DroneSec is a private intelligence agency for drone threats. DroneSec provides drone threat intelligence solutions to protect people and drones from malicious drones and people.
DroneSec provides the Notify UAS Threat Intelligence Platform for real-time visibility of drone threats. DroneSec solutions allow to put organizations 10 steps ahead of the threat.
DroneSec are pioneers in UAS Threat Intelligence. Their leading intelligence subscription service provides organizations with the latest emerging trends, threat actor TTPs, technology types and component analysis.
Drone Threat Intelligence Platform (DTIP)
DroneSec provides also drone security and C-UAS training. Their courses have helped train organisations in offensive and defensive drone operations.
DroneSec Courses and training
Find below the Featured Courses. This includes three courses : Drone Security Fundamentals, Regulations and SECOPS. These three courses can be taken individually, or together as a bundle (recommended) to achieve certification.
This bundle courses cover the entire drone ecosystem. Fundamental drone security concepts, counter-drone essentials and actionable playbooks based on threat-intelligence, and DroneSec case studies are included.
DroneSec Conferences
The State of Drone Security: Analysing 1000+ drone incidents – Mike Monnik (DroneSec) GDSN #2
Global Drone Security Network #2
AAUS RPAS in Australian Skies 2022 – Unique Trends in the Malicious use of RPAS
🔥 On 31 October 2023, the MITRE Corporation realeased ATT&CK v14, the new version of its framework.
This new version includes significant improvements to Detections, ICS, Mobile.
In this article, we summarize the biggest changes : and will go through more details.
🔥 Find below the Key Highlights of ATT&CK v14
👉 ATT&CK Version 14 contains 760 Pieces of Software, 143 Groups, and 24 Campaigns. Broken out by domain:
✔️ Enterprise: 201 Techniques, 424 Sub-Techniques, 141 Groups, 648 Pieces of Software, 23 Campaigns, 43 Mitigations, and 109 Data Sources
✔️ Mobile: 72 Techniques, 42 Sub-Techniques, 8 Groups, 108 Pieces of Software, 1 Campaign, 12 Mitigations, and 15 Data Sources
✔️ ICS: 81 Techniques, 13 Groups, 21 Pieces of Software, 52 Mitigations, 3 Campaigns, 14 Assets, and 34 Data Sources
👉 ATT&CK v14 features 14 inaugural Assets (Assets represent the devices and systems commonly found within Industrial Control System environments), representing the primary functional components of the systems associated with the ICS domain. These Asset pages include in-depth definitions, meticulous mappings to techniques, and a list of related Assets.
🔥 MITRE has published a blog post detailing some of the major updates in ATT&CK v14, as well as release notes listing new techniques and version changes. A detailed changelog is also available.
More about MITRE ATT&CK framework
The MITRE ATT&CK framework is a globally recognized knowledge base and methodology for understanding, organizing, and classifying cyber threats and tactics used by adversaries during different stages of a cyber attack. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.
The framework was developed by MITRE, a not-for-profit organization that operates federally funded research and development centers (FFRDCs) to address various challenges faced by the U.S. government. However, the framework has gained widespread adoption in the cybersecurity community and is used by organizations around the world.
The MITRE ATT&CK framework provides a comprehensive model that describes the entire lifecycle of a cyber attack, from initial reconnaissance and weaponization to lateral movement, data exfiltration, and impact. It consists of a matrix that outlines various tactics and techniques employed by adversaries, along with information on the platforms they target (e.g., Windows, macOS, Linux) and the types of software they use.
The framework is organized into several categories, including Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, and Impact. Each category is further divided into specific techniques and sub-techniques that adversaries may employ.
For each technique, the framework provides detailed information on how it works, the potential impact, and real-world examples of its usage by known threat actors. This knowledge base allows organizations to better understand the tactics and techniques employed by adversaries and assists in building effective defensive strategies and improving incident response capabilities.
By utilizing the MITRE ATT&CK framework, organizations can map observed adversary behaviors to specific techniques, identify security gaps, prioritize defenses, develop threat intelligence, and share information with the broader cybersecurity community. The framework serves as a common language and reference point for cybersecurity professionals, enabling them to collaborate and exchange knowledge on emerging threats and effective defense strategies.
Overall, the MITRE ATT&CK framework plays a crucial role in enhancing cybersecurity awareness and readiness, facilitating the development of proactive defense measures, and improving the overall resilience of organizations against cyber attacks.
📑 The SpaDoCs Framework provides a comprehensive and systematic model for understanding and tackling all critical issues of cybersecurity in the space domain.
🛰️ As cybersecurity professional and space domain passionate, my wish was to develop my knowledge and skills and to better understand cybersecurity for space systems.
💪 In this course, I gained knowledge and skills to secure the space mission lifecycle. The space domain is examined layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers. Threats and vulnerabilities at each layer are highlighted. Finally, first principles of cybersecurity are discussed (domain separation, process isolation, etc.) as well as key enablers (vision, strategy, etc.) to help frame plans for action to address the cybersecurity issues exposed by this course.
After the 18-hour course, I now have an understanding of the Space Domain Cybersecurity Framework. I can define key threats and vulnerabilities that may affect space missions and systems and explain the impact on each layer of the space domain. I can apply cybersecurity first principles throughout the mission lifecycle and use these concepts to identify issues and potential mitigations. I can discuss NIST and other guidance, including the upcoming CMMC requirements.
👊 It was a great opportunity for me to explore #cybersecurity challenges specific to space missions. Now, I own skills to secure cyber environments throughout the space mission lifecycle.
🙏 I would like to thanks :
Dr. Bruce Chesley, Ph.D. an experienced space program manager and industry executive
Terri Johnson, an #cybersecurity management instructor at the University of Colorado Colorado Springs (UCCS)
👉 All informations about this course here
🏅 Check my certification digital badge here
👉 More about the SPAce Domain Cybersecurity (#SpaDoCs) Framework here
Find below the first ever webinar by PenTest Mag! Hosted by Timothy Hoffman, the talk will evolve around the topic of the online course – “Aerospace Cybersecurity: Satellite Hacking”, designed and instructed by Angelina Tsuboi.
During the event, the discussion will touch the practical aspects of the fascinating field of aerospace cybersecurity. You will have a chance to listen about tools, techniques, and even real-life case studies from the realm of satellite ethical hacking. After the talk, there will be a chance to ask our instructor some questions. Also, those of participants, who have not decided to enroll yet, will get a chance to seize a special deal to secure their seats.
To do this analysis of the Viasat cyber attack, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University). In their open-source intelligence, they reconstructed the lifecycle of the attack. They specified that however, without first-hand knowledge of ViaSat’s systems, they cannot be certain about their hypothesis. With their open-source intelligence, they schematized the entire attack lifecycle in a diagram.
Viasat’s statement (2) on Wednesday, March 30th, 2022 provides a somewhat plausible but incomplete description of the attack.
In a statement disseminated to journalists (3), Viasat confirmed the use of the AcidRain wiper in the February 24th attack against their modems.
At the DefCon 31, Mark Colaluca and Nick Saunders from Viasat presented a talk named “Defending KA-SAT“. During this talk, they argued not to believe everything that you can read on the internet. It’s often simply inaccurate. They told that there is no evidence or proof of the claims. There is no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference. Regarding, the possibility that wipermalware was deployed and erased the hard drives of the modems, they answered that modems don’t have hard drives.
At the Black Hat USA 2023, Mark Colaluca , Craig Miller , Nick Saunders , Michael Sutton , Kristina Walter from Viasat presented a talk named “Lessons Learned from the KA-SAT Cyberattack: Response, Mitigation and Information Sharing“. This presentation will provide the most detailed public presentation of the KA-SAT event. Viasat will share the story of how it responded and performed a rapid forensic on several impacted terminals. This presentation will explain details around the forensic analysis that have not previously been publicly shared by Viasat, as well as the process of reverse engineering the malicious toolkit to verify it would produce the observed flash memory effects. Both Viasat and NSA will offer their lessons learned from the cyberattack and advise on how commercial and government organizations can follow this model to partner both in response to and preparation for future attacks.
Introduction
In this article, we will go through the Viasat cyber attack that occured on 24 February, 2022. The goal is to do a modelisation of this attack based on the MITRE ATT&CK framework.
The first question will be to explain why to use the MITRE ATT&CK framework to do this analysis while there are others frameworks and methodologies that can be used for the space sector
The next work will be to identify Tactics, Techniques and Procedures (TTPs) from the MITRE ATT&CK matrix that have been used by the hackers during the Viasat attack. To learn more about the MITRE ATT&CK framework, you can go to this article about the ATT&Ck v13 release.
Once TTP identified, we will map the TTPs on the ATT&CK Navigator in order to have the complete attack chain as a cyber kill chain.
About the Viasat hack in brief
The Viasat hack was a cyberattack on American communications company Viasat affecting their KA-SAT network, on 24 February, 2022.
Thousands of Viasat modems got hacked by a “deliberate … cyber event”. Thousands of customers in Europe have been without internet for a month since. During the same time, remote control of 5,800 wind turbines belonging to Enercon in Central Europe was affected.
According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access to the trusted management part of the KA-SAT network. The attackers then issued commands to overwrite part of the flash memory in modems, making them unable to access the network, but not permanently damaged. The satellite itself and its ground infrastructure were not directly affected.
About Viasat
Viasat is an American communications company based in Carlsbad, California, with additional operations across the United States and worldwide. Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets
Which framework using ?
The first question is which framework to use to do this analysis ? At this time, there are 4 frameworks and methodologies that can be used for the space sector :
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. You can learn more about MITRE AT&CK in our article here.
SPARTA is the Aerospace Corporation’s Space Attack Research and Tactic Analysis. SPARTA is an ATT&CK® like knowledge-base framework but for Space Missions. SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle. You can learn more about SPARTA in our article here.
SPACE-SHIELD is the Space Attacks and Countermeasures Engineering Shield from ESA. SPACE-SHIELD is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD in our article here.
TREKS is the Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles Cybersecurity Framework. TREKS is a new Cybersecurity Framework that highlights the unique kill chain for the space vehicle. It’s a Cybersecurity Framework released by Dr. Jacob Oakley after more than five years spent researching and working on space system cybersecurity. You can learn more about TREKS in our article here.
SPARTA is a framework but for spacecraft and space missions. SPARTA doesn’t cover ground segment. The entire Viasat attack took place on Earth, on a ground-based network and on a conventional information system. So, there is no reason to use SPARTA, SPACE-SHIELD or TREKS. MITRE ATT&CK is a great framework, well suited for this analysis. To be more precise, we used the MITRE ATT&CK – Enterprise Matrix.
Quick overview and comparaison between MITRE ATT&CK and the Cyber Kill Chain
What is the Cyber Kill Chain?
“The cyber security kill chain model explains the typical procedure that hackers take when performing a successful cyber attack. It is a framework developed by Lockheed Martin derived from military attack models and transposed over to the digital world to help teams understand, detect, and prevent persistent cyber threats. While not all cyber attacks will utilize all seven steps of the cyber security kill chain model, the vast majority of attacks use most of them, often spanning Step 2 to Step 6.” (source : netskope.com)
What is in the MITRE ATT&CK Matrix?
“The MITRE ATT&CK matrix contains a set of techniques used by adversaries to accomplish a specific objective. Those objectives are categorized as tactics in the ATT&CK Matrix. The objectives are presented linearly from the point of reconnaissance to the final goal of exfiltration or impact.” (source : trellix.com)
Comparaison between the Cyber Kill Chain and the MITRE ATT&CK matrix
The table below compares the stages of the Cyber Kill Chain with those of the MITRE ATT&CK matrix
Cyber Kill Chain
MITRE ATT&CK
Reconnaissance
Reconnaissance
Weaponization
Resource Development
Delivery
Initial Access
Exploitation
Execution
Installation
Persistence
Command and Control (C2)
Privilege Escalation
Actions on objectives
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control (C2)
Exfiltration
Impact
Mapping the Viasat hack with TTPs
To do this work, we mainly used 3 articles, documents or papers detailed below :
MITRE ATT&CK is often used to identify and analyze adversary behavior. CISA (Cybersecurity and Infrastructure Security Agency) released a guidance to help analysts accurately and consistently map adversary behaviors to the relevant ATT&CK techniques as part of cyber threat intelligence (CTI)—whether the analyst wishes to incorporate ATT&CK into a cybersecurity publication or an analysis of raw data.
Through open-source intelligence, the team [1] composed by Nicolò Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University) reconstructed the lifecycle of the attack.
They specified that “however, without first-hand knowledge of ViaSat’s systems, we cannot be certain about our hypothesis“.
They schematized the entire attack life cycle in the diagram below (from document [1])
The anatomy of the ViaSat attack broken into seven levels of escalation. Source : Nicolò Boschetti (Cornell University) and Gregory Falco (Cornell University) – 2022
We will use this diagram to identify TTPs used by attackers at each steps of the attack
Phase 1 : IP address and credentials reconnaissance
[1] “In 2021, Fortinet disclosed an attack on their VPN “Fortigate” that exploited a vulnerability discovered in 2019 (editor’s note: CVE-2018-13379). The allegedly Russian hacker group Groove stole and published credentials of almost 500,000 IP addresses in the same year.”
At this phase, we identified the following TTPs :
Tactic
Technique
Reconnaissance
[T1595.002] Active Scanning: Vulnerability Scanning
Phase 2 : Use internet to access IP addresses of the Earth Gateway Centers
[1] “ViaSat has shared that the initial attacker intrusion point was via the internet. Skylogic’s control servers, the Gateway Earth Stations, and the Surfbeam2 modems rely on VPN appliances produced by the company Fortinet as indicated by the security researcher Ruben Santamarta.”
Phase 3 : Exploit VPN vulnerability to pass through the DMZ
[2] “Subsequent investigation and forensic analysis identified a ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network.”
[1] “It is known that Fortinet released a patch to address the vulnerability, but it is unclear if ViaSat’s operator, Skylogic, ever deployed the patch. Therefore, we can surmise that the attacker used the unpatched VPN to access Skylogic’s Gateway Earth Stations or POP server from the open internet.”
[T1562.004] Impair Defenses: Disable or Modify System Firewall
Phase 4 : Move laterally
[2] “The attacker moved laterally through this trusted management network to a specific network segment used to manage and operate the network” of modems.
[1] “This access, or privilege escalation, allowed the attacker to pass the DMZ and access the bent-pipe satellite intranet (the trusted management network) tunneling their way to the Surfbeam2 modem. This process is confirmed by ViaSat’s statement”
[1] “Not all ViaSat modems were targeted. This can be explained by an operator’s capability at the Gateway Earth Stations to select which of KA-SAT’s 82 geographic cells receive signal. This implies that the attacker specified which geographic cells (and their respective modems) would receive the signal with the malicious commands.”
[2] “Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”
[1] “The modem likely had limited or no firmware authentication requirements, therefore the attacker was able to provide a ‘valid’ firmware update, installing an ELF binary dubbed “AcidRain” which deleted data from the modem’s flash memory.”
[3] “The threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers,”
[3] “In a statement disseminated to journalists, Viasat confirmed the use of the AcidRain wiper in the February 24th attack against their modems.”
[2] “Ultimately, tens of thousands of modems that were previously online and active dropped off the network, and these modems were not observed attempting to re-enter the network. The attack impacted a majority of the previously active modems within Ukraine, and a substantial number of additional modems in other parts of Europe.”
[2] “Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”
[1] “We hypothesize that the attack’s spillover effects in Germany and other European states are due to either an error when selecting the geographic cells that received the malicious signal, or simply the selection of cells that contained Ukrainian territory with overlap of other EU countries”
You can also download the JSON file here and open it with the ATT&CK Navigator with the option “Open Existing Layer” and “Upload from local”
The following diagram presents all TTPs mapped on the entire attack life cycle of the Viasat cyber attack. This diagram is inspired from the schema of the entire attack life cycle done by the team [1] composed by Nicolò Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University).
Diagram showing all TTPs mapped on the entire attack life cycle of the Viasat cyber attack
List of remaining work
Following this study, there is still a great deal of work to be done. See below for a list of topics still to be dealt with. If any of you are interested, please contact me here.
Trying to highlight the vulnerabilities exploited by the attackers
Trying to propose countermeasures that could be used to mitigate the attack. Mitigation chapter for each techniques in the MITRE ATT&CK framework can be used
We are very excited to announce a new upcoming course, “Aerospace Cybersecurity: Satellite Hacking” led by Angelina Tsuboi in collaboration with PenTestMag.
This comprehensive course will delved into the captivating world of satellite hacking while emphasizing strategies to safeguard these critical systems. Key topics will cover included satellite communication basics, tracking and identification methods, vulnerabilities and threats, signal analysis, and protocol exploitation. This course not only provided insights into hacking techniques but also stressed the significance of protecting satellites from potential attacks.
This 18-hours course will dive deep into the groundbreaking world of aerospace cybersecurity by teaching the skills necessary to conduct reconnaissance, communication dissection, decoding, and vulnerability analysis of satellite systems through interactive activities and tutorials.
Throughout this course, you will explore the fundamentals of satellite hacking, starting with hands-on CTF exercises that teach the basics through practical application by utilizing online tools and scripts.
Topics covered in this course include
Satellite Identification & Reconnaissance using OSINT tools
Orbital Parameters and Mechanics
Two-Line Element Set Extraction and Interpretation
Satellite Communications & Frequency Analysis
Satellite Onboard Systems & SATCOM
Intercepting Satellite Signals
Reverse Engineering Satellite Communications
Predicting and Tracking Satellite Passes
SDR tools for Communication Extraction
Hijacking and Control Explanation
Jamming & Spoofing & Eavesdropping Mitigation
Attack Mitigation Strategies
In conclusion, this Satellite Cybersecurity course will provide a comprehensive understanding of satellite hacking techniques, along with the tools and strategies required to defend against them using digital forensics and attack vector detection. Sign up for the course at the link below! https://pentestmag.com/product/aerospace-cybersecurity-satellite-hacking/
About course instructor Angelina Tsuboi
Angelina Tsuboi is a programmer, mechatronics developer, and cybersecurity researcher who is currently working for NASA. She is interested in educating others about the exciting field of aerospace cybersecurity in conjunction with developing her own programs and research in the field.
About PenTest Magazine
PenTest Magazine is a monthly downloadable IT security magazine and an online course platform, devoted to penetration testing and all things on offensive cybersecurity. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.
Russia’s cyberattack on ViaSat on the eve of its invasion of Ukraine put the cyber fragility of space systems high on the agenda and the need to secure them a top priority. Yet, space companies lack the required knowledge and the U.S. lacks skilled personnel and has no training programs. Until now.
Indeed, I will speak about the first program dedicated to cybersecurity of space systems.
This is a 10-week synchronous teaching and interactive webinar series that will provide participants with in-depth understanding of the cyber threats to space systems and the tools to develop and implement effective strategies for managing cyber risks to space-based infrastructure.
This new space-cybersecurity program focused on the unique issues arising in the context of protecting space-based assets from cyber attacks.
This program lasts 10 weeks and consists of a 60 minute live virtual session and one to two hours of asynchronous work each week. Each course will be independently taught by an industry professional and the program leads.
After successfully completing this program, participants will be prepared to manage the cyber threats space-based assets.
In this program, participants will earn a digital badge that can be shared on social media platforms, including LinkedIn and could also earn 3 credit waivers toward either the Kelley School of Business (Indiana University) Executive Education Cybersecurity Management certificate (a 12 credit hour graduate certificate), which can then be applied to the MS in Cybersecurity Risk Management— or choose to apply the 3 credit waivers directly to the MS program.
This 10-week virtual instructor-led program runs Sept 11 to Nov 13.
You can find out more about the Program and sign up here.
CyberInflight team is part of the contributor list of the SPARTA framework. The last version published on July 18, 2023, adds more than 60 attack references provided by their market intelligence team.
SPARTA is the the Aerospace Corporation’s Space Attack Research and Tactic Analysis framework. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.
SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.
You can check here an analysis of the Thales satellite hacking demo CYSAT 2023 by SPARTA team
Congratulations to Matthias POPOFF and Héloïse Do Nascimento Cardoso for their contribution.
Do not hesitate to contact them if you need to run any consulting or intel. mission. Get more info of the contribution here.
You can learn more about SPARTA in our article here.
You can check here a quick comparaison of recently released Cybersecurity Frameworks for Space Sector between SPARTA (Space Attack Research and Tactic Analysis), the SPACE-SHIELD (The Space Attacks and Countermeasures Engineering Shield from ESA), TREKS (The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles Cybersecurity Framework)
Thales has been notified by the European Space Agency (ESA), on behalf of the European Union Agency for the Space Programme (EUSPA) and the European Union represented by the European Commission, of two major contracts for cybersecurity of Galileo Second Generation (G2G) programme.
Together, these contracts represent a total value of over 60 million euros (excluding options) and confirm the Group’s key role in the cybersecurity of the second generation of the Galileo programme as Thales will be in charge of all elements of the security and resilience of G2G.
On 17 May 2023, Thales was awarded the contract for security monitoring on the G2G system infrastructure.
This award follows the cybersecurity specification and design contract for the Galileo Second Generation system, which was confirmed on 17 April 2023. It will significantly improve the performance of the second-generation Galileo system, with the introduction of new services, stronger resilience functionality, and future additional features for the PRS1 navigation service for government users.
As a major partner of the EU Space Programme to ensure the security of the Galileo system, Thales, as a European leader in cybersecurity, has been working with the Agency for over 20 years to contribute to the security of the Galileo programme, Europe’s largest satellite programme, providing sovereign and critical positioning, navigation, and timing services.
From left to the right: Sylvain Loddo – Head of Galileo Ground Segment Management Office | Ennio Guarino – Head of Galileo and EGNOS Programme Department | Lionel Salmon – Cybersecurity of Information Systems Director | Alexandra Porez – Thales GALILEO Programme Cybersecurity Director
Europe’s largest satellite system security monitoring programme
As part of G2G IOV SECMON, Thales is leading the consortium, including the Italian group Leonardo, to expand the scope of security monitoring and include the new assets in the G2G system. It will also introduce automated incident response and network traffic monitoring. In addition, the solution will be capable of storing significant amounts of incident response data. To meet this challenge, Thales will deliver a solution built on a scalable, flexible architecture derived from its Cybels range of security supervision products and incorporating big data capabilities.
A cybersecurity contract for better protection from quantum threats
New threats from quantum computers capable of breaking existing cryptographic algorithms have the potential to compromise long-term data security. Thales has been tasked by ESA within the consortium it leads to draw on its world-renowned cryptography expertise.
Under the “G2G System Engineering and Technical Assistance for security and PRS” contract, Thales will specify and verify the new cybersecurity for the G2G system – taking into account new threats to space systems, security maintenance requirements, improvements to the PRS service for government users– and prepare for system certification. One of the major challenges is to ensure a smooth transition from G1G to G2G while maintaining the level of security and performance offered by the G1G system for member states.
“Thales thanks ESA, EUSPA and the European Commission for its continued confidence in the Group’s expertise in space systems and cybersecurity for critical systems. These security contracts for Galileo Second Generation will bring Europe a more robust system with better protection from quantum threats – a major challenge for the space industry in the decades ahead – and will draw on the Group’s unparalleled big data expertise to provide more effective security monitoring of the world’s leading satellite positioning system,”
said Pierre-Yves Jolivet, VP Cyber Solutions, Thales.
The cybersecurity of satellite systems has become a growing concern for satellite operators and space agencies, particularly against a backdrop of geopolitical tensions. Today, thousands of satellites are in orbit, and it is estimated that 10,000 more will be added over the next 10 years, due to the multiplication of uses, from everyday life with the Internet of Things to defense applications.
Through the signing of these two contracts, Thales’s expertise in scalable and flexible architecture and security equipment and protection against cyberattacks will enable the G2G program to strengthen its ability to detect and respond to new cyberthreats. The end-to-end solution proposed by Thales experts will contribute to the development of greater security and resilience of satellites.
In parallel, Thales Alenia Space has been notified of major contracts to design and build with its European consortium the G2G Ground Mission Segment and execute System Engineering Activities. The company will also provide 6 of the 12 satellites of the constellation.
Cybersecurity at Thales
As a global leader in cybersecurity, Thales is involved at every level of the cyber value chain, offering solutions ranging from risk assessment to protection of critical infrastructure, supported by comprehensive threat detection and response capabilities. Its offer is built around three families of cybersecurity products and services, which generated sales of €1.5bn in 2022:
Global security products around the CipherTrust Data Security Platform the SafeNet Trusted Access Identity & Access Management as a service solution, and the broader cloud protection & licensing offerings
Sovereign protection products including encryptors and sensors to protect critical information systems
Cybels solutions portfolio, a complete suite of cybersecurity services including risk assessment, training and simulation, and cyberattack detection and response
Drawing on more than 40 years of experience in cybersecurity and space activities, Thales applies the principles of “cybersecurity by design” to the products it develops for satellite operators and space agencies. With more than 4,000 cybersecurity specialists, Thales helps to ensure the security of satellite systems for national and European space programmes – in particular Europe’s Galileo satellite navigation programme – and at the international level. With its combined expertise in cutting-edge satellite systems and cybersecurity solutions relying on the latest military technologies, Thales offers governments, institutions and enterprise customers a comprehensive range of cybersecurity solutions to guarantee robust protection of all the elements of a space system. In April 2023, Thales demonstrated its expertise in offensive security at CYSAT, managing to take remote control of an ESA demonstration satellite, in order to anticipate and respond to current and future threats.
About Galileo
Galileo is European Union’s global navigation satellite system (GNSS). Operational since 15 December 2016, Galileo’s initial services are fully interoperable with GPS, while offering users an expanded range of performance and service levels, along with far more accurate positioning. All smartphones sold in the European Single Market are now guaranteed Galileo-enabled. In addition, Galileo is making a difference across the fields of rail and maritime transportation, agriculture, financial timing services and rescue operations. Unlike the American GPS, Russian GLONASS and Chinese Beidou satellite navigation systems, which are operated by the armed forces, Galileo is the world’s only GNSS system under civilian control.
To date, Galileo is scheduled to comprise a constellation of up to 38 first-generation satellites, transmitting stations for satellite control and telemetry, transmitting stations for mission data, two security monitoring centres (in Saint-Germain-en-Laye and Madrid), two system control centres (Oberpfaffenhofen and Fucino) and 16 stations for orbit control and clock synchronisation.
Galileo Second Generation is designed to be flexible and adapt to user needs in the decades ahead. It will also be more robust to withstand the challenges of a constantly changing world, especially the threats of jamming and cybercrime. With unrivalled accuracy and additional authentication capabilities, Galileo will be the world’s most advanced GNSS system.
*****
In parallel, Thales Alenia Space has been notified of major contracts to design and build with its European consortium the G2G Ground Mission Segment and execute System Engineering Activities.
Galileo is Europe’s global navigation satellite system (GNSS). With unrivalled accuracy and additional authentication capabilities, Galileo will be the world’s most advanced GNSS system.
CyberInflight released a new Space Cybersecurity Weekly Watch for Week 30 (July 17 –23, 2023). The team consolidates a weekly watch with all the space cybersecurity news you shouldn’t miss.
In this new Space Cybersecurity Watch, you will find 19 articles about company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.
The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education and important news.
Overview of this Space Cybersecurity Weekly Watch
There were relatively little news this week in the field of space cybersecurity. On the market front, Thales has been selected by ESA for two contracts to provide cybersecurity for Galileo Second Generation. In the USA, the government has awarded two contracts. The first is for Leonis via the Office of the Director of National Intelligence to provide intelligence, technical, financial, and management services. The second was awarded by the US Space Force to Anduril. Also on the market front, this week Safran acquired part of Collins Aerospace.
An interesting piece of regulatory news this week is the publication of the UK’s National Space Strategy-Plan into Action. On the Threat Intelligence front, it’s worth nothing this week that the Russian Navy has deployed make shift GPS Jammers towar ships for the St. Petersburg Parade. On the technological front, the Hyperspace Challenge has been launched by the US Space Force, and companies are invited to submit technology proposals. Finally, surfing on the wave of serious games and hacking competitions, RUVDS and Positive Technologies have launched a Russian CTF sports hacking competitions with a server-satellite as the keyelement.
CYBERINFLIGHT NEWS
CyberInflight team is now proud to be in the contributor list of the SPARTA framework. The last version published on July 18, 2023, adds more than 60 attack references provided by our market intelligence team. Get more info here.
🌟 I'm thrilled to share that I've earned the CISM (Certified Information Security Manager) from ISACA. You can view my achievement on Credly.
🌍 This...
Attacks on OT (Operational Technology) systems are made easier due to the OT/IT convergence.
The figure below is showing an example of OT/IT convergence.
Attacks on OT...
What an incredible start to 2024.
I've had some incredible opportunities and I've been able to do some really interesting things.
I continue my role as...
I’m very proud to receive the following certificate of completion for having successfully completed the training course : « Introduction to Cybersecurity in Space...
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...
Duration : 18 hours
Course launch date: September 18th, 2023
Price : 
