Home Blog Page 7

MITRE Caldera™ for OT enables red teams and blue teams to run automated adversary emulation exercises

0

MITRE CALDERA is a framework for automating cyber defense testing. CALDERA is developed by the MITRE Corporation, a nonprofit organization based in the United States. This framework enables cybersecurity professionals to simulate attacks and defense scenarios in a controlled environment.

CALDERA provides a platform for creating, executing, and analyzing attack campaigns using various tactics, techniques, and procedures (TTPs). It allows users to generate realistic threat scenarios, test their defensive capabilities, and assess the effectiveness of their security measures. The framework supports the emulation of adversary behaviors and can be used for red teaming, threat intelligence analysis, and security tool evaluation. CALDERA aims to enhance organizations’ ability to detect, respond to, and mitigate cyber threats.

MITRE CALDERA is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

1. The core system. This is the framework code, including an asynchronous command-and-control (C2) server with a REST API and a web interface.
2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.

MITRE Caldera™ for OT

At the RSA 2023 conference, MITRE released its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT).

As MITRE CALDERA is built on the MITRE ATT&CK™ framework, MITRE Caldera for OT is built on the MITRE ATT&CK™ for ICS framework.

Cybersecurity within critical infrastructure is paramount for national security, the economy, and the safety of the public,” said Mark Bristow, director, Cyber Infrastructure Protection Innovation Center, MITRE.

OT and industrial control systems (ICS) need innovative security solutions in order to be more resilient against increasing cyber threats. Often, a compliance-based approach has been taken to ICS cybersecurity which ultimately focuses on ‘easy to measure’ security controls like patch levels and password complexity. Instead, MITRE is offering better ways to measure risk and emulate threats that allow us to prioritize which potential scenarios would have the most impact on essential community services,” Bristow continued.

How can ICS/OT organizations know their cyber defenses are robust?

“During the last few years, OT owners and operators have made significant investments to increase their security postures. While these investments are a great step forward, many of these capabilities have not been thoroughly validated to ensure they are working as designed,” added Bristow. “Instead, MITRE Caldera for OT enables security teams to evaluate their cyber defenses against known OT adversaries.

OT security teams can leverage MITRE Caldera for OT as an automated, preventive tool to examine their OT cyber environment and determine if there are any existing vulnerabilities that adversaries could exploit or gaps in their security architecture.

MITRE Caldera for OT, as part of the MITRE Caldera framework, provides OT-focused plug-ins to enhance red or blue team training, product testing and evaluation, or even measurement against acceptance testing milestones.

Built on the MITRE ATT&CK for ICS framework, MITRE Caldera for OT emulates the attack path and attacker capabilities that are defined either through ATT&CK for ICS or other custom-built plug-ins.

MITRE Caldera for OT Plugins can be found on Github here (coming soon, around mid-May).

Source : businesswire

Time to designate space systems as critical infrastructure

Recently, the Cybersecurity Solarium Commission (Solarium CSC 2.0) has endorsed designation of space systems as a critical infrastructure sector.

The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to « develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences. » The finished report was presented to the public on March 11, 2020. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 reauthorized the Commission to collect and assess feedback on the analysis and recommendations contained within the final report, review the implementation of the recommendations contained within the final report, and completing the activities originally set forth for the Commission.

Until today, CISA (Cybersecurity and Infrastructure Security Agency), the US Federal Agency,  defined a list of the 16 critical infrastructure sectors.

In the future, space systems will have to be added to this list of critical infrastructure sectors.

We written an article about this announcement here.

Convergence of IT and OT in the Critical Infrastructure Space systems

Space systems can often be seen as a convergence of IT, OT ans ICS in the Critical Infrastructure Space.

That’s why we often use and apply MITRE ATT&CK for ICS framework to identify attack path abd to know how a space system can be attacked.

Need to learn more about MITRE ATT&CK for ICS framework ?

MITRE ATT&CK for ICS framework is the MITRE ATT&CK framework applied on a specific domain.

The MITRE ATT&CK for ICS Matrix is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied.

The MITRE ATT&CK for ICS matrix (Source: https://collaborate.mitre.org/attackics/index.php/Main_Page)

Below is the mapping of Stuxnet attack on the ATT&CK for ICS matrix (Than’ks to Airbus Cybersecurity). « Mapping Stuxnet to the ATT&CK for ICS matrix, as shown in figure 3, quickly shows how complex this attack was. Business risk owners can now identify which techniques to focus on if they need to minimise the risk from strikes like Stuxnet. »

Mapping of Stuxnet on the ATT&CK for ICS matrix (Source: https://airbus-cyber-security.com/mitre-attck-for-ics-everything-you-need-to-know/)

TREKS (Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles), a new Cybersecurity Framework that highlights the unique kill chain for the space vehicle

0

The space sector is in need of new frameworks and methodologies specific to our unique operating environment” said Gregory Falco (Aerospace Security & Space Technology Asst. Prof at Johns Hopkins, Cybersecurity PhD from MIT).

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA)

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) framework was already in place. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions. SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle. You can learn more about SPARTA in our article here.

Space Attack Research and Tactic Analysis (SPARTA) matrix

The SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA

There was also the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA. SPACE-SHIELD is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD in our article here.

SPACE-SHIELD or ATT&CK Matric for Space

The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework

Now, after more than five years spent researching and working on space system cybersecurity, Dr. Jacob Oakley released the Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework.

About Dr. Jacob Oakley

Dr. Jacob Oakley is a cybersecurity professional and author with over 17 years of experience. A foremost expert on offensive cybersecurity, cyber warfare, and space system cybersecurity, he has advised Department of Defense (DoD) and Fortune 500 executives on strategic mitigation of risks and threats to globally distributed, multi-domain network architectures.

Dr. Jacob Oakley

The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity framework was developed to provide a taxonomy for understanding, protecting against, and decomposing cybersecurity compromises of space-resident systems, otherwise known as space vehicles (SVs).

TREKS is intended to provide a bridge between the existing frameworks available to address, categorize, taxonomize and analyze cybersecurity compromises of traditional terrestrial based network architectures and the future of cybersecurity for space where those frameworks become more applicable as compromises become more frequent, prolific, and acknowledged. This framework can provide a taxonomy that can be used to characterize foundational aspects of cyber threats to SVs in a way that allows for the identification of trends and enables analysis of this niche target set at the intersection of the space and cyber domains.

Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework

This framework should be utilized to typify a space vehicle (SV) as a target, based on the function of that SV and an actor’s motivation for targeting it, tying those compromise characteristics to what vectors could be leveraged to exploit subsystems and execute effects related to said motivation. The initial version of this framework could be seen as satellite centric, but the intent is to continuously build out the understandings surrounding this taxonomy to best incorporate all manner of SVs, from satellites to weapons to crewed vessels, labs and beyond.” said Dr. Jacob Oakley.

The TREKS Companion: A Guidebook to the TREKS Cybersecurity Framework

A guidebook is available on the website for free PDF and on Amazon as a kindle or paperback version.

The purpose of this guidebook is to act as a reference to the included TREKS cybersecurity framework and aid in its use by the offensive and defensive cybersecurity communities as well as space system owners and operators.

About future work

This guidebook will continue to be a living document, edited, and updated based on feedback from both the space and cyber communities, with new versions released as appropriate.

As was stated at the beginning of this guidebook, this is intended to be a continuously updated living document to make it easier to leverage and utilize the TREKS cybersecurity framework and act as a mechanism to keep the framework itself up to date.

Like the Aerospace Corporation’s SPARTA framework contextualizes unique vulnerabilities and countermeasures for the space vehicle, the TREKS framework highlights the unique kill chain for the space vehicle. I encourage Space ISAC and others deep in the weeds of space cyber ops to consider leveraging this” said Gregory Falco.

For usage and licensing information please visit the treksframework.org website.

Hacking demo at CYSAT 2023: world first or “déjà vu”❓ Here is what I know 👇

0

CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.

CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.

Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.

Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.

Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.

To find the full programme and more information on the event, visit: https://cysat.eu/

Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile about the Hacking demo at CYSAT 2023: world first or “déjà vu”❓ Here is what he knows 👇

We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.

Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT

#Hacking demo at CYSAT 2023: world first or “déjà vu”❓Here is what I know 👇

The exact claim is first “ethical hacking demonstration performed on a flying satellite” 🏅

⚠️ Every word counts!

1️⃣ in the real world

Since satellites have been used for intelligence and military communications oh boy they’ve suffered many cyber attacks. Some have been successful, many haven’t.

I’d say most of the “attacks” publicly disclosed have not actually managed to disturb the nominal operations of the space segment
Examples include the Luch-Olympe fly-by, the Viasat attack (the Ka-sat satellite is still working perfectly fine!), all the jamming / spoofing attacks in the black Sea or Iran, etc etc

For the very few which seem to be related to the space segment I’d be very careful as most of the time the actual facts remain scarce and hard to prove (example: ROSAT story in 1998)

2️⃣ Security research

Some researchers did some really interesting stuff to point out the vulnerabilities of space systems but to my best knowledge never actually went all the way

I’m thinking about James Pavur for example that was among the pioneers in space security. He made a big splash by showing he was able to #eavesdrop quite easily on sensitive data transmitted by satellite 📡 but never performed an experiment on the satellite itself.

3️⃣ Ethical hacking

In terms of ethical hacking the number one reference is the US Air Force competition Hack-a-sat.
💬 “it’s been done already in Hack-a-sat” is the number one comment I’ve read below the CYSAT articles.
Well, no. Not yet exactly.
Hack-a-sat 1, 2 and 3 were done on the ground. On flatsats. Nothing was flying in orbit. Check out the testimonials of European hackers at CYSAT 2021 and 2022.
However it is true that hackers will get the chance to hack “Moonlighter”, a flying 3U cubesat during Hack-a-sat 4 later this year 👾

4️⃣ Hack CYSAT 2022

There is also a bit of confusion regarding of what happened last year.
We had this idea of hacking a flying satellite back in the summer 2021 with CYSEC CEO and CYSAT co-founder Patrick Trinkler.
It took us a while to find a satellite operator that was okay to let hackers play with it
Finally I heard of OPS-SAT which I thought would be the ideal spacecraft to do a security demo.

Then it took David Evans and I some time to build the case to ESA’s management.
Finally in February 2022 we published the Hack CYSAT open call to invite hackers to submit their ideas, among them Didelot Maurice-Michel that blogged about a vulnerability he spotted and told ESA to fix it, which ESA did. But nothing was done on the 🛰️

5️⃣ random articles

Various articles out there are mixing the words “satellite” and “hacking”, like the guys that “hijacked” a satellite to play a movie, etc etc. None of them did what we claim the Thales team did at CYSAT.

👉 So to me it looks like it had never been done before but maybe I’m wrong!

👇 PLEASE comment below if you have other references!

Check this demo in video

All 2023 CYSAT videos are online

All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.

A propos de CYSEC 

CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.

The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.

For more information : www.cysec.com

Thales demo at CYSAT: what was the point again

0

CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.

CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.

Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.

Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.

Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.

To find the full programme and more information on the event, visit: https://cysat.eu/

Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile what was the point of the Thales demo at CYSAT. First, Mathieu what was NOT part of the demo.

We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.

Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT

Thales demo at CYSAT: what was the point again??

First, what was NOT part of the demo ❌

1️⃣ The ground segment ❌

For the short-medium term it is reasonable to assume that cyber attacks on space systems disturbing the nominal operations of the mission (i.e. taking control of the spacecraft bus and/or payload but excluding eavesdropping) remain ground-based.

That means discarding scenarios involving rogue satellites with capabilities to perform non-cooperative rendez-vous. To me that’s fair for the next 5 years.

2 main scenarios:

1. the spacecraft is flying and operational
👉 then the attacker has to go through the ground segment (mission control, ground stations, etc) before reaching the spacecraft
👉 the attacker is capable to send TMTC that are valid and executed on board without the operator noticing or able to react (e..g via its own ground stations)

2. the spacecraft is under development on ground (design, assembly, test, transport, launch)
👉 the attacker manages to access information (e.g. cryptographic keys) or to install a malware / backdoor on board (e.g. corrupting the flight control software)

These are the typical scenarios with the biggest likelihood x severity scores.

👉 None of the above were covered by the Thales demo since the ground segment was out of the scope as the team was granted the access to OPS-SAT (as any other experimenter).

2️⃣ On-board: not representative of most missions ❌

🔹On-board, OPS-SAT is also very “unique” since it’s been pioneering many technology innovation like flying Linux, re-configuring FPGAs on a daily basis, etc (read all OPS-SAT firsts here 🔗 https://lnkd.in/eC3eDgDv) 💪

👉 So the demo by Thales has been done a spacecraft that is currently not representative of the current missions in operations or close to the launch pad (especially institutional missions!)

❓ So what was the point of this demo then ❓

I’m getting there!

🔹The point was to show that current space tech trends (advanced on-board processing, regular in-orbit reconfiguration, as a service models, etc) are all great progress that will soon be adopted by most operators BUT that come at the expense of greater cyber risks 👾

🔹And currently the space industry (especially #newspace) is embracing these innovations without the security culture that should come with it 🤠

👉That’s why showing how security experts can manipulate data, take control of the Attitude and Control system of a modern spacecraft by using various methods of privilege escalation exploiting flaws on access management and Linux helps to spread the word: 📢 BE PREPARED!

Summary of the full attack flow

Summary of the full Thales attack flow

Check this demo in video

An analysis of the CYSAT 2023 Demo by SPARTA team

Brandon Bailey & Brad Roeher from the SPARTA team analyzed, in this article, Thales Group’s CYSAT ’23 presentation material to deconstruct the experiment, extract lessons learned, and document potential countermeasures.

The SPARTA (Space Attack Research and Tactic Analysis) Framework was used to identify the tactics, techniques, and associated countermeasures associated with the experiment/attack.

They utilized the SPARTA Navigator tool to construct the attack chain and generated an Excel export to pinpoint relevant countermeasures. Subsequently, a thorough analysis is conducted to ensure the applicability of the associated countermeasures to the specific Tactics, Techniques, and Procedures (TTPs).

The SPARTA Navigator proves invaluable in presenting a comprehensive array of countermeasures categorized by defense-in-depth, effectively minimizing the risk posed by TTPs. By leveraging the SPARTA Navigator, we successfully map the attack chain to SPARTA TTPs, as exemplified below.

The attack chain mapped in SPARTA navigator

Upon exporting the data from the SPARTA Navigator, they have identified eight countermeasures. Out of these, five pertain to terrestrial countermeasures intended to prevent vulnerable software from infiltrating the spacecraft. The remaining three countermeasures are implemented onboard the spacecraft itself, serving to protect against and/or detect the TTPs executed during the experiment.

All 2023 CYSAT videos are online

All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.

A propos de CYSEC 

CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.

The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.

For more information : www.cysec.com

Solarium CSC 2.0 has endorsed designation of space systems as a critical infrastructure sector

0

The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.” The finished report was presented to the public on March 11, 2020. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 reauthorized the Commission to collect and assess feedback on the analysis and recommendations contained within the final report, review the implementation of the recommendations contained within the final report, and completing the activities originally set forth for the Commission.

Today, the Cybersecurity Solarium Commission (Solarium CSC 2.0) has endorsed designation of space systems as a critical infrastructure sector.

Time to Designate Space Systems as Critical Infrastructure

America’s adversaries recognize the importance of space systems to U.S. national security and economic prosperity and have tested capabilities to destroy them.

Find below the Executive Summary of the report

You can access to the Executive Summary of the report here.

“We’re in a space race” with China, NASA Administrator Bill Nelson warned in December. The nature of that race is different from the Cold War contest with the Soviet Union that America fought and won. The national security components of the space race today include not just weapons systems but also the security of critical infrastructure — much of which relies on global positioning satellites, remote imagery, and advanced communication. The economic aspect is just as striking. The Space Foundation, a nonprofit advocacy group, has determined that the global space industry generated $469 billion in revenue in 2021. This number will only increase with technological and manufacturing innovation.

More than a decade ago, the U.S. National Security Space Strategy warned that space will become more “congested, contested, and competitive.” This warning proved prescient, but the U.S. government has not done enough to adapt to that reality. Major portions of American space systems are still not designated as critical infrastructure and do not receive the attention or resources such a designation would entail. The majority of today’s space systems were developed under the premise that space was a sanctuary from conflict, but this is no longer the case. The threat from Russia and China is growing. Both those authoritarian powers have placed American and partner space systems in their crosshairs, as demonstrated by their testing of anti-satellite (ASAT) capabilities. The United States needs a more concerted and coherent approach to risk management and public-private collaboration regarding space systems infrastructure.

After interviewing more than 30 industry and government experts, the authors have concluded that designating space systems as a U.S. critical infrastructure sector would close current gaps and signal both at home and abroad that space security and resilience is a top priority. In 2013, Presidential Policy Directive-21 (PPD-21) designated 16 critical infrastructure sectors “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” Space systems clearly meet this threshold.

The term “space systems” encompasses the ecosystem from ground to orbit, including sensors and signals, data and payloads, and critical technologies and supply chains. (See Figure 1.) This terminology (which sidesteps the conceptual debates about whether “space” is an infrastructure or only a domain) aligns with presidential Space Policy Directive-5 (SPD-5) of September 2020, which defines space systems to include ground systems, sensor networks, and space vehicles. SPD-5 provided a set of voluntary best practices “to guide and serve as the foundation for the United States Government approach to the cyber protection of space systems.” This report seeks to build on these efforts, which constituted an important step toward recognizing and addressing the implications of the nexus between the cyber and space domains.

Protecting space systems will require an enhanced model of public-private partnership with genuinely shared risk management responsibilities. On the government side, the agency that serves as lead sector risk management agency (SRMA) for this sector will have a demanding task — but one that NASA is well suited to fulfill so long as it receives the extra resources necessary to develop its capacity to protect national security, civil, and commercial systems. There will need to be subgroups within the sector that maintain relationships with other government agencies. One subgroup should deal with defense and intelligence systems, and another with communications systems already regulated by the Federal Communications Commission (FCC). But no alternative candidate for lead SRMA possesses the same range of requisite capabilities as NASA.

Fostering security and resilience in the space systems sector will require mitigating unique cybersecurity challenges that stem from the geographic and technological particularities of space, as well as new and emerging space-based missions. Substantial investment through congressional appropriation will be imperative because policy without resources is merely rhetoric.

This report does some recommendations for Congress

Recommendation 1: Designate space systems as a critical infrastructure sector.

  • 1.1 – Designate NASA as the SRMA for the space systems sector.
  • 1.2 – Create two directed subgroups within the sector.
  • 1.3 – Do not assign the SRMA as a regulatory role.
  • 1.4 – Articulate and offer industry a clear value proposition.
  • 1.5 – Strengthen international norms and standards.
  • 1.6 – Integrate the National Space Council into the governance of the space systems sector.

Recommendation 2: Give NASA, the lead SRMA, the resources to effectively accomplish the mission.

  • 2.1 – Direct the Congressional Research Service to undertake a legislative review.

Recommendation 3: Marshal and organize the commercial space community to play an instrumental role in governance.

  • 3.1 – Establish a space systems sector coordinating council (SCC).
  • 3.2 – Task the SCC, through its charter, with working to reduce risks to the security and resilience of the commercial space sector.
  • 3.3 – Leverage and build upon the existing work of Information Sharing and Analysis Centers (ISACs), including the Space ISAC.

Recommendation 4: Create a co-led risk management enterprise.

  • 4.1 – Jointly elaborate and widely implement cybersecurity best practices.
  • 4.2 – Pair commercial and government capabilities to model a dynamic risk environment.
  • 4.3 – Add space assets positioned outside of traditional operational areas to enhance U.S. resilience.

The space systems threat spectrum

Here is a quite nice graphic showing at a high level space systems and the threats we have to address.

The examples cited below are illustrative and not exhaustive.

In-Orbit segment

Beams (Tracking/Other Uses), Satellites. Spacecraft. Space Debris,
and Space Mining and Manufacturing

THREATS : Anti-satellite, Command Intrusion, Denial Of Service (DoS), Malware, Payload Control, Space Debris

Links segment

Crosslinks, Downlinks and Uplinks

THREATS : Command Intrusion, Spoofing, Jamming, Espionnage

Launch segment

Vehicules/Technlology in Transit to LEO & Beyond

THREATS : Collision, Command Intrusion, Denial Of Service (DoS), Malware

Ground Segment

Adaptive Optics, Command and Control Centers, Ground Stations, Manufacturing, Networks, Receivers, and R&D Centers

THREATS : Hiiacking, Insider Threat, Malware

Find below the full report

You can access the full report here

More about CSC 2.0

You can know more about CSC 2.0 here.

Key Takeaways from CYSAT 2023 by Mathieu Bailly, VP at CYSEC and Director of CYSAT

0

CYSAT 2023 is over. It’s time to review everything that has happened during this amazing event. But first, let’s remember what CYSAT is.

CYSAT is the leading European cybersecurity and space exhibition that took place 26th-27th April in Paris (Station F). This is the biggest European event entirely focused on cybersecurity for the space industry.

Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry.

Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.

Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT highlighted Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.

To find the full programme and more information on the event, visit: https://cysat.eu/

Mathieu Bailly, VP at CYSEC, Co-founder and Director of CYSAT, has published on his linkedin profile the key takeaways he retained during these 2 days. We publish these key takeaways below with his permission. Thank’s to Mathieu for sharing whith us its key takeaways.

Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT

My 9️⃣ take-aways from CYSAT season 3 👇 from a happy event director!

1️⃣ A success💥
🔹Our mission 🎯 to raise awareness about #cybersecurity in the #space industry is progressing
🔹This can only be achieved by connecting people. We double the number of participants every year 📈, we manage to get all players involved ✅
🔹Many positive feedback of people happy to meet and network. Just for that CYSAT season 3 was a success!

2️⃣ Tech sessions were a big hit!
🔹NEW this year, many people mentioned the quality of the presentations
🔹Thanks to the startups and researchers on stage (with the normal rate of live demo failures 🤓)
🔹Kudos to all presenters, especially my colleagues Yannick Roelvink and Louis Masson for presenting respectively the CYSEC products ARCA SATCOM and SATLINK 🚀

3️⃣ Ukraine and Viasat 🇺🇦
🔹The 2022 attack definitely shook off the industry
🔹Was important for me to have a first-hand testimonial of General Oleksandr Potii live from Kiev explaining the critical importance of 🛰️
🔹Not only for comms and intelligence on the battlefield but also to allow civilians to stay connected 🌍

4️⃣ Team Europe 🇪🇺
🔹Honored to have space execs coming now to CYSAT using the event to make major announcements
🔹The EU commission represented by Guillaume de La Brosse took the opportunity to promote the upcoming EU Space law and EU Space ISAC. These are two big news, can’t wait to hear more about it

5️⃣ #IRIS2: high expectations
🔹One of the hottest topic this year. Stakes are high and timing is tight!
🔹Was great to have a more extensive appreciation of the Comission’s perspective on the cyber aspects with Nicolas Guillermin
🔹Both EUSPA with Rodrigo da Costa and ESA with Massimo Mercati presented their approach and upcoming opportunities for the industry

6️⃣ Hacking demo 👾
🔹Thales is making the buzz after presenting their successful demo of hacking and recovering ESA’s OPS-SAT 👏
🔹This is something we’ve been trying to do since summer 2021 so very happy to finally see it on stage 👊
🔹Thales team did a great job at explaining the technical aspects of the demo ⚙️ and were very transparent about the support they received from the OPS-SAT team, 👌 David Evans

7️⃣ Greg Wyler: “Less is more”
🔹Very happy to host Greg, a legendary space entrepreneur now full steam with his latest venture E-Space.
🔹I liked his approach of making things as simple as possible to reduce the attack surface and make the CISO or the PSO’s jobs a realistic task.

8️⃣ Finding talents! 👨‍🎓 👩‍🎓
🔹I think every single speaker I was on stage with said they were looking for talents. This is a major challenge now
🔹We had about 50 students at CYSAT with free tickets, hope they were able to make the most of it!

9️⃣ CYSAT 2024
Not everything was perfect this year, the acoustic was terrible the first morning, coffee would be appreciated at the start of the day, food can be massively improved, etc we will learn and improve for next year!

All 2023 CYSAT videos are online

All videos about 2023 CYSAT in Paris, the biggest European event around cybersecurity for commercial space, are online and can be seen here.

A propos de CYSEC 

CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.

The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.

For more information : www.cysec.com

Aerospace Corporation released SPARTA v1.3, a new version of the Space Attack Research and Tactic Analysis (SPARTA) matrix

0

Thank’s to Calogero Vinciguerra (Space Policy Officer & Space Threats Response Architecture DO at the European External Action Service, EEAS) and Kimberly King (Senior Engineer at The Aerospace Corporation) for helping me to write this article.

Aerospace Corporation released SPARTA v1.3, a new version of the Space Attack Research and Tactic Analysis (SPARTA) matrix.

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.

SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.

SPARTA framework offers space professionals a taxonomy of potential cyber threats to spacecraft and space missions.

SPARTA framework “is intended to provide unclassified information to space professionals about how spacecraft may be compromised via cyber means.”

SPARTA v1.3 delivers significant updates. You can find all relevant updates in this blog post.

SPARTA cyber-security framework defines and classifies the activities, tactics, techniques and procedures (TTP) implemented by malicious hackers, aimed at compromising the functionality and operation of both space vectors and satellite systems in orbit.

You can enter to the SPARTA portal here.

In v1.3, a new presentation from CySat 2023 has been posted here.

Video of the CYSAT 2023: Demo “Hacking Spacecraft using Space Attack Research and Tactic Analysis”

Demo by Brandon Bailey (SPARTA), Senior Cybersecurity Project Manager at The Aerospace Corporation.

What about SPARTA vs. ATT&CK MITRE ?

The current cyber-security frameworks – MITRE’s ATT&CK and Microsoft’s Kubernetes – while representing the industry standard for analyzing attacks on terrestrial devices, however, do not sufficiently cover the space segment scenarios.

What about SPARTA vs. SPACE-SHIELD ?

SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD here.

Need to go futhermore MITRE ATT&CK framework ?

To go futhermore the concept of MITRE ATT&CK framework applied on specific domain, you can also have a look on the MITRE ATT&CK for ICS Matrix.

The MITRE ATT&CK for ICS Matrix is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied.

The MITRE ATT&CK for ICS matrix (Source: https://collaborate.mitre.org/attackics/index.php/Main_Page )

Below is the mapping of Stuxnet attack on the ATT&CK for ICS matrix (Than’ks to Airbus Cybersecurity). « Mapping Stuxnet to the ATT&CK for ICS matrix, as shown in figure 3, quickly shows how complex this attack was. Business risk owners can now identify which techniques to focus on if they need to minimise the risk from strikes like Stuxnet. »

Mapping of Stuxnet on the ATT&CK for ICS matrix (Source: https://airbus-cyber-security.com/mitre-attck-for-ics-everything-you-need-to-know/)

About Aerospace Corporation

Source : Linkedin Profile

The Aerospace Corporation has provided independent technical and scientific research, development, and advisory services to national-security space programs since 1960. We operate a federally funded research and development center (FFRDC) for the United States Air Force and the National Reconnaissance Office and support all national-security space programs. We also apply more than 40 years of experience with space systems to projects for civil agencies like NASA and the National Oceanic and Atmospheric Administration, commercial companies, universities, and some international organizations in the national interest.

From our inception, our highly skilled technical people have focused on ensuring the success of every mission and developing the most effective and economic space-related hardware and software in the world. Our insight and involvement in space programs has significantly reduced the risk of launch failure and increased both satellite endurance and performance. Avoiding a single catastrophic failure resulting in the loss of operational capabilities can save the government more than three times the total annual Aerospace FFRDC budget.

We don’t manufacture anything. Our greatest asset is the technical expertise of our people. Our involvement spans all facets of space systems: including systems engineering, testing, analysis, and development; acquisition support; launch readiness and certification; anomaly resolution; and the application of new technologies for existing and next-generation space systems. Our state-of-the-art laboratory facilities are staffed by some of the leading scientists in the world.

Aerospace Corporation’s website : aerospace.org

NIST released IR 8401, a new Cybersecurity Framework applied to the ground segment of space operations

0

NIST released IR 8401, a new guidance named “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”.

NIST IR 8401 is a Cybersecurity Framework for Addressing Satellite Cybersecurity to the Ground Segment of Space Operations

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.

Fig. 1. Satellite Ground Segment Components of Commercial Space Operations

NIST IR 8401, Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control, applies the NIST CSF to the ground segment of space operations. The document defines the ground segment, outlines its responsibilities, and presents a mapping to relevant information references. The Profile defined in this report provides a flexible framework for managing risk and addresses the goals of Space Policy Directive 5 (SPD-5) for securing space.

Ground Segment is composed of Terminals, Mission Operation Centers and Payload Operation Centers as described in the figure below.

Fig. 2. Components In and Out of Scope for the Profile

Find below the Abstract of the IR 8401

Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services, as illustrated by the increased use of commercial communications satellite (COMSAT) bandwidth, the purchase of commercial imagery, and the hosting of government payloads on commercial satellites. The U.S. Government recognizes and supports space resilience through numerous space policies, executive orders, and the National Cyber Strategy. The space cyber-ecosystem is an inherently risky, high-cost, and often inaccessible environment consisting of distinct yet interdependent segments. This report applies the NIST Cybersecurity Framework to the ground segment of space operations with an emphasis on the command and control of satellite buses and payloads.

Find below some Editor’s Note regarding NIST IR 8401

“This is intended as guidance, not a regulatory requirement, to raise the bar on the security of the ground-based components of satellite systems. They start with the basics: know what hardware you have, know what software is running, know what it is connected to and what your information protection requirements are. Each of the sections of the CSF (Identify, Protect, Detect, Respond and Recover) include sub-categories you should review, including applicability and references to identify gaps or things you may not have considered.”

Lee Neely, senior IT and security professional at Lawrence Livermore National Laboratory (LLNL)

“Since the NIST profile applies to ground segments of satellite systems, the guidance in NIST IR 8401 is pretty much the same as any guidance for any computer system. The key phrase in it is “Traditionally, ground segment isolation was accomplished through air gapping or limited connections. Increasingly, isolation is being accomplished via accounts, tenant isolation, and identities when using third-party services.” If you run, or are paying for, ground systems for satellite systems that are still claiming to be air gapped and no external connections, big red flags should be flapping.”

John Pescatore, Director of Emerging Security Trends

“Satellites and the ground stations that control them use the same IT and communication technologies found in other critical infrastructure. The threat is really about who can access the ground station, directly or via remote means. Not surprisingly, the same set of basic security safeguards need to be employed to protect this critical infrastructure.”

Curtis Dukes, CIS’s Executive Vice President and General Manager of the Best Practices and Automation Group

Community of Interest

The Approach used by NIST is to solicit Participation in a “Community Of Interest”, with about 130 Members representing over thirty organizations.

  • Satellite Vendors, Operators, Government, Academia,
  • Consultants, Private Individuals, Cloud Service Providers

Separate NISTIRs for Other Segments

In addition to the Ground Segment profile (NISTFR 8401), there are two other profiles already released :

Possible Future Profiles

NIST is working for possible future profiles as :

  • Launch Profile
  • Transfer Profile
  • IMINT Profile
  • Satellite Internet Service Provider Profile

More détails about NISTIR 8401

  • You can find more détails about NISTIR 8401 here.
  • Powerpoint presentation here.

Read more in

ESA released the SPACE-SHIELD, an ATT&CK® like knowledge-base framework for Space Systems

2

I dreamed about it, ESA did it! ESA (European Space Agency) released the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield). This is an ATT&CK® like knowledge-base framework for Space Systems.

This is a collection of adversary TTP (Tactics, Techniques and Procedures) that are relevant for Space systems. As ESA said, the matrix is tailored on the Space Segment and communication links, and it does not address specific types of mission, maintaining a broad and general point of view.

SPACE-SHIELD screenshot

ESA released this security tool to help Cyber and System security teams. It’s a complementary tool to the Cyber Threat Intelligence for Space in projects like SCCoE and CSOC.

This tool can address preliminary phases of projects to consider the security during the design and preliminary security assessment.

CSOC means Cyber and Security Operations Centre. The CSOC is part of ESA’s security strategy defined in ESA Agenda 2025 to increase the cyber resilience of all its activities and securely support its Member States and partners.

CSOC monitors, reacts and tracks relevant information and events with the objective of maintaining the overall security posture. The CSOC detects and reacts to security incidents and maintains the overall security posture of the organisation, supporting the
readiness of the organisation’s defensive capabilities.

SCCoE means Security Cyber Centre of Excellence. The SCCoE provides training, test & validation services, and centralisation of forensic services/expertise as well as developing a distributed risk analysis process capability.

The SCCoE, will work in synergy with the C-SOC, sharing security functionalities such as threat and vulnerabilities analysis tools and complementing capacity of the C-SOC such as the security functionalities to analyse a complex system in a synthetic cyber threat scenario in order to investigate potential security vulnerabilities.

The CSOC and SCCoE are located at European Space Security and Education Centre (ESEC) at Redu, Belgium, the ESA centre of excellence for cyber security.

More information about the SPACE-SHIELD here.

Thales prepares to secure European infrastructures against attacks from future quantum computers

0

14 April 2023, Paris, La Défense (Press Release)

As a driving force in the second quantum revolution, Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years.

©Carlos Castilla

By 2040, quantum computers could use their unprecedented computational power to decode encrypted data, incomparably threatening the security of even the best-protected communication systems. EuroQCI aims to counter that threat by developing sovereign systems to protect the communications and data assets of critical infrastructure providers and government institutions.

The longer-term objective is to create a Quantum Information Network (QIN) that will harness the phenomenon of quantum entanglement not only to guarantee communications security but also to create networks of quantum sensors and processors, which have the potential to drive exponential increases in the already outstanding performance of quantum sensors and quantum computers.

As part of this effort, Thales is breaking new ground as a member of multiple new consortia that have been set up since late 2022 in the following fields:

  • Quantum repeaters, with the Delft UniversityQIA (Quantum Internet Alliance) – led by the Delft University of Technology in the Netherlands – is working to demonstrate the feasibility of connecting users in two metropolitan areas 500 km apart, using quantum repeaters, which can compensate for the loss of information via a quantum memory;
  • Quantum key distributionQKISS – coordinated by Exail – and QUARTER – led by LuxQuanta – are developing Quantum Key Distribution systems to protect users’ critical communications from cyberattacks.
  • Certification of quantum communicationPETRUS – led by Deutsche Telekom – is the official coordinator of 32 EuroQCI projects, on behalf of the European Commission. It is also developing a framework for certification and accreditation of quantum communication products and networks.
  • Satellite quantum communicationsTeQuantS – led by Thales Alenia Space – aims to develop quantum space-to-Earth communications technologies, necessary for cybersecurity applications and future quantum information networks, through the construction of satellites and optical ground stations by the end of 2026.

Specifically, the Thales teams taking part in these projects are working to develop quantum key generation, distribution and management equipment and the associated communication encryption devices, as well as defining the architecture of these quantum communication infrastructures.

Thales operates the largest quantum physics research facilities in Europe, in partnership with the CNRS, and some 100 engineers and researchers are currently engaged in the development of the quantum solutions (sensors, communications and algorithms) that will play a foundational role in tomorrow’s world. These new consortia will all benefit from Thales’s multi-disciplinary expertise, in particular in the field of secure communication networks.

Last Posts

Two big announcements : the release of SPARTA v3.1 with MITRE’s EMB3D mapping and...

0
In the following article, discover the major advancements announced with the release of SPARTA v3.1: the addition of new NIST space segment guidance, the...

An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM™...

0
Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...

Exploring the power of the METEORSTORM™ framework — a framework built for full-spectrum modeling...

0
I'm very proud to have successfully taken up a new challenge exam in beta version about METEORSTORM™ framework which allowed me to obtain the...

An analysis of the Thales satellite hacking demo at CYSAT 2023 with the MITRE...

0
Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...

Enhancing Threat Understanding: Modeling the Viasat Cyber Attack with MITRE CTID’s Attack Flow Builder

0
Introduction In the complex landscape of modern cybersecurity, understanding the intricate mechanisms of sophisticated cyber attacks has become paramount. On February 24, 2022, Viasat, a global...

Popular posts

Description of the Elements of a Satellite Command and Control System

1
In order to be able to analyse the various threats and identify the risks facing a space system, it is necessary to describe precisely...

Install KYPO Cyber Range Platform on Openstack and Ubuntu in AWS cloud

4
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...

An analysis of the Viasat cyber attack with the MITRE ATT&CK® framework

0
Disclaimer To do this analysis of the Viasat cyber attack, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University),...

What are the threats to space systems?

0
In this article, we will try to identify the various threats to space systems. This article is a synthesis of the CSIS (Center for Strategic...

Cartographie des acteurs étatiques du cyber en France

0
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...