NIST released IR 8401, a new guidance named “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”.
NIST IR 8401 is a Cybersecurity Framework for Addressing Satellite Cybersecurity to the Ground Segment of Space Operations
NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.
Fig. 1. Satellite Ground Segment Components of Commercial Space Operations
NIST IR 8401, Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control, applies the NIST CSF to the ground segment of space operations. The document defines the ground segment, outlines its responsibilities, and presents a mapping to relevant information references. The Profile defined in this report provides a flexible framework for managing risk and addresses the goals of Space Policy Directive 5 (SPD-5) for securing space.
Ground Segment is composed of Terminals, Mission Operation Centers and Payload Operation Centers as described in the figure below.
Fig. 2. Components In and Out of Scope for the Profile
Find below the Abstract of the IR 8401
Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services, as illustrated by the increased use of commercial communications satellite (COMSAT) bandwidth, the purchase of commercial imagery, and the hosting of government payloads on commercial satellites. The U.S. Government recognizes and supports space resilience through numerous space policies, executive orders, and the National Cyber Strategy. The space cyber-ecosystem is an inherently risky, high-cost, and often inaccessible environment consisting of distinct yet interdependent segments. This report applies the NIST Cybersecurity Framework to the ground segment of space operations with an emphasis on the command and control of satellite buses and payloads.
Find below some Editor’s Note regarding NIST IR 8401
“This is intended as guidance, not a regulatory requirement, to raise the bar on the security of the ground-based components of satellite systems. They start with the basics: know what hardware you have, know what software is running, know what it is connected to and what your information protection requirements are. Each of the sections of the CSF (Identify, Protect, Detect, Respond and Recover) include sub-categories you should review, including applicability and references to identify gaps or things you may not have considered.”
Lee Neely, senior IT and security professional at Lawrence Livermore National Laboratory (LLNL)
“Since the NIST profile applies to ground segments of satellite systems, the guidance in NIST IR 8401 is pretty much the same as any guidance for any computer system. The key phrase in it is “Traditionally, ground segment isolation was accomplished through air gapping or limited connections. Increasingly, isolation is being accomplished via accounts, tenant isolation, and identities when using third-party services.” If you run, or are paying for, ground systems for satellite systems that are still claiming to be air gapped and no external connections, big red flags should be flapping.”
John Pescatore, Director of Emerging Security Trends
“Satellites and the ground stations that control them use the same IT and communication technologies found in other critical infrastructure. The threat is really about who can access the ground station, directly or via remote means. Not surprisingly, the same set of basic security safeguards need to be employed to protect this critical infrastructure.”
Curtis Dukes, CIS’s Executive Vice President and General Manager of the Best Practices and Automation Group
Community of Interest
The Approach used by NIST is to solicit Participation in a “Community Of Interest”, with about 130 Members representing over thirty organizations.
I dreamed about it, ESA did it! ESA (European Space Agency) released the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield). This is an ATT&CK® like knowledge-base framework for Space Systems.
This is a collection of adversary TTP (Tactics, Techniques and Procedures) that are relevant for Space systems. As ESA said, the matrix is tailored on the Space Segment and communication links, and it does not address specific types of mission, maintaining a broad and general point of view.
SPACE-SHIELD screenshot
ESA released this security tool to help Cyber and System security teams. It’s a complementary tool to the Cyber Threat Intelligence for Space in projects like SCCoE and CSOC.
This tool can address preliminary phases of projects to consider the security during the design and preliminary security assessment.
CSOC means Cyber and Security Operations Centre. The CSOC is part of ESA’s security strategy defined in ESA Agenda 2025 to increase the cyber resilience of all its activities and securely support its Member States and partners.
CSOC monitors, reacts and tracks relevant information and events with the objective of maintaining the overall security posture. The CSOC detects and reacts to security incidents and maintains the overall security posture of the organisation, supporting the
readiness of the organisation’s defensive capabilities.
SCCoE means Security Cyber Centre of Excellence. The SCCoE provides training, test & validation services, and centralisation of forensic services/expertise as well as developing a distributed risk analysis process capability.
The SCCoE, will work in synergy with the C-SOC, sharing security functionalities such as threat and vulnerabilities analysis tools and complementing capacity of the C-SOC such as the security functionalities to analyse a complex system in a synthetic cyber threat scenario in order to investigate potential security vulnerabilities.
The CSOC and SCCoE are located at European Space Security and Education Centre (ESEC) at Redu, Belgium, the ESA centre of excellence for cyber security.
As a driving force in the second quantum revolution, Thales has joined forces with around twenty deep tech, academic and industry partners, as part of the EuroQCI initiative (European Quantum Communication Infrastructure), which aims to deploy a quantum communication infrastructure for EU member states within three years.
By 2040, quantum computers could use their unprecedented computational power to decode encrypted data, incomparably threatening the security of even the best-protected communication systems. EuroQCI aims to counter that threat by developing sovereign systems to protect the communications and data assets of critical infrastructure providers and government institutions.
The longer-term objective is to create a Quantum Information Network (QIN) that will harness the phenomenon of quantum entanglement not only to guarantee communications security but also to create networks of quantum sensors and processors, which have the potential to drive exponential increases in the already outstanding performance of quantum sensors and quantum computers.
As part of this effort, Thales is breaking new ground as a member of multiple new consortia that have been set up since late 2022 in the following fields:
Quantum repeaters, with the Delft University: QIA (Quantum Internet Alliance) – led by the Delft University of Technology in the Netherlands – is working to demonstrate the feasibility of connecting users in two metropolitan areas 500 km apart, using quantum repeaters, which can compensate for the loss of information via a quantum memory;
Quantum key distribution: QKISS – coordinated by Exail – and QUARTER – led by LuxQuanta – are developing Quantum Key Distribution systems to protect users’ critical communications from cyberattacks.
Certification of quantum communication: PETRUS – led by Deutsche Telekom – is the official coordinator of 32 EuroQCI projects, on behalf of the European Commission. It is also developing a framework for certification and accreditation of quantum communication products and networks.
Satellite quantum communications: TeQuantS – led by Thales Alenia Space – aims to develop quantum space-to-Earth communications technologies, necessary for cybersecurity applications and future quantum information networks, through the construction of satellites and optical ground stations by the end of 2026.
Specifically, the Thales teams taking part in these projects are working to develop quantum key generation, distribution and management equipment and the associated communication encryption devices, as well as defining the architecture of these quantum communication infrastructures.
Thales operates the largest quantum physics research facilities in Europe, in partnership with the CNRS, and some 100 engineers and researchers are currently engaged in the development of the quantum solutions (sensors, communications and algorithms) that will play a foundational role in tomorrow’s world. These new consortia will all benefit from Thales’s multi-disciplinary expertise, in particular in the field of secure communication networks.
Marko Erman, le directeur scientifique de Thales, est intervenu dans l’émission Tech&Co de BFM Business, sur le thème de l’Internet quantique via satellite.
Dans cet entretien, il aborde l’inviolabilité de la clé de chiffrement, la distribution quantique des clés et la cybersécurité des communications quantiques par satellite.
L’occasion, pour nous, de revenir et d’approfondir les différentes notions abordées dans cet entretien.
Inviolabilité de la clé de chiffrement
La cryptographie quantique consiste à générer et partager des clés de chiffrement basés non pas sur des lois mathématiques mais sur des lois de la mécanique quantique.
La sécurité de la cryptographie quantique ne repose plus sur la difficulté mathématique d’un problème, comme c’est le cas des protocoles cryptographiques utilisés aujourd’hui mais sur une propriété de la physique quantique qu’on appelle l’effondrement de la fonction d’onde ou réduction du paquet d’onde.
On vous explique un peu plus ce concept ci-dessous.
En cryptographie quantique, on extrait une clé de chiffrement classique symétrique (des 0 et des 1 dans le désordre) à partir d’échange de qubits photoniques. Mais à la fin, on manipule bien une clé de chiffrement classique.
Imaginons maintenant qu’une particule, un peu comme un interrupteur, admette deux états possibles, que nous baptiserons 1 et 0 pour un maximum de simplicité. Si l’on en croit l’interprétation de Copenhague, tandis qu’un interrupteur ne peut être que dans un seul état à la fois (allumé ou éteint), la particule, elle, se trouve dans ce que l’on appelle une superposition d’états, c’est-à-dire à la fois 1 et 0.
Dans le monde quantique, le simple fait d’observer un système quantique provoque une sorte d’effondrement vers un état spécifique. On parle aussi de réduction du paquet d’onde.
Ainsi, une particule qui, selon la théorie, peut se trouver dans plusieurs états à la fois, choisit instantanément son camp dès qu’elle est observée.
Supposons, qu’un observateur décide de mesurer l’état quantique pour récupérer la clé de chiffrement, alors le simple fait d’observer et de mesurer l’état quantique provoque la disparition de la superposition quantique, causant ainsi un effondrement de la fonction d’onde.
Une fois la première observation faite, l’effondrement de la fonction d’onde est absolu est définitif, il n’y a pas de versions alternatives ou de modifications possibles. Il est donc impossible de récupérer la clé de chiffrement.
Pour être plus précis, l’observation ou la mesure d’un état quantique ne le fait pas réellement disparaître. Au lieu de cela, la mesure d’un état quantique perturbe plutôt l’état du système mesuré et modifie sa fonction d’onde. C’est tette perturbation qu’on appelle l’effondrement de la fonction d’onde et elle est un phénomène central de la mécanique quantique.
Les différentes formes de distribution quantiques des clés
Dans la théorie, il existe deux grandes formes de QKD : celle qui repose sur le protocole BB84 et dérivés qui n’exploite que l’effondrement de la fonction d’onde, et celle qui repose sur l’intrication (depuis le protocole E91). Elles ont des caractéristiques différentes.
Aujourd’hui, ce qui est déjà déployé, ce sont des BB84-like comme en Chine. Le projet Européen vise, quant à lui, à faire de la QKD intriquée. Son intérêt est que, seule la QKD intriquée permet de bâtir un Internet quantique et de relier quantiquement des objets quantiques (ordinateurs ou capteurs). Le protocole BB84 ne le permet pas. Par contre, l’Internet quantique a besoin de répéteurs d’intrication qui sont en cours de développement.
Dans la suite de cet article, nous ne parlerons que de QKD qui repose sur l’intrication (depuis le protocole E91)
La distribution quantique des clés de chiffrement
Ici, nous allons parler d’une distribution quantique des clés de chiffrement basée sur l’intrication (depuis le protocole E91).
Dans des communications sécurisées par cryptographie quantique, la distribution quantique des clés de chiffrement s’appuie sur des satellites qui font office de relais de sécurité intermédiaires.
En cryptographie quantique, la distribution quantiques de clés ou QKD pour Quantum Key Distribution, est un moyen sûr de partager des clés secrètes entre des utilisateurs distants.
L’utilisation de relais par satellite permet d’étendre les distances de communication mais ces relais posent des risques de sécurité. Ce problème peut être résolu en utilisant une QKD basée sur l’intrication.
En effet, la physique quantique rend possible un effet étrange appelé l’intrication. Plus concrètement, deux ou plusieurs particules telles que des photons qui sont liés ou « enchevêtrés » peuvent s’influencer simultanément, quelle que soit leur distance.
Représentation d’artiste de l’intrication (Crédits : Arhan Amun Ankh)
Des paires de photons intriqués peuvent être distribuées via des liaisons satellites descendantes vers des observatoires terrestres. Cette méthode décuple non seulement la distance de sécurité au sol, mais augmente également la sécurité pratique de QKD grâce à l’intrication.
Comme on l’a vu précédemment, la sécurité des protocoles d’échange quantique de clé est appuyée sur l’hypothèse que le théorème de non clonage prive un adversaire d’apprendre l’état d’une particule avant la mesure.
Pour comprendre la distribution quantique de clés
Pour comprendre la distribution quantique de clés de chiffrement, je vous conseille cette vidéo
Pour comprendre l’intrication quantique
Pour comprendre l’intrication quantique, je vous conseille la vidéo de Science Étonnante sur le sujet
La cybersécurité des communications quantiques par satellite
Jusqu’à aujourd’hui, la distribution quantique des clés (QKD) était principalement menée à travers des fibres optiques au sol. La distance maximale atteinte jusqu’à maintenant pour générer des clés de cryptographie a été réalisée en laboratoire sur une fibre optique enroulée sur 830 kilomètres de long (Source : Twin-field quantum key distribution over 830-km fibre by Shuang Wang et al, Nature, January 2022).
L’utilisation de relais satellites permet d’étendre ces distances et les problèmes de sécurité sont résolus en utilisant une distribution quantique des clés (QKD) basée sur l’intrication.
Cette technologie basée sur l’inviolabilité de la clé de chiffrement, permet de réaliser des communications sécurisées par satellite.
L’ENISA, l’agence de l’Union européenne pour la cybersécurité, a publié un papier pour expliquer ce qu’est et ce que n’est pas la QKD. C’est un papier qui date de novembre 2009 donc plusieurs problèmes évoquées ont été résous depuis ou sont en cours de résolution.
La sécurisation des infrastructures européennes face aux attaques des futurs ordinateurs quantiques
Au cœur de la seconde révolution quantique, Thales s’associe à une vingtaine de partenaires de la « deeptech », acteurs académiques et industriels, afin de déployer d’ici 3 ans une infrastructure résiliente et ultra-sécurisée de communications quantiques pour les Etats membres de l’Union Européenne, via l’initiative EuroQCI (European Quantum Communication Infrastructure).
l’objectif est de créer un réseau d’information quantique appelé QIN, Quantum Information Network. Il permettra non seulement la sécurisation des communications, mais également la mise en réseau de capteurs et de processeurs quantiques, qui permettront de centupler les performances déjà exceptionnelles des capteurs quantiques et ordinateurs quantiques.
Pour en savoir plus, voir notre article sur le sujet ici.
Pour en savoir plus sur le quantique et la cryptographie quantique
On vous propose ci-dessous plusieurs ressources à consulter pour approfondir le sujet du quantique, la cryptographie quantique et le chiffrement post-quantique
Concernant les technologies quantiques en général, je vous conseille le blog d’Oliver Ezratty. Vous pourrez écouter Quantum, le podcast mensuel de l’actualité quantique francophone, enregistré en compagnie de Fanny Bouton, quantum lead chez OVHcloud. Vous pourrez également y télécharger l’ebook Understanding Quantum Technologies, cinquième édition, publiée en septembre 2022, 1128 pages. C’est la mise à jour de la quatrième édition, toujours en anglais et sans version française. C’est une véritable bible publique sur le sujet de la physique quantique. Une version simplifiée de 24 pages est aussi disponible. Les ebook d’Oliver Ezratty sont tous gratuits et téléchargeables sur son blog au format PDF en général et parfois en ePub.
Je vous conseille également l’une des chroniques de Michel Juvin, publiée chez Alliancy – le mag numérique et business dans « Les Carnets de Michel » sur le sujet du chiffrement post-quantique. Michel Juvin est un expert de la sécurité et de la transformation, ancien membre actif du CESIN (Club des Experts de la Sécurité de l’Information et du Numérique), ancien DSI puis Chief Information Security Officier (CISO), notamment dans des entreprises comme Lafarge ou Chanel. Michel partage régulièrement sa vieille technologique et le fruit de ses réflexions sur ce monde hyper technique.
Feuille de route sur le développement des réseaux d’information quantique par satellite
Thales Alenia Space, en tant que maître d’œuvre de l’étude, associé au CNES (Centre National d’Etudes Spatiales) et au CNRS (Centre national de la recherche scientifique), a publié un document qui présente une feuille de route sur le développement des réseaux d’information quantique (QIN) par satellite.
Les réseaux d’information quantique (QIN) suscitent un intérêt croissant, car ils permettent de connecter des dispositifs quantiques sur de longues distances, améliorant ainsi considérablement leurs capacités intrinsèques de calcul, de détection et de sécurité. Le mécanisme central d’un QIN est la téléportation d’états quantiques, consommant de l’intrication quantique, qui peut être considérée dans ce contexte comme un nouveau type de ressource réseau. Nous identifions ici les cas d’utilisation par secteur d’activité, y compris les objectifs de performance clés, en tant que référence pour les exigences du réseau. Nous définissons ensuite l’architecture de haut niveau d’un QIN générique, avant de nous concentrer sur l’architecture du segment spatial, dans le but d’identifier les principaux moteurs de conception et les éléments critiques. Une étude de l’état de l’art de ces éléments critiques est présentée, ainsi que les questions liées à la normalisation. Enfin, nous expliquons notre feuille de route pour le développement des premiers QIN et détaillons la première étape déjà achevée, à savoir la conception et la simulation numérique des QIN. la conception et la simulation numérique d’un démonstrateur de distribution d’intrication espace-sol. de distribution d’enchevêtrement.
For the third edition of CYSAT, the European event entirely dedicated to cybersecurity for the space industry, taking place on 26-27 April 2023 at Station F in Paris, the European Space Agency (ESA) set up a satellite test bench to simulate attempts to seize control of OPS-SAT, a nanosatellite operated by the agency for demonstration purposes.
Thales’s offensive cybersecurity team stepped up to the challenge, identifying vulnerabilities that could enable malicious actors to disrupt operation of the ESA satellite.
The results of the ethical satellite hacking exercise, the first of its kind in the world, will be used to tighten security for the satellite and its onboard applications, helping to improve the cyber resilience of space systems, protect sensitive data and support the long-term success of space programmes.
Artist’s impression of OPS-SAT. Credit: ESA – European Space Agency
The European Space Agency (ESA) challenged cybersecurity experts in the space industry ecosystem to disrupt the operation of the agency’s OPS-SAT demonstration nanosatellite. Participants used a variety of ethical hacking techniques to take control of the system used to manage the payload’s global positioning system, attitude control system (1) and onboard camera. Unauthorised access to these systems can cause serious damage to the satellite or lead to a loss of control over its mission. Thales’s offensive cybersecurity team worked with the Group’s Information Technology Security Evaluation Facility, ITSEF (2), for this unique exercise, which demonstrates the need for a high level of cyber resilience in the very specific operating environment of space.
The Thales team of four cybersecurity researchers accessed the satellite’s onboard system, used standard access rights to gain control of its application environment, and then exploited several vulnerabilities to introduce malicious code into the satellite’s systems. This made it possible to compromise the data sent back to Earth, in particular by modifying the images captured by the satellite’s camera, and to achieve other objectives such as masking selected geographic areas in the satellite imagery while concealing their activities to avoid detection by ESA. The demonstration was organised specifically for CYSAT to help assess the potential impact of a real cyberattack and the consequences for civilian systems.
Throughout the exercise, ESA had access to the satellite’s systems to retain control and ensure a return to normal operation.
Thales is grateful to ESA and the CYSAT organisers for providing this unique opportunity to demonstrate the ability of our experts to identify vulnerabilities in a satellite system. With the growing number of military as well as civil applications that are reliant on satellite systems today, the space industry needs to take cybersecurity into account at every stage in the satellite’s life cycle, from initial design to systems development and maintenance. This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programmes in general, including both ground segments and orbital systems.
Pierre-Yves Jolivet, VP Cyber Solutions, Thales.
In a presentation on 27 April by Thales experts and members of the ESA team, CYSAT participants can find out more about the attack scenario used in this first demonstration of offensive cybersecurity techniques, tactics and procedures.
Thales’s cybersecurity capabilities for the space industry
Drawing on more than 40 years of experience in cybersecurity and space activities, Thales applies the principles of “cybersecurity by design” to the products it develops for satellite operators and space agencies. Its joint venture with Leonardo, Thales Alenia Space, designs and delivers innovative solutions for telecommunications, navigation, Earth observation, environmental monitoring, space exploration, scientific research and orbital infrastructures. With more than 3,500 cybersecurity specialists, Thales helps to ensure the security of satellite systems for national and European space programmes – in particular Europe’s Galileo satellite navigation programme – and at the international level. With its combined expertise in cutting-edge satellite systems and cybersecurity solutions relying on the latest military technologies, Thales offers governments, institutions and enterprise customers a comprehensive range of cybersecurity solutions to guarantee robust protection of all the elements of a space system. The offensive cybersecurity capabilities demonstrated by Thales at CYSAT enable customers to better anticipate and respond to current and future threats. The Group’s cybersecurity solutions for the space industry encompass everything from risk and threat evaluation to data protection and network security, incident detection and response, and security maintenance throughout the system life cycle.
(1) The attitude of a satellite refers to its orientation or position relative to a reference frame, which is usually the Earth. Specifically, it describes the satellite’s three-dimensional orientation with respect to three perpendicular axes: roll, pitch, and yaw.
(2) An Information Technology Security Evaluation Facility (ITSEF) is a trusted, independent third-party product security testing facility accredited by a national certification body (ANSSI in France).
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies within three domains: Defence & Security, Aeronautics & Space, and Digital Identity & Security. It develops products and solutions that help make the world safer, greener and more inclusive.
The Group invests close to €4 billion a year in Research & Development, particularly in key areas such as quantum technologies, Edge computing, 6G and cybersecurity.
Thales has 77,000 (1) employees in 68 countries. In 2022, the Group generated sales of €17.6 billion.
(1) These figures do not include the Transportation business, which is currently being divested.
The biggest European event entirely focused on cybersecurity for the space industry will take place in Paris in April 2023. Since 2021, the event brings space and cybersecurity experts together to create a European ecosystem capable of responding to the current and future challenges faced by the European space industry
Paris, 10th March 2023 – CYSEC, a leading cybersecurity company, is organising the third edition of CYSAT, the largest European event entirely dedicated to cybersecurity for the space industry, on 26th and 27th April 2023 at Station F in Paris.
Faced with cybersecurity challenges and the growing importance of data protection in space, it is crucial to bring together communities of cybersecurity experts to build a European ecosystem capable of addressing current and future industry challenges.
Last years’ event saw more than 450 space specialists, decision-makers and experts come together. In its third year, CYSAT will highlight Europe’s cybersecurity capabilities and solutions dedicated to space from both a technological and geostrategic perspective.
What to expect at the event:
An exclusive testimony by Colonel Oleksandr Potii, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine. A year since the cyber-attack on satellite network KA-SAT, Potii will reflect on what lessons can be learned from this attack.
Talks and keynotes from renowned industry experts, including Philippe Baptiste, President of CNES, Jean-Marc Nasr, Vice-President Space at Airbus Defence and Space, Massimo Mercati, Head of Security at ESA and Greg Wyler, founder of E-Space.
Top speakers at CYSAT PARIS 2023
Workshops and demonstrations highlighting the know-how of the space industry
Mathieu Bailly, VP Space at CYSEC and Director of CYSAT said: “Last years’ CYSAT event focused on the importance and critical value of space data, in a particularly charged geopolitical context. Data protection has proven to be a major issue for both companies and European countries in recent times. This year, we want to bring the major players in space and cybersecurity together again, with the aim to create a sovereign European ecosystem, capable of addressing these technological and economic challenges.
Mathieu Bailly, VP Space chez CYSEC et Directeur de CYSAT
“We hope to foster a continuum between established players and newcomers in the space industry to demonstrate Europe’s capacity for innovation and the opportunities this new ecosystem will create.”
To find the full programme and more information on the event, visit: https://cysat.eu/
A propos de CYSEC
CYSEC is a Franco-Swiss cybersecurity company that is a pioneer in the protection of satellites and data collected and transmitted in space.
The company has just launched two security products in 2023, ARCA SATCOM dedicated to the satellite internet market, and ARCA SATLINK dedicated to constellation operators.
CyberInflight and Florent Rizzo released their new Space Cybersecurity Weekly Watch for week 15 (April 3-11, 2023)
In this second Space Cybersecurity Watch, you will find Articles, company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.
The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education, important news.
You can download this second Space Cybersecurity Weekly Watch here.
HOT NEWS
At the top of their watch, CyberInflight and Florent Rizzo make a very important announcement :
“CyberInflight new space cybersecurity market intelligence research report is out ! The team has put an incredible amount of effort to release this “150-pages bible of the space cybersecurity market” ! You can get the details and the table of content contacting us. This report is a unique resource that identifies the main market trends and intelligence indicators to comprehend the overall space cybersecurity ecosystem and to make better strategic decision making.”
Congratulations to all CyberInflight team for this achievement.
CyberInflight and Florent Rizzo have just announced the release of their first Space Cybersecurity Weekly Watch. They have been working on a weekly space cybersecurity watch for a few months.
CyberInflight explained the need to release this Space Cybersecurity Watch :
Cyberinflight needs it internally to conduct their business intelligence activities.
Existing watch services are often automated and not very relevant, even those carried out by actors with huge resources. Watches are often either too “cyber” or too “spatial”.
The number of articles on the subject has exploded in the last 2 years.
Everybody gets a watch but nobody reads it…
Time is precious, so they try to estimate a reading time as well as the 5 key articles not to be missed.
In this first Space Cybersecurity Watch, you will find Articles, company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.
The watch will be freely available for a few weeks. Feedback and remarks are welcome and don’t hesitate to share.
Depuis plusieurs années, l’espace connaît un développement particulièrement important, que ce soit en lien avec des applications de la vie quotidienne (télécommunication, navigation & positionnement, transfert bancaire, observation de la Terre, …) ou avec les opérations militaires. Cette forte croissance ne va pas sans soulever des questions liées à la sécurité.
Pour vous en convaincre, nous avons écris plusieurs articles sur le sujet dont en voici quelques-uns :
L’École de l’air et de l’espace (EAE), en partenariat avec le Commandement de l’Espace (CDE), le Centre national d’études spatiales (CNES) et l’Office national d’études et de recherches aérospatiales (ONERA) vous propose un Mastère Spécialis鮫 Defense and Security in Space » (MS DefSiS). Cette formation duale de haut niveau (BAC+6) civile et militaire, et ouverte à l’international vise à former des cadres civils et militaires ayant une vision intégrée de la sécurité des systèmes spatiaux dans les opérations spatiales civiles ou de défense.
Les compétences développées dans le cadre du MS® DefSiS permettront d’accéder de façon privilégiée aux domaines de l’analyse et du conseil au sein d’industries, d’organismes gouvernementaux ou de cabinets liés au fonctionnement et l’utilisation des systèmes spatiaux civils et militaires dans leur dimension sécuritaire.
Cette expertise pourra notamment être employée dans le cadre de la recherche ou du développement d’un programme spatial, de la mise en œuvre et de l’emploi opérationnel d’un système spatial ou encore de l’analyse, la prévention, le suivi ou la gestion de crises.
Plaquette PDF du Master DefSis
Retrouvez ci-dessous une plaquette en PDF qui présente en 3 pages le mastère “Defense and Security in Space” de l’École de l’Air et de l’Espace (EAE)
Présentation du master DefSis en Vidéo dans le Journal de l’espace
Pour en savoir plus
Les inscriptions pour la promotion 2023-2024 sont ouvertes. Pour en savoir plus, retrouvez toutes les informations et modalités d’inscription (Dossier de candidature, Demande de Bourses) sur le site internet de l’école de l’air et de l’espace.
CYSAT is the first European event entirely dedicated to cybersecurity for space.
After a first successful edition over 2 days in March 2021 with over 200 participants, CYSAT is back and selected Paris for its new home!
The second edition will be on April 6-7th, 2022 in a hybrid format, i.e., hosted both physically in downtown Paris at Station F and accessible online.
An event around 3 pillars
The CYSAT event will be centered around 3 pillars:
A technical conference with keynotes by selected cyber and space experts, offering a unique opportunity to deep dive into all the different aspects of cybersecurity for space. Ideal for space engineers willing to learn.
An executive day featuring industrial leaders and top-level representatives from national and European agencies.
Demos by 3 teams of ethical hackers of cyber attacks on a flying satellite : Hack CYSAT.
The technical conference, similar to the first edition, will be led with experts both from the space and cybersecurity fields. Tackling all important topics from cyber threats, security-by-design, mission control security, on board security, cloud security, quantum tech, newspace, etc …
There will be a day dedicated to executives with keynotes from the industry as well as national and European agencies. Panel discussions related to the protection of European space assets (upstream) and data (downstream), mixing established players, newspace companies and space agencies.
Hack CYSAT challenge
The Hack CYSAT challenge is a great surprise. CYSAT team is working on with partners to get the community of hackers excited.
The winners will be invited to STATION F (Paris) to showcase their demos live. Details at hack.cysat.eu
CYSAT Program
The CYSAT program is out and avalaible here. Check out speakers and panelists line-up to discuss cybersecurity for European space assets and data.
The program combines technical keynotes on the topics of:
Cyber threats relevant for space systems
Ground segment security
On-board security
Don’t hesitate to visit Cysat website to register. Tickets on site and online at www.cysat.eu
See you all at the STATION F in Paris, April 6-7th!
🌟 I'm thrilled to share that I've earned the CISM (Certified Information Security Manager) from ISACA. You can view my achievement on Credly.
🌍 This...
Attacks on OT (Operational Technology) systems are made easier due to the OT/IT convergence.
The figure below is showing an example of OT/IT convergence.
Attacks on OT...
What an incredible start to 2024.
I've had some incredible opportunities and I've been able to do some really interesting things.
I continue my role as...
I’m very proud to receive the following certificate of completion for having successfully completed the training course : « Introduction to Cybersecurity in Space...
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...
Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...
