Space Cyber Security Watch N°5 (August 31, 2021)

PDF VERSION IS AVALAIBLE HERE

Find below the new Space Cyber Security Watch No 5 (August 31, 2021). In this paper, you will find everything that has caught our attention since the last time : news, articles, papers, Space CTI, videos, webinars, events, attacks, podcats … This work is not exhaustive, so comments and observations are welcome.

Contents

• Attacks on Space Systems
• Articles
• Papers
• Videos
• Webinars
• Past Events
• Upcoming Events

Attacks on Space Systems

• North Korea-linked hackers accessed South’s rocket developer – Hackers linked to North Korea broke into the network of a South Korean aerospace company that holds confidential rocket propulsion technologies developed for the nation’s first indigenous space launch vehicle KSLV-2
• Chinese Hackers Group “RedFoxtrot” Attacking Asian Countries Aerospace and Defense Networks. Check the PDF Report from Recorded Future

Articles

May 2021

• Final Frontier: Space control will be ‘realm of cyber warfare’ – Australia’s catch-up in the space arms race will focus on information and cyber warfare, including helping other countries protect their orbital assets from dangers.

June 2021

• US strives to address space cyber challenge – Securing space assets from direct attack or hacking is an ever more important task — but is it impossible?
• Thales : Launches New Line of Satellite Communications Solutions to Ensure Reliable Connectivity Worldwide on Iridium
• Thales Alenia Space and Telespazio win contract for SICRAL 3 secure satellite communications system and associated ground segment. New program will ensure the continuity of Italy’s defense satcom services.
• Thales Alenia Space to Develop Secure Satellite Communications for Italian MoD
• Moving space into the cloud: Q＆A with Microsoft Azure Global’s Tom Keane
• Explore how space customers use AWS as they work toward the future – Astronaut Peggy Whitson & Maj. Gen. Clint Crosier (Ret.) share how AWS helps astronauts, scientists & everyday heroes make the future of space a reality.
• Microsoft joins Space ISAC as founding member to further space cybersecurity intelligence
• South Australia splashes out on space, defence, and cybersecurity in 2021-22 Budget
• Aerospacelab launched its first satellite with launch service provider Spaceflight Inc. aboard SpaceX Transporter-2 mission on a Falcon 9 rocket. The Risk Reduction Flight (RRF) mission will test and validate Aerospacelab’s proprietary technologies in orbit for geospatial intelligence, defencee and surveillance
• Aerospacelab worked with OVHCloud to launch a satellite on a SpaceX rocket
• Space Force launches fifth GPS III satellite for more secure positioning
• Harder to spoof and tougher to jam. The GPS III satellite brings with it Military Code enablement, which will beam more secure signals to the warfighter on the ground, in the air and at sea (by Lockheed Martin)
• NATO plans to cover outer space in mutual defense clause: German media – Under move, serious attack on space satellites of member states could trigger Article 5, says NATO chief
• U.S. Space Force successfully launches first tactically responsive launch mission

Juillet 2021

• International Institute of Space Law (IISL) presents the exciting and complex topic of “Cybersecurity”
• The cyberattack of our nightmares: What if hackers target our satellites? A cyberattack on our satellites and earth-based stations could severely disrupt the communications, energy, financial and health care sectors
• Introduction to Cybersecurity for Commercial Satellite Operations: Draft NISTIR 8270
• Comment Period Extended for Draft NISTIR 8270, Introduction to Cybersecurity for Commercial Satellite Operations – NIST has extended the due date to October 13, 2021, for providing comments on Draft NISTIR 8270, “Introduction to Cybersecurity for Commercial Satellite Operations.”
• CNSSI 1253 and NIST released the Space Platform Overlay – The CNSSI 1253 (Committee on National Security Systems Instruction No. 1253) has released (Attachment 2) the Space Platform Overlay as a companion of the NIST SP 800-53 controsl guide. Space Overlay is a set of specific guidances and requirements for space. Space Overlay can be used as Security Baseline on some space systems studies.
• Satellite Cyberattacks and Security: Technical Study – Satellites are crucial for everyday life and their importance is only set to grow in the future. These factors make them attractive targets to different groups including industry competitors, criminals, hacking activists, nation states, or military forces.
• Signal Overlay Design and Detection for Satellite Communication Channels (ESA)
• IronNet Launches First Collective Cyber Defense Community for the Commercial Space Industry – Intuitive Machines joins IronNet’s Collective Defense Community for Space; initiative launched at leadership summit including industry visionaries and partners Axiom Space and Jacobs Engineering Group
• Dickinson: Space Command and Cyber Command ‘Inseparable’ – U.S. Space Command  said his work is inseparable from that of U.S. Cyber Command but that policy must change to keep up with evolving threats in the cyber domain.
• For hackers, space is the final frontier – As the commercial space industry heats up, security experts worry about cyberattacks. Gregory Falco is interviewed alongside Erin M. Miller for this excellent piece on space cybersecurity.
• Supply chain attacks are on of the major Space Cybersecuity threats this decade and beyond. Understanding the increase in Supply Chain Security Attacks with this Threat Landscape for Supply Chain Attacks Report
• The International Institute of Space Law (IISL) presents the exciting and complex topic of “Cybersecurity”. Check the announce on LinkedIn.

August 2021

• The Knowledge Constellation platform has been launched in 2021 by the International Institute of Space Law.
• Space ISAC Celebrates One Year of Open Membership
• Amid Space Race, Cybersecurity And Resiliency Remain Concerns: Experts – Cybersecurity and resilience are top concerns as the rush for space grows. MITRE, The Aerospace Corporation, and Booz Allen Hamilton experts (and Space ISAC Founding Board Members) share views.
• The Secure Space Daily Summary from Space ISAC
• CYSEC launched ARCA Space, an end-to-end security solution for commercial space missions in order to protect satellite communications. Check the presention in this video.
• Booz Allen Hamilton hosted an interactive wargame for AIAA members. Check how AIAA is helping the aerospace industry prepare for cybersecurity challenges.
• Alya Nano satellites chose CYSEC for their cybsersecurity services and to develop high-security platforms for their global satellite data sharing activities and between their receiving and control station

Papers

• GAO urges NASA to step up cybersecurity efforts NASA identified a total of 1,785 cyber incidents in 2020 (PDF)
• Introduction to Cybersecurity for Commercial Satellite Operations: Draft NISTIR 8270 Available for Comment (PDF)
• Satellite Cyberattacks and Security: Technical Study by HDI Global Specialty SE (PDF)
• Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries (PDF)
• New Tallinn Paper on Russia’s Cyber Policy Efforts in the United Nations (PDF) published by NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)

Videos

• NSSA (National Security Space Association) SpaceTime: 5th Annual National Security Space Budget Forum
• CYSEC ARCA Space: End-to-end security for space assets and data
• Space ISAC CMMC Webinar Series Part 1 and Part 2
• DEF CON 29 Aerospace Village Videos
  • Fuzzing NASA Core Flight System Software
  • Lost In Space: No one Can Hear Your Breach Choose Wisely
  • Unboxing the Spacecraft Software BlackBox Hunting for Vulnerabilities
  • Threat Modeling for Space Hitchhikers
  • Hack A Sat 2 – The Good, the Bad and the Cyber Secure
  • Deep Space Networking Workshop Part 1 Analyzing LTP
  • Deep Space Networking Workshop Part 2 LTP Wireshark Challenge
  • Deep Space Networking Workshop Part 3 LTP Custom Profile
  • AIAA CubeSat Hacking Workshop 01 Section 1 CubeSAT 101
  • AIAA CubeSat Hacking Workshop 02 Section 2 Attack Methodology
  • AIAA CubeSat Hacking Workshop 03 The CubeSAT User Interface
  • AIAA CubeSat Hacking Workshop 04 Cyberattack Scenario 1
  • AIAA CubeSat Hacking Workshop 05 Cyberattack Scenario 2
  • AIAA CubeSat Hacking Workshop 06 Cyberattack Scenario 2
  • AIAA CubeSat Hacking Workshop 07 Cyberattack Scenario 3
  • AIAA CubeSat Hacking Workshop 08 After the Cyber Attack

Webinars

• Interesting talk with European Commission DG DEFIS and other new companies, for the Secure Connectivity Initiative Conference. Commissionner Thierry Breton called for active engagement of new space (14 june 2021)
• Space Resilience for Automakers Webinar presented by CAR (Center for Automotive Research) and with the contribution of Space ISAC, MITRE, Lockheed Martin and Constellation Network (14 june 2021)
• Space Law webinar Series on Anti-Satellite (ASAT) Weapons, Arms Control, and Space Law from USAF (United States Air Force) Academy. The discussion was about the state of space arms control, examining previous arms control treaties, and drawing comparisons to modern arms control propositions such as US/European efforts to codify “responsible” space conduct and the Chinese/Russian advocacy for a new Prevention of the Placement of Weapons in Outer Space (PPWT) Treaty. (23 June 2021)
• NIST Workshop: Cybersecurity Framework profile for Ground Segment (PDF) – (24 June 2021)
• Space and Missile Systems Center – NIST Workshop Kickoff KEYNOTE – Ground Segment Cyber Challenges (PDF) – (24 June 2021)
• Back to Satellite Ground Segment Cybersecurity NIST Workshop (24 June 2021)
• Replay of the world premiere of the next step in quantum cryptography (7 July 2021)
• Avoiding the Hackers: Small Sat Cybersecurity Information Sharing & Analysis Discussion (9 August 2021)
• Common Issues and Concerns Organizations Face in CMMC Compliance…and How to Prepare for Them (17 August 2021)
• Space as a Critical Infrastructure – Presented in Association With Space ISAC during the Space Symposium (26 August 2021)

Past Events

• June 16, 2021 : The fifth annual National Security Space Budget Forum (virtually via Zoom for Government). Check replay video here

Upcoming Events

• September 1 – 3, 2021 : Geopolitics and Global Futures Symposium 2021. The 2021 Geopolitics and Global Futures Symposium is now open for applications! Module 1 is about « The Future of Outer Space Security »
• September 7-9, 2021 : Joint Air & Space Power Conference 2021 – Delivering NATO Air & Space Power at the Speed of Relevance. The security challenges to NATO did not just get put ‘on hold’ as our individual countries turned inward to battle the existential threat to survival at home. Indeed, the global pandemic also presented an opportunity to NATO’s near-peer adversaries to manoeuvre and attempt to gain an advantage.
  • Security Convergence for Air and Space PowerResilience in Three Dimensions 
  • NATO Electronic Warfare and Cyberspace Resilience
  • Avoiding Cyber Forever Wars – Toward a Joint All Domain Whole of NATO Cyber Conflict Deterrence Strategy
  • Cyberspace and Joint Air and Space Power – Any Speed; Always Relevant 
• September 7-10, 2021 : 2021 SATELLITE Experience with Satellite Cybersecurity session.
• October 5 – 7, 2021 : ESA Software Product Assurance Workshop 2021. There will be one full day of ECSS training, followed by 3 days of interesting presentations and discussions on various topics. Registration here
• October 5 – 7, 2021 : CyberSatGov – To bring together the satellite community with the government and military markets to have a comprehensive, progressive discussion about cybersecurity. The CyberSatGov Agenda is Here!
  • Security in LEO: Can the US Government Trust it?
  • Solarwinds, Colonial Pipeline: Impact on Satellite Cybersecurity
  • Supply Chain Risk Management: Keeping It Secure
  • Blackjack 2022: Prime Time is Fast Approaching
  • Cloud and Data Processing: Space Systems Applications and Threats and Vulnerabilities Management
  • Value Of Space: How Space Systems’ Critical Infrastructure Will Apply to Future National Critical Functions
• October 19 – 21, 2021 : 11th IAASS conference : Managing Risk in Space – The 11th IAASS Conference “Managing Risk in Space”, organized in cooperation with the Japan Aerospace Exploration Agency (JAXA) is an invitation to reflect and exchange information on a number of space safety and sustainability topics of national and international interest.
• October 25-29, 2021 : IAF’s IAC 21 in Dubaï – 72nd International Astronautical Congress 2021 (Dubai, United Arab Emirates) will have two security sessions :
  • D5 is 54th IAA Symposium on Safety, Quality and Knowledge Management in Space Activities (D5.4 will be more technical : Cybersecurity in space systems, risks and countermeasures)
  • E9 is IAF Symposium on Space Security (E9.2 is more strategic and legal focused : Cyber-based security threats to space missions – establishing the legal, institutional and collaborative framework to counteract them)
  • Papers have been selected and the program will be published shortly

This work is not exhaustive, so comments and observations are welcome.