term it is reasonable to assume that cyber attacks on space systems disturbing the nominal operations of the mission (i.e. taking control of the spacecraft bus and/or payload but excluding eavesdropping) remain ground-based.
That means discarding scenarios involving rogue satellites with capabilities to perform non-cooperative rendez-vous. To me that’s fair for the next 5 years.
2 main scenarios:
1. the spacecraft is flying and operational
👉 then the attacker has to go through the ground segment (mission control, ground stations, etc) before reaching the spacecraft
👉 the attacker is capable to send TMTC that are valid and executed on board without the operator noticing or able to react (e..g via its own ground stations)
2. the spacecraft is under development on ground (design, assembly, test, transport, launch)
👉 the attacker manages to access information (e.g. cryptographic keys) or to install a malware / backdoor on board (e.g. corrupting the flight control software)
These are the typical scenarios with the biggest likelihood x severity scores.
👉 None of the above were covered by the Thales demo since the ground segment was out of the scope as the team was granted the access to OPS-SAT (as any other experimenter).
2️⃣ On-board: not representative of most missions ❌
🔹On-board, OPS-SAT is also very “unique” since it’s been pioneering many technology innovation like flying Linux, re-configuring FPGAs on a daily basis, etc (read all OPS-SAT firsts here 🔗 https://lnkd.in/eC3eDgDv) 💪
👉 So the demo by Thales has been done a spacecraft that is currently not representative of the current missions in operations or close to the launch pad (especially institutional missions!)
❓ So what was the point of this demo then ❓
I’m getting there!
🔹The point was to show that current space tech trends (advanced on-board processing, regular in-orbit reconfiguration, as a service models, etc) are all great progress that will soon be adopted by most operators BUT that come at the expense of greater cyber risks 👾
🔹And currently the space industry (especially #newspace) is embracing these innovations without the security culture that should come with it 🤠
👉That’s why showing how security experts can manipulate data, take control of the Attitude and Control system of a modern spacecraft by using various methods of privilege escalation exploiting flaws on access management and Linux helps to spread the word: 📢 BE PREPARED!
Summary of the full attack flow
Summary of the full Thales attack flow
Check this demo in video
An analysis of the CYSAT 2023 Demo by SPARTA team
Brandon Bailey & Brad Roeher from the SPARTA team analyzed, in this article, Thales Group’s CYSAT ’23 presentation material to deconstruct the experiment, extract lessons learned, and document potential countermeasures.
The SPARTA (Space Attack Research and Tactic Analysis) Framework was used to identify the tactics, techniques, and associated countermeasures associated with the experiment/attack.
They utilized the SPARTA Navigator tool to construct the attack chain and generated an Excel export to pinpoint relevant countermeasures. Subsequently, a thorough analysis is conducted to ensure the applicability of the associated countermeasures to the specific Tactics, Techniques, and Procedures (TTPs).
The SPARTA Navigator proves invaluable in presenting a comprehensive array of countermeasures categorized by defense-in-depth, effectively minimizing the risk posed by TTPs. By leveraging the SPARTA Navigator, we successfully map the attack chain to SPARTA TTPs, as exemplified below.
Upon exporting the data from the SPARTA Navigator, they have identified eight countermeasures. Out of these, five pertain to terrestrial countermeasures intended to prevent vulnerable software from infiltrating the spacecraft. The remaining three countermeasures are implemented onboard the spacecraft itself, serving to protect against and/or detect the TTPs executed during the experiment.
All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.
A propos de CYSEC
CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.
The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.
The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.” The finished report was presented to the public on March 11, 2020. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 reauthorized the Commission to collect and assess feedback on the analysis and recommendations contained within the final report, review the implementation of the recommendations contained within the final report, and completing the activities originally set forth for the Commission.
Today, the Cybersecurity Solarium Commission (Solarium CSC 2.0) has endorsed designation of space systems as a critical infrastructure sector.
Time to Designate Space Systems as Critical Infrastructure
America’s adversaries recognize the importance of space systems to U.S. national security and economic prosperity and have tested capabilities to destroy them.
Find below the Executive Summary of the report
You can access to the Executive Summary of the report here.
“We’re in a space race” with China, NASA Administrator Bill Nelson warned in December. The nature of that race is different from the Cold War contest with the Soviet Union that America fought and won. The national security components of the space race today include not just weapons systems but also the security of critical infrastructure — much of which relies on global positioning satellites, remote imagery, and advanced communication. The economic aspect is just as striking. The Space Foundation, a nonprofit advocacy group, has determined that the global space industry generated $469 billion in revenue in 2021. This number will only increase with technological and manufacturing innovation.
More than a decade ago, the U.S. National Security Space Strategy warned that space will become more “congested, contested, and competitive.” This warning proved prescient, but the U.S. government has not done enough to adapt to that reality. Major portions of American space systems are still not designated as critical infrastructure and do not receive the attention or resources such a designation would entail. The majority of today’s space systems were developed under the premise that space was a sanctuary from conflict, but this is no longer the case. The threat from Russia and China is growing. Both those authoritarian powers have placed American and partner space systems in their crosshairs, as demonstrated by their testing of anti-satellite (ASAT) capabilities. The United States needs a more concerted and coherent approach to risk management and public-private collaboration regarding space systems infrastructure.
After interviewing more than 30 industry and government experts, the authors have concluded that designating space systems as a U.S. critical infrastructure sector would close current gaps and signal both at home and abroad that space security and resilience is a top priority. In 2013, Presidential Policy Directive-21 (PPD-21) designated 16 critical infrastructure sectors “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” Space systems clearly meet this threshold.
The term “space systems” encompasses the ecosystem from ground to orbit, including sensors and signals, data and payloads, and critical technologies and supply chains. (See Figure 1.) This terminology (which sidesteps the conceptual debates about whether “space” is an infrastructure or only a domain) aligns with presidential Space Policy Directive-5 (SPD-5) of September 2020, which defines space systems to include ground systems, sensor networks, and space vehicles. SPD-5 provided a set of voluntary best practices “to guide and serve as the foundation for the United States Government approach to the cyber protection of space systems.” This report seeks to build on these efforts, which constituted an important step toward recognizing and addressing the implications of the nexus between the cyber and space domains.
Protecting space systems will require an enhanced model of public-private partnership with genuinely shared risk management responsibilities. On the government side, the agency that serves as lead sector risk management agency (SRMA) for this sector will have a demanding task — but one that NASA is well suited to fulfill so long as it receives the extra resources necessary to develop its capacity to protect national security, civil, and commercial systems. There will need to be subgroups within the sector that maintain relationships with other government agencies. One subgroup should deal with defense and intelligence systems, and another with communications systems already regulated by the Federal Communications Commission (FCC). But no alternative candidate for lead SRMA possesses the same range of requisite capabilities as NASA.
Fostering security and resilience in the space systems sector will require mitigating unique cybersecurity challenges that stem from the geographic and technological particularities of space, as well as new and emerging space-based missions. Substantial investment through congressional appropriation will be imperative because policy without resources is merely rhetoric.
This report does some recommendations for Congress
Recommendation 1: Designate space systems as a critical infrastructure sector.
1.1 – Designate NASA as the SRMA for the space systems sector.
1.2 – Create two directed subgroups within the sector.
1.3 – Do not assign the SRMA as a regulatory role.
1.4 – Articulate and offer industry a clear value proposition.
1.5 – Strengthen international norms and standards.
1.6 – Integrate the National Space Council into the governance of the space systems sector.
Recommendation 2: Give NASA, the lead SRMA, the resources to effectively accomplish the mission.
2.1 – Direct the Congressional Research Service to undertake a legislative review.
Recommendation 3: Marshal and organize the commercial space community to play an instrumental role in governance.
3.1 – Establish a space systems sector coordinating council (SCC).
3.2 – Task the SCC, through its charter, with working to reduce risks to the security and resilience of the commercial space sector.
3.3 – Leverage and build upon the existing work of Information Sharing and Analysis Centers (ISACs), including the Space ISAC.
Recommendation 4: Create a co-led risk management enterprise.
4.1 – Jointly elaborate and widely implement cybersecurity best practices.
4.2 – Pair commercial and government capabilities to model a dynamic risk environment.
4.3 – Add space assets positioned outside of traditional operational areas to enhance U.S. resilience.
The space systems threat spectrum
Here is a quite nice graphic showing at a high level space systems and the threats we have to address.
The examples cited below are illustrative and not exhaustive.
In-Orbit segment
Beams (Tracking/Other Uses), Satellites. Spacecraft. Space Debris,
and Space Mining and Manufacturing
THREATS : Anti-satellite, Command Intrusion, Denial Of Service (DoS), Malware, Payload Control, Space Debris
CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.
CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.
Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.
Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.
Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.
To find the full programme and more information on the event, visit: https://cysat.eu/
Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile the key takeaways he retained during these 2 days. We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.
Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT
My 9️⃣ take-aways from CYSAT season 3 👇 from a happy event director!
1️⃣ A success💥
🔹Our mission 🎯 to raise awareness about #cybersecurity in the #space industry is progressing
🔹This can only be achieved by connecting people. We double the number of participants every year 📈, we manage to get all players involved ✅
🔹Many positive feedback of people happy to meet and network. Just for that CYSAT season 3 was a success!
2️⃣ Tech sessions were a big hit!
🔹NEW this year, many people mentioned the quality of the presentations
🔹Thanks to the startups and researchers on stage (with the normal rate of live demo failures 🤓)
🔹Kudos to all presenters, especially my colleagues Yannick Roelvink and Louis Masson for presenting respectively the CYSEC products ARCA SATCOM and SATLINK 🚀
3️⃣ Ukraine and Viasat 🇺🇦
🔹The 2022 attack definitely shook off the industry
🔹Was important for me to have a first-hand testimonial of General Oleksandr Potii live from Kiev explaining the critical importance of 🛰️
🔹Not only for comms and intelligence on the battlefield but also to allow civilians to stay connected 🌍
4️⃣ Team Europe 🇪🇺
🔹Honored to have space execs coming now to CYSAT using the event to make major announcements
🔹The EU commission represented by Guillaume de La Brosse took the opportunity to promote the upcoming EU Space law and EU Space ISAC. These are two big news, can’t wait to hear more about it
5️⃣ #IRIS2: high expectations
🔹One of the hottest topic this year. Stakes are high and timing is tight!
🔹Was great to have a more extensive appreciation of the Comission’s perspective on the cyber aspects with Nicolas Guillermin
🔹Both EUSPA with Rodrigo da Costa and ESA with Massimo Mercati presented their approach and upcoming opportunities for the industry
6️⃣ Hacking demo 👾
🔹Thales is making the buzz after presenting their successful demo of hacking and recovering ESA’s OPS-SAT 👏
🔹This is something we’ve been trying to do since summer 2021 so very happy to finally see it on stage 👊
🔹Thales team did a great job at explaining the technical aspects of the demo ⚙️ and were very transparent about the support they received from the OPS-SAT team, 👌 David Evans
7️⃣ Greg Wyler: “Less is more”
🔹Very happy to host Greg, a legendary space entrepreneur now full steam with his latest venture E-Space.
🔹I liked his approach of making things as simple as possible to reduce the attack surface and make the CISO or the PSO’s jobs a realistic task.
8️⃣ Finding talents! 👨🎓 👩🎓
🔹I think every single speaker I was on stage with said they were looking for talents. This is a major challenge now
🔹We had about 50 students at CYSAT with free tickets, hope they were able to make the most of it!
9️⃣ CYSAT 2024
Not everything was perfect this year, the acoustic was terrible the first morning, coffee would be appreciated at the start of the day, food can be massively improved, etc we will learn and improve for next year!
All 2023 CYSAT videos are online
All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.
A propos de CYSEC
CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.
The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.
Thank’s to Calogero Vinciguerra (Space Policy Officer & Space Threats Response Architecture DO at the European External Action Service, EEAS) and Kimberly King (Senior Engineer at The Aerospace Corporation) for helping me to write this article.
Aerospace Corporation released SPARTA v1.3, a new version of the Space Attack Research and Tactic Analysis (SPARTA) matrix.
The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.
SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.
SPARTA framework offers space professionals a taxonomy of potential cyber threats to spacecraft and space missions.
SPARTA framework “is intended to provide unclassified information to space professionals about how spacecraft may be compromised via cyber means.”
SPARTA v1.3 delivers significant updates. You can find all relevant updates in this blog post.
SPARTA cyber-security framework defines and classifies the activities, tactics, techniques and procedures (TTP) implemented by malicious hackers, aimed at compromising the functionality and operation of both space vectors and satellite systems in orbit.
In v1.3, a new presentation from CySat 2023 has been posted here.
Video of the CYSAT 2023: Demo “Hacking Spacecraft using Space Attack Research and Tactic Analysis”
Demo by Brandon Bailey (SPARTA), Senior Cybersecurity Project Manager at The Aerospace Corporation.
What about SPARTA vs. ATT&CK MITRE ?
The current cyber-security frameworks – MITRE’s ATT&CK and Microsoft’s Kubernetes – while representing the industry standard for analyzing attacks on terrestrial devices, however, do not sufficiently cover the space segment scenarios.
What about SPARTA vs. SPACE-SHIELD ?
SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD here.
Need to go futhermore MITRE ATT&CK framework ?
To go futhermore the concept of MITRE ATT&CK framework applied on specific domain, you can also have a look on the MITRE ATT&CK for ICS Matrix.
The MITRE ATT&CK for ICS Matrix is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied.
The MITRE ATT&CK for ICS matrix (Source: https://collaborate.mitre.org/attackics/index.php/Main_Page )
Below is the mapping of Stuxnet attack on the ATT&CK for ICS matrix (Than’ks to Airbus Cybersecurity). « Mapping Stuxnet to the ATT&CK for ICS matrix, as shown in figure 3, quickly shows how complex this attack was. Business risk owners can now identify which techniques to focus on if they need to minimise the risk from strikes like Stuxnet. »
Mapping of Stuxnet on the ATT&CK for ICS matrix (Source: https://airbus-cyber-security.com/mitre-attck-for-ics-everything-you-need-to-know/)
About Aerospace Corporation
Source : Linkedin Profile
The Aerospace Corporation has provided independent technical and scientific research, development, and advisory services to national-security space programs since 1960. We operate a federally funded research and development center (FFRDC) for the United States Air Force and the National Reconnaissance Office and support all national-security space programs. We also apply more than 40 years of experience with space systems to projects for civil agencies like NASA and the National Oceanic and Atmospheric Administration, commercial companies, universities, and some international organizations in the national interest.
From our inception, our highly skilled technical people have focused on ensuring the success of every mission and developing the most effective and economic space-related hardware and software in the world. Our insight and involvement in space programs has significantly reduced the risk of launch failure and increased both satellite endurance and performance. Avoiding a single catastrophic failure resulting in the loss of operational capabilities can save the government more than three times the total annual Aerospace FFRDC budget.
We don’t manufacture anything. Our greatest asset is the technical expertise of our people. Our involvement spans all facets of space systems: including systems engineering, testing, analysis, and development; acquisition support; launch readiness and certification; anomaly resolution; and the application of new technologies for existing and next-generation space systems. Our state-of-the-art laboratory facilities are staffed by some of the leading scientists in the world.
NIST released IR 8401, a new guidance named “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”.
NIST IR 8401 is a Cybersecurity Framework for Addressing Satellite Cybersecurity to the Ground Segment of Space Operations
NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.
Fig. 1. Satellite Ground Segment Components of Commercial Space Operations
NIST IR 8401, Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control, applies the NIST CSF to the ground segment of space operations. The document defines the ground segment, outlines its responsibilities, and presents a mapping to relevant information references. The Profile defined in this report provides a flexible framework for managing risk and addresses the goals of Space Policy Directive 5 (SPD-5) for securing space.
Ground Segment is composed of Terminals, Mission Operation Centers and Payload Operation Centers as described in the figure below.
Fig. 2. Components In and Out of Scope for the Profile
Find below the Abstract of the IR 8401
Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services, as illustrated by the increased use of commercial communications satellite (COMSAT) bandwidth, the purchase of commercial imagery, and the hosting of government payloads on commercial satellites. The U.S. Government recognizes and supports space resilience through numerous space policies, executive orders, and the National Cyber Strategy. The space cyber-ecosystem is an inherently risky, high-cost, and often inaccessible environment consisting of distinct yet interdependent segments. This report applies the NIST Cybersecurity Framework to the ground segment of space operations with an emphasis on the command and control of satellite buses and payloads.
Find below some Editor’s Note regarding NIST IR 8401
“This is intended as guidance, not a regulatory requirement, to raise the bar on the security of the ground-based components of satellite systems. They start with the basics: know what hardware you have, know what software is running, know what it is connected to and what your information protection requirements are. Each of the sections of the CSF (Identify, Protect, Detect, Respond and Recover) include sub-categories you should review, including applicability and references to identify gaps or things you may not have considered.”
Lee Neely, senior IT and security professional at Lawrence Livermore National Laboratory (LLNL)
“Since the NIST profile applies to ground segments of satellite systems, the guidance in NIST IR 8401 is pretty much the same as any guidance for any computer system. The key phrase in it is “Traditionally, ground segment isolation was accomplished through air gapping or limited connections. Increasingly, isolation is being accomplished via accounts, tenant isolation, and identities when using third-party services.” If you run, or are paying for, ground systems for satellite systems that are still claiming to be air gapped and no external connections, big red flags should be flapping.”
John Pescatore, Director of Emerging Security Trends
“Satellites and the ground stations that control them use the same IT and communication technologies found in other critical infrastructure. The threat is really about who can access the ground station, directly or via remote means. Not surprisingly, the same set of basic security safeguards need to be employed to protect this critical infrastructure.”
Curtis Dukes, CIS’s Executive Vice President and General Manager of the Best Practices and Automation Group
Community of Interest
The Approach used by NIST is to solicit Participation in a “Community Of Interest”, with about 130 Members representing over thirty organizations.
I dreamed about it, ESA did it! ESA (European Space Agency) released the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield). This is an ATT&CK® like knowledge-base framework for Space Systems.
This is a collection of adversary TTP (Tactics, Techniques and Procedures) that are relevant for Space systems. As ESA said, the matrix is tailored on the Space Segment and communication links, and it does not address specific types of mission, maintaining a broad and general point of view.
SPACE-SHIELD screenshot
ESA released this security tool to help Cyber and System security teams. It’s a complementary tool to the Cyber Threat Intelligence for Space in projects like SCCoE and CSOC.
This tool can address preliminary phases of projects to consider the security during the design and preliminary security assessment.
CSOC means Cyber and Security Operations Centre. The CSOC is part of ESA’s security strategy defined in ESA Agenda 2025 to increase the cyber resilience of all its activities and securely support its Member States and partners.
CSOC monitors, reacts and tracks relevant information and events with the objective of maintaining the overall security posture. The CSOC detects and reacts to security incidents and maintains the overall security posture of the organisation, supporting the
readiness of the organisation’s defensive capabilities.
SCCoE means Security Cyber Centre of Excellence. The SCCoE provides training, test & validation services, and centralisation of forensic services/expertise as well as developing a distributed risk analysis process capability.
The SCCoE, will work in synergy with the C-SOC, sharing security functionalities such as threat and vulnerabilities analysis tools and complementing capacity of the C-SOC such as the security functionalities to analyse a complex system in a synthetic cyber threat scenario in order to investigate potential security vulnerabilities.
The CSOC and SCCoE are located at European Space Security and Education Centre (ESEC) at Redu, Belgium, the ESA centre of excellence for cyber security.
As a driving force in the second quantum revolution, Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years.
By 2040, quantum computers could use their unprecedented computational power to decode encrypted data, incomparably threatening the security of even the best-protected communication systems. EuroQCI aims to counter that threat by developing sovereign systems to protect the communications and data assets of critical infrastructure providers and government institutions.
The longer-term objective is to create a Quantum Information Network (QIN) that will harness the phenomenon of quantum entanglement not only to guarantee communications security but also to create networks of quantum sensors and processors, which have the potential to drive exponential increases in the already outstanding performance of quantum sensors and quantum computers.
As part of this effort, Thales is breaking new ground as a member of multiple new consortia that have been set up since late 2022 in the following fields:
Quantum repeaters, with the Delft University: QIA (Quantum Internet Alliance) – led by the Delft University of Technology in the Netherlands – is working to demonstrate the feasibility of connecting users in two metropolitan areas 500 km apart, using quantum repeaters, which can compensate for the loss of information via a quantum memory;
Quantum key distribution: QKISS – coordinated by Exail – and QUARTER – led by LuxQuanta – are developing Quantum Key Distribution systems to protect users’ critical communications from cyberattacks.
Certification of quantum communication: PETRUS – led by Deutsche Telekom – is the official coordinator of 32 EuroQCI projects, on behalf of the European Commission. It is also developing a framework for certification and accreditation of quantum communication products and networks.
Satellite quantum communications: TeQuantS – led by Thales Alenia Space – aims to develop quantum space-to-Earth communications technologies, necessary for cybersecurity applications and future quantum information networks, through the construction of satellites and optical ground stations by the end of 2026.
Specifically, the Thales teams taking part in these projects are working to develop quantum key generation, distribution and management equipment and the associated communication encryption devices, as well as defining the architecture of these quantum communication infrastructures.
Thales operates the largest quantum physics research facilities in Europe, in partnership with the CNRS, and some 100 engineers and researchers are currently engaged in the development of the quantum solutions (sensors, communications and algorithms) that will play a foundational role in tomorrow’s world. These new consortia will all benefit from Thales’s multi-disciplinary expertise, in particular in the field of secure communication networks.
Marko Erman, le directeur scientifique de Thales, est intervenu dans l’émission Tech&Co de BFM Business, sur le thème de l’Internet quantique via satellite.
Dans cet entretien, il aborde l’inviolabilité de la clé de chiffrement, la distribution quantique des clés et la cybersécurité des communications quantiques par satellite.
L’occasion, pour nous, de revenir et d’approfondir les différentes notions abordées dans cet entretien.
Inviolabilité de la clé de chiffrement
La cryptographie quantique consiste à générer et partager des clés de chiffrement basés non pas sur des lois mathématiques mais sur des lois de la mécanique quantique.
La sécurité de la cryptographie quantique ne repose plus sur la difficulté mathématique d’un problème, comme c’est le cas des protocoles cryptographiques utilisés aujourd’hui mais sur une propriété de la physique quantique qu’on appelle l’effondrement de la fonction d’onde ou réduction du paquet d’onde.
On vous explique un peu plus ce concept ci-dessous.
En cryptographie quantique, on extrait une clé de chiffrement classique symétrique (des 0 et des 1 dans le désordre) à partir d’échange de qubits photoniques. Mais à la fin, on manipule bien une clé de chiffrement classique.
Imaginons maintenant qu’une particule, un peu comme un interrupteur, admette deux états possibles, que nous baptiserons 1 et 0 pour un maximum de simplicité. Si l’on en croit l’interprétation de Copenhague, tandis qu’un interrupteur ne peut être que dans un seul état à la fois (allumé ou éteint), la particule, elle, se trouve dans ce que l’on appelle une superposition d’états, c’est-à-dire à la fois 1 et 0.
Dans le monde quantique, le simple fait d’observer un système quantique provoque une sorte d’effondrement vers un état spécifique. On parle aussi de réduction du paquet d’onde.
Ainsi, une particule qui, selon la théorie, peut se trouver dans plusieurs états à la fois, choisit instantanément son camp dès qu’elle est observée.
Supposons, qu’un observateur décide de mesurer l’état quantique pour récupérer la clé de chiffrement, alors le simple fait d’observer et de mesurer l’état quantique provoque la disparition de la superposition quantique, causant ainsi un effondrement de la fonction d’onde.
Une fois la première observation faite, l’effondrement de la fonction d’onde est absolu est définitif, il n’y a pas de versions alternatives ou de modifications possibles. Il est donc impossible de récupérer la clé de chiffrement.
Pour être plus précis, l’observation ou la mesure d’un état quantique ne le fait pas réellement disparaître. Au lieu de cela, la mesure d’un état quantique perturbe plutôt l’état du système mesuré et modifie sa fonction d’onde. C’est tette perturbation qu’on appelle l’effondrement de la fonction d’onde et elle est un phénomène central de la mécanique quantique.
Les différentes formes de distribution quantiques des clés
Dans la théorie, il existe deux grandes formes de QKD : celle qui repose sur le protocole BB84 et dérivés qui n’exploite que l’effondrement de la fonction d’onde, et celle qui repose sur l’intrication (depuis le protocole E91). Elles ont des caractéristiques différentes.
Aujourd’hui, ce qui est déjà déployé, ce sont des BB84-like comme en Chine. Le projet Européen vise, quant à lui, à faire de la QKD intriquée. Son intérêt est que, seule la QKD intriquée permet de bâtir un Internet quantique et de relier quantiquement des objets quantiques (ordinateurs ou capteurs). Le protocole BB84 ne le permet pas. Par contre, l’Internet quantique a besoin de répéteurs d’intrication qui sont en cours de développement.
Dans la suite de cet article, nous ne parlerons que de QKD qui repose sur l’intrication (depuis le protocole E91)
La distribution quantique des clés de chiffrement
Ici, nous allons parler d’une distribution quantique des clés de chiffrement basée sur l’intrication (depuis le protocole E91).
Dans des communications sécurisées par cryptographie quantique, la distribution quantique des clés de chiffrement s’appuie sur des satellites qui font office de relais de sécurité intermédiaires.
En cryptographie quantique, la distribution quantiques de clés ou QKD pour Quantum Key Distribution, est un moyen sûr de partager des clés secrètes entre des utilisateurs distants.
L’utilisation de relais par satellite permet d’étendre les distances de communication mais ces relais posent des risques de sécurité. Ce problème peut être résolu en utilisant une QKD basée sur l’intrication.
En effet, la physique quantique rend possible un effet étrange appelé l’intrication. Plus concrètement, deux ou plusieurs particules telles que des photons qui sont liés ou « enchevêtrés » peuvent s’influencer simultanément, quelle que soit leur distance.
Représentation d’artiste de l’intrication (Crédits : Arhan Amun Ankh)
Des paires de photons intriqués peuvent être distribuées via des liaisons satellites descendantes vers des observatoires terrestres. Cette méthode décuple non seulement la distance de sécurité au sol, mais augmente également la sécurité pratique de QKD grâce à l’intrication.
Comme on l’a vu précédemment, la sécurité des protocoles d’échange quantique de clé est appuyée sur l’hypothèse que le théorème de non clonage prive un adversaire d’apprendre l’état d’une particule avant la mesure.
Pour comprendre la distribution quantique de clés
Pour comprendre la distribution quantique de clés de chiffrement, je vous conseille cette vidéo
Pour comprendre l’intrication quantique
Pour comprendre l’intrication quantique, je vous conseille la vidéo de Science Étonnante sur le sujet
La cybersécurité des communications quantiques par satellite
Jusqu’à aujourd’hui, la distribution quantique des clés (QKD) était principalement menée à travers des fibres optiques au sol. La distance maximale atteinte jusqu’à maintenant pour générer des clés de cryptographie a été réalisée en laboratoire sur une fibre optique enroulée sur 830 kilomètres de long (Source : Twin-field quantum key distribution over 830-km fibre by Shuang Wang et al, Nature, January 2022).
L’utilisation de relais satellites permet d’étendre ces distances et les problèmes de sécurité sont résolus en utilisant une distribution quantique des clés (QKD) basée sur l’intrication.
Cette technologie basée sur l’inviolabilité de la clé de chiffrement, permet de réaliser des communications sécurisées par satellite.
L’ENISA, l’agence de l’Union européenne pour la cybersécurité, a publié un papier pour expliquer ce qu’est et ce que n’est pas la QKD. C’est un papier qui date de novembre 2009 donc plusieurs problèmes évoquées ont été résous depuis ou sont en cours de résolution.
La sécurisation des infrastructures européennes face aux attaques des futurs ordinateurs quantiques
Au cœur de la seconde révolution quantique, Thales s’associe à une vingtaine de partenaires de la « deeptech », acteurs académiques et industriels, afin de déployer d’ici 3 ans une infrastructure résiliente et ultra-sécurisée de communications quantiques pour les Etats membres de l’Union Européenne, via l’initiative EuroQCI (European Quantum Communication Infrastructure).
l’objectif est de créer un réseau d’information quantique appelé QIN, Quantum Information Network. Il permettra non seulement la sécurisation des communications, mais également la mise en réseau de capteurs et de processeurs quantiques, qui permettront de centupler les performances déjà exceptionnelles des capteurs quantiques et ordinateurs quantiques.
Pour en savoir plus, voir notre article sur le sujet ici.
Pour en savoir plus sur le quantique et la cryptographie quantique
On vous propose ci-dessous plusieurs ressources à consulter pour approfondir le sujet du quantique, la cryptographie quantique et le chiffrement post-quantique
Concernant les technologies quantiques en général, je vous conseille le blog d’Oliver Ezratty. Vous pourrez écouter Quantum, le podcast mensuel de l’actualité quantique francophone, enregistré en compagnie de Fanny Bouton, quantum lead chez OVHcloud. Vous pourrez également y télécharger l’ebook Understanding Quantum Technologies, cinquième édition, publiée en septembre 2022, 1128 pages. C’est la mise à jour de la quatrième édition, toujours en anglais et sans version française. C’est une véritable bible publique sur le sujet de la physique quantique. Une version simplifiée de 24 pages est aussi disponible. Les ebook d’Oliver Ezratty sont tous gratuits et téléchargeables sur son blog au format PDF en général et parfois en ePub.
Je vous conseille également l’une des chroniques de Michel Juvin, publiée chez Alliancy – le mag numérique et business dans « Les Carnets de Michel » sur le sujet du chiffrement post-quantique. Michel Juvin est un expert de la sécurité et de la transformation, ancien membre actif du CESIN (Club des Experts de la Sécurité de l’Information et du Numérique), ancien DSI puis Chief Information Security Officier (CISO), notamment dans des entreprises comme Lafarge ou Chanel. Michel partage régulièrement sa vieille technologique et le fruit de ses réflexions sur ce monde hyper technique.
Feuille de route sur le développement des réseaux d’information quantique par satellite
Thales Alenia Space, en tant que maître d’œuvre de l’étude, associé au CNES (Centre National d’Etudes Spatiales) et au CNRS (Centre national de la recherche scientifique), a publié un document qui présente une feuille de route sur le développement des réseaux d’information quantique (QIN) par satellite.
Les réseaux d’information quantique (QIN) suscitent un intérêt croissant, car ils permettent de connecter des dispositifs quantiques sur de longues distances, améliorant ainsi considérablement leurs capacités intrinsèques de calcul, de détection et de sécurité. Le mécanisme central d’un QIN est la téléportation d’états quantiques, consommant de l’intrication quantique, qui peut être considérée dans ce contexte comme un nouveau type de ressource réseau. Nous identifions ici les cas d’utilisation par secteur d’activité, y compris les objectifs de performance clés, en tant que référence pour les exigences du réseau. Nous définissons ensuite l’architecture de haut niveau d’un QIN générique, avant de nous concentrer sur l’architecture du segment spatial, dans le but d’identifier les principaux moteurs de conception et les éléments critiques. Une étude de l’état de l’art de ces éléments critiques est présentée, ainsi que les questions liées à la normalisation. Enfin, nous expliquons notre feuille de route pour le développement des premiers QIN et détaillons la première étape déjà achevée, à savoir la conception et la simulation numérique des QIN. la conception et la simulation numérique d’un démonstrateur de distribution d’intrication espace-sol. de distribution d’enchevêtrement.
Disclaimer
Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...
Disclaimer
Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...
Introduction
In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount.
On February 24, 2022, Viasat, a global...
I’m very proud and honored to be featured in the Angelina Tsuboi's course on Satellite Cybersecurity Foundations hosted on Udemy. Thank you very much...
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...
Disclaimer
To do this analysis of the Viasat cyber attack, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University),...
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...
Nous utilisons des cookies pour vous garantir la meilleure expérience sur notre site web. Si vous continuez à utiliser ce site, nous supposerons que vous en êtes satisfait.
