PDF VERSION IS AVALAIBLE HERE
Find below the new Space Cyber Security Watch No 3. In this paper, you will find everything that has caught our attention since the last time : news, articles, papers, Space CTI, videos, webinars, events, attacks, podcats … This work is not exhaustive, so comments and observations are welcome.
Attacks on Space Systems
- (EN) SolarWinds hackers targeted NASA, Federal Aviation Administration networks : « Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies. The two agencies were named by the Washington Post ».
- (EN) NASA and the FAA were also breached by the SolarWinds hackers
- (FR) SolarWinds : la NASA et la FAA parmi les victimes de la cyberattaque
- (EN) Red Flag 21-1 integrates space, cyberspace for joint all-domain operations training – Red Flag 21-1 is an exercise with Space-unit participants including blue, red and white players from the United States Space Force, U.S. Army Space and Missile Defense Command, and allied nations combat air forces. During the exercise, they have employed « space electronic warfare capabilities that support full-spectrum national security objectives, along with offensive cyber capabilities across adversary data networks affecting that network’s ability to pass data or function properly ».
- (EN) Viasat Opens New Cyber Security Facilities in the UK – « Viasat‘s U.K. subsidiary opened a new Network Operations Center (NOC) and Cyber Security Operations Center (CSOC) in Aldershot, United Kingdom. The new facilities will support defense, government, and commercial organizations often targeted by increasingly sophisticated cyberattacks ».
- (EN) SecDef briefed on military space programs, threats to satellites – « Defense Secretary last week received a detailed briefing on DoD space programs and national security threats in the space domain. This was his first high-level briefing on space issues since taking office »
- (EN) DoD space agency: Cyber attacks, not missiles, are the most worrisome threat to satellites – « Cyber and supply chain are two threats that the director of the Space Development Agency (SDA) is concerned about ». He described cyber and supply chain problems as “common mode failures,” which means that even if just a few components or portions of a system are attacked, the whole network would be out of service.
- (EN) CyberSatDigital Speakers: “Red-Teaming” Helps Industry Understand, Detect Evolving Threats – Red team exercises – or, simulated cyber attack scenarios run by internal IT groups and/or external third parties – can help satellite companies keep pace with constantly evolving cyberattacks, according to speakers on CyberSatDigital’s opening panel on Monday.
- (EN) New Space Players Take Stock of Headline-Grabbing Security Breaches – Vice president of Corporate Engineering and Security for Planet, laid out the stark truth of cybersecurity threats during the CyberSat Digital event on Tuesday, May 11. New Space players on the panel took stock of cybersecurity threats in light of the ransomware attack on Colonial Pipeline, which has disrupted the gasoline supply on the East Coast
- (EN) NASA OIG: NASA’s Cybersecurity Readiness – Given its high-profile mission and broad connectivity with the public, educational institutions, and outside research facilities, NASA presents cybercriminals a larger potential target than most government agencies.
- (EN) SolarWinds hack ‘a big wakeup call,’ NASA’s human spaceflight chief says – NASA leaders know that the space agency, with its huge stores of advanced technical data, is an inviting target for hackers and therefore take significant measures to head them off
- (EN) CyberInflight is now a proud member of the Space ISAC – In April 2021, CyberInflight became the first french company of Space ISAC.
- (EN) CCSDS Security Working Group – Spring 2021 : CCSDS Spring 2021 Meetings has been hold remotely (17-18 May 2021) in a Virtual format at Huntsville Alabama (USA). Meeting materials can be found here.
- (EN) The Space Force needs deterrence and war-winning capabilities – The USSF lacks key elements that are necessary to empower effective deterrence on orbit: sufficient offensive and defensive means to achieve its statutory functions as an armed force. Credible deterrence requires kinetic and non-kinetic capabilities, political will to use those systems, and the clear communication of a specified threat of force linked to a specific action (i.e., attack) that the U.S. wants to prevent. The armed forces behind the threat must be credible in the mind of the adversary.
- (EN) Aerospace Cybersecurity Capture The Flag 2021 – During the 2021 RSA Conference, Aerospace Village hosted a Cybersecurity Capture The Flag (CTF). The objective of the Aerospace Cybersecurity CTF is to highlight current cybersecurity issues in the aerospace domain using a friendly competition and teaching environment. During the event, challenges and puzzles are solved and « flags » are retrieved. Congrats to the #AerospaceVillage CTF winner @mztropics. CTF platform is now closed.
- (EN) Message from Steve Lee (AIAA) : If you missed the Embry Riddle Aerospace Cybersecurity Capture the Flag (CTF) at SCITECH 2021, or at the RSA Aerospace Village Sandbox on Monday, 17 May–or would like to explore it some more–the CTF is available online at the RSA Sandbox hosted by Aerospace Village. Check out the challenges and test your mad aerospace cybersecurity skillz! Sorry but now, CTF platform is now closed.
- (EN) Biden Administration Likely Retaining Trump Doctrine on Cybersecurity in Space – Cybersecurity in space will remain a priority under the Biden administration. Great work from Jaisha Wray and Brian Scott and the crew from the National Space Council.
- (EN) MoU Signed Between AIAA + Space ISAC For Collaboration On Space Cybersecurity Concerns – The American Institute of Aeronautics and Astronautics (AIAA) and the Space Information Sharing and Analysis Center (Space ISAC) have entered into a Memorandum of Agreement (MOU) enabling the two organizations to collaborate on aerospace and space cybersecurity endeavors.
- (EN) AIAA and Space ISAC team up to defend space from cyber attack – The two organizations will cooperate to build the knowledge foundations of space cybersecurity. The Space ISAC brings cybersecurity situational awareness and operational excellence and AIAA offers its long history of convening and promoting aerospace expertise, knowledge, and leadership.
- (EN) Germany affirms the creation of its Space Command under the responsibility of the Bundeswehr – Germany is following the trend to centralize its military space activities. By fall 2021, the German armed forces are set to establish a Space Command under the responsibility of the German Air Force (PDF – 27 pages – In German)
- (EN) CYSAT ’21, a space cybersecurity conference – Full Keynotes and Presentations have been released in videos
- (FR) La guerre de l’espace renforce l’activité du Centre spatial de Toulouse – Le campus du CNES à Toulouse va accueillir le nouveau commandement de l’espace qui opérera les moyens spatiaux de la défense nationale. Celui-ci réunira 400 personnes dans un bâtiment dédié en 2025, formées par le CNES. Sa création a favorisé aussi la venue du futur Centre d’excellence de l’Otan pour le domaine spatial.
- (EN) Space Organizations Partner To Boost Cybersecurity – Two prominent aerospace industry groups are cooperating on cyber information sharing, awareness, education, and outreach to improve the security of space operations. The agreement between the American Institute of Aeronautics and Astronautics and the Space Information Sharing and Analysis Center comes at a time when recent cyber incidents in other industries have highlighted a deficit of info sharing.
- (EN) JUST IN: Space Force Wants More Cyber Teams – The Space Force is in talks with Cyber Command and the Air Force to bring more specialized cyber personnel into the fold, said the deputy commander of Space Operations Command
- (EN) The Space Platform Overlay – Have you heard about Space Platform Overlay ? Government programs and organizations have attempted to take portions of NIST governance documents and apply it to space systems. Space Platform Overlay takes the existing control sets (such as the CNSSI No. 1253 and the NIST 800-53 Rev. 5) and articulates what could be applicable to the spacecraft.
- (EN) EUSPA, the new EU Agency for the Space Programme – The adoption of the Regulation establishing the new EU Space Programme on April 27 marks a new beginning for the EU Space Programme and for the European GNSS Agency (GSA), which has now officially evolved into EUSPA, with an expanded mandate and new responsibilities.
- (EN) It’s official: EUSPA – EU Agency for the Space Programme is here (Video) – EUSPA provides safe and performant space services, enabling synergies, EU innovation, sustainability, and security. Under the EU Space Regulation, EUSPA’s mandate includes EU Space Programme security accreditation.
- (EN) EUSPA: We are hiring – The Security Department is loooking for Security Risk Engineer, Service Facilities Security Engineer, Service Security Engineer
- (EN) Committee Leaders Request GAO Review of Cybersecurity Risks at NASA – “NASA’s portfolio of major projects includes satellites equipped with advanced sensors to study the Earth, telescopes intended to explore the universe, and spacecraft to transport humans and cargo beyond low-Earth orbit,” said Committee Members in the letter. “As each project represents significant investments in innovative technology, they could also be attractive targets to malicious actors.”
- (EN) Congress asks GAO to investigate NASA cybersecurity – The bipartisan leadership of the House Science Committee has asked the Government Accountability Office (GAO) to investigate NASA’s cybersecurity activities amid growing concerns about hacking of government computer systems.
- (EN) CYSEC joins the Gaia-X initiative, a digital alliance for space – The project aims at the next generation of Europe’s data infrastructure, a secure, federated system that meets the highest standards of digital sovereignty while promoting innovation. CYSEC contributes to this project with CYSEC ARCA Trusted OS, a solution to the challenge of securing data-in use, with full-stack protection.
- (FR) L’opération « AsterX 2021 » dans le No d’Avril 2021 du magazine « Air Actualités » – Vous partirez à la découverte de l’espace à travers « AsterX 2021 ». Premier exercice militaire spatial se déroulant à Toulouse, vous rencontrerez les acteurs de cet événement (à lire bientôt en ligne).
- (FR) Le Tableau de Bord Spatial (TBS) dans le No d’Avril 2021 du magazine « Air Actualités » – Ce nouveau numéro vous emmènera aussi dans les coulisses du fonctionnement du tableau de bord spatial (TBS) – (à lire bientôt en ligne).
- (EN) NASA’ S Office of Audits – CYBERSECURITY READINESS 2021 – (PDF – 38 pages)
- (EN) The Future of Security in Space: A Thirty-Year US Strategy – An Atlantic Council Report. A Must-Read (PDF – 105 pages)
- (EN) UBC researchers publish paper on risks of mega-constellations – (PDF – 8 pages)
- (FR) Le Journal de la Défense « Maîtriser l’espace, le nouveau défi des armées » – Ce No du JDEF consacré au spatial est à visionner sur la chaîne parlementaire (LCP).
- Ce documentaire révèle les enjeux internationaux ancrés derrière l’exploration spatiale : recueillir des renseignements, surveiller le terrain, communiquer et naviguer; l’accès à l’espace peut être source de conflit.
- Tourné au CSG et au CST, avec une forte participation CSO, ce film de 20 minutes est également disponible en replay sur la chaîne YouTube du Ministère des Armées.
- Au programme de ce film :
- Du rôle terrestre, maritime et aérien, des forces armées en Guyane pour protéger le centre spatial installé à Kourou;
- Au rôle du Centre Nationale des Etudes Spatiales à Paris et Toulouse,
- En passant par les technologies d’intelligence artificielle ou de défense militaire
- (EN) French TV Broadcast : Defence & Space – Mastering space, the new challenge for armies
- (EN) June 16, 2021 : Space Resilience for Automakers – Space ISAC and the Center for Automotive Research (@cargroup) are putting on a webinar on Space Resilience for Automakers on 16 June at 12 MDT!
- (EN) June 1, 2021 : Reducing Space Threats: A Resolution, Volume 2 – In response to UN Resolution 75/36, UN Member States and other key stakeholders were invited to submit their views on threats to space sustainability, what could be norms of behaviour, and how the multilateral community should move forward.
- (EN) May 25 – 28, 2021 : CyCon 2021, the 13th International Conference on Cyber Conflict – Adapting to the new reality, CyCon 2021 will provide a virtual meeting point for decision-makers, opinion-leaders, law and technology experts from the governments, military, academia and industry. CyCon is organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
- (EN) « Cyber, Space, Cubed » panel at the CyCon2021 – Erin M. Miller (Executive Director, Space ISAC) and Ryan Speelman (Principal director for the Cyber Security Subdivision at the Aerospace Corporation) hold a session at CyCon 2021 for the « Cyber, Space, Cubed » panel.
- (EN) James Pavur at the CyCon2021 – James Pavur hold a session by presenting his new paper « On Small Satellites, Big Rockets, and Cyber Trust », as part of a panel NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)’s CyCon2021 conference. Definitely check it out if you’re interested in launch vehicle and CubeSat cyber security.
- (EN) June 1 – 3, 2021 : MilSat Symposium 2021 – Next-Generation Space Defense
- (EN) June 1 – 3, 2021 : 5th ESA CubeSat Industry Days – Join Mathieu Bailly (CYSEC SA). If you’re curious to understand why cybersecurity matters even for smallsats missions and what they have up to at CYSEC SA, join them LIVE on June 2nd!
- (FR) 4 et 5 juin 2021 : Hackathon spatial unique en France avec DefInSpace
- (EN) June 8 – 9, 2021 : Military Space USA (online virtual event , United Kingdom) – To support the warfighter through transformation and innovation within the US approach to space
- (EN) June 22 – 24, 2021 : 3rd-annual Summit for Space Sustainability (Future Space Sustainability Leaders) – Secure World Foundation (SWF) is gearing up for the third-annual Summit for Space Sustainability, to be held virtually June 22-24, 2021.
- Secure World Foundation is holding a Future Space Sustainability Leaders Essay Contest as part of our 2021 Space Sustainability Summit! Get your essays in by May 25th to have a chance at $1,000! More details and the topics can be found here.
- (EN) June 23 – 14, 2021 : Milsatcom USA (online virtual event , USA) – To achieve and maintain overmatch against its adversaries.
- (EN) September 1 – 3, 2021 : Geopolitics and Global Futures Symposium 2021. The 2021 Geopolitics and Global Futures Symposium is now open for applications! Module 1 is about « The Future of Outer Space Security »
- (EN) October 5 – 7, 2021 : CyberSatGov – To bring together the satellite community with the government and military markets to have a comprehensive, progressive discussion about cybersecurity.
- (EN) October 19 – 21, 2021 : 11th IAASS conference : Managing Risk in Space – The 11th IAASS Conference “Managing Risk in Space”, organized in cooperation with the Japan Aerospace Exploration Agency (JAXA) is an invitation to reflect and exchange information on a number of space safety and sustainability topics of national and international interest.
- (EN) October 25-29, 2021 : IAF’s IAC 21 in Dubaï – 72nd International Astronautical Congress 2021 (Dubai, United Arab Emirates) will have two security sessions :
- D5 is 54th IAA Symposium on Safety, Quality and Knowledge Management in Space Activities (D5.4 will be more technical : Cybersecurity in space systems, risks and countermeasures)
- E9 is IAF Symposium on Space Security (E9.2 is more strategic and legal focused : Cyber-based security threats to space missions – establishing the legal, institutional and collaborative framework to counteract them)
- Papers have been selected and the program will be published shortly
This work is not exhaustive, so comments and observations are welcome.