© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

The ingredients for ransomware attack in space are here - interview

Satellites are vulnerable to hacking. Much like other critical industries in the past, space assets are poorly protected.

For most of the history of space exploration, two superpowers, the United States and the Soviet Union, dominated the skies. Even with the fall of the USSR, only a handful of nations had the capability to leave this planet.

That, however, has changed. Advances in rocket technology and satellite deployment have made space travel accessible not only to nation-states but to businesses, too.

This time, Europeans aim to be at the forefront of the new space race. According to Mathieu Bailly, VP Space at CYSEC, a cybersecurity company, Europe intends to prepare engineers for the future. That entails understanding the risks cyber threats play in the space industry.

“We want to show them that hackers do not follow the guidelines, procedures, and standards with which space engineers are familiar. Hackers think differently,” Bailly told Cybernews.

We sat down to discuss why Europeans need to have their own space policy, and why they are lagging behind the US in the first place. We also discussed cyber threats that satellites are susceptible to.

Could you tell me a little about the upcoming 'Hack Cysat' event in Paris this April?

At CYSEC, we started digging and looking at the topic of cybersecurity for space in 2018. And we quickly realized that the US was ahead of Europe. They already had numerous events dedicated to cybersecurity for space. For example, the US Air Force organized “Hack-a-sat,” the first hacking competition targeting a satellite in 2020.

So we decided to organize the first edition of CYSAT last year, a technical conference about cybersecurity for space. It was the first one in Europe. This year we decided to include a satellite-hacking challenge. We will use a cubesat belonging to the European space agency called OPS-SAT. It's a 3U CubeSat size of a shoebox orbiting the Earth since 2019.

Today it's serving as a test lab for all European companies wanting to test their software in orbit without having to build an actual satellite themselves. We asked if they were kind enough to lend us this satellite for the challenge, and they were very positive and enthusiastic about that.

What's the point of using an orbiting satellite for a hacking challenge?

It's about educating European space engineers about cyber risks. We want to show them that hackers do not follow the guidelines, procedures, and standards with which space engineers are familiar. Hackers think differently. They do things that are not authorised which in the end can have dramatic consequences for a specraft or a mission.

When I started investigating cybersecurity for space in 2018, the concept of hacking a satellite was very new in the public domain. The military has been thinking about satellite security for a long time. But it's entirely new for commercial and institutional missions.

"We want to show them that hackers do not follow the guidelines, procedures, and standards with which space engineers are familiar. Hackers think differently."

-Mathieu Bailly, VP Space at CYSEC

And while we are launching thousands of these new satellites, most of the people in the space industry have no idea what cybersecurity is all about.

The situation reminds me of what was going on with the Internet of Things (IoT) 10 years ago. Engineers started playing with connected objects and realized that once you have millions of objects connected, you have a critical infrastructure that you need to take care of. Otherwise, it can be breached or used as a weapon. We are precisely at this point in the space industry.

A similar event, Hack-a-Sat, was held during Defcon in the US. Why do you think it's essential for Europe to organize such challenges locally?

Yes, Hack-a-Sat is a very popular event. I think they had over two thousand teams applying last year to the qualifications. It’s huge! However, Hack-a-sat is a US Air Force event driven by the needs of the US DoD, so it's mainly targeting the security community.

With CYSAT, we want to address the European space community and show what are the best practices in terms of cybersecurity that are worth copying. I think it's imperative for Europe to act because space is also a political matter.

We need to build a European ecosystem that is capable of responding to the future challenges of the industry, and cybersecurity is one of them. That starts by raising awareness for space engineers currently working on future missions. They're the ones to be trained, educated, and looked after if we want to improve the situation in Europe.

Engineer tinkering with a small satellite. Image by NASA.

Why do you think Europe is behind the US regarding cybersecurity awareness for space assets?

One of the reasons the US are ahead is because they were the first to understand that space was going to become a political and military field. That’s why Trump created the Space Force in 2019.

And there was a spillover effect to the commercial side of things. Some people who work on military missions are also space engineers. So, they had a lot more awareness about cybersecurity. Meanwhile, in Europe, we are following this trend, we see now European countries also creating their own space force.

Do you think hacking is a real threat to space assets? I'm talking about non-state actors attacking space assets or disrupting the infrastructure in some other way.

Yes, absolutely. And this is also a question we often get. There are about 70 attacks recorded and reported publicly, targeting a wide range of players.

There have been cyberattacks on space systems for decades. It is just that this is only the tip of the iceberg. In my opinion, the publicly available information is just a fraction of the real picture.

That's because the leading players have been very much working with the “security through obscurity” mindset. This needs to change, and that is why we are organizing CYSAT, to promote “security by transparency” and the adoption of best practices like ethical hacking.

"Ransomware is one of the most likely cyber threats for the space industry."

-Mathieu Bailly, VP Space at CYSEC

In addition, more satellites are being launched every day, and with that, the importance of cybersecurity is only growing. That's because, in the space industry, we combine all the weak points that hackers are looking at.

This situation reminds me of the maritime industry in 2018-2019. A couple of attacks targeted all top players. Maersk for example, number 1 in the world lost $300 million. Hackers managed to shut down their cloud services used to book shipments and just killed their revenues.

In essence, they were operating critical infrastructure that was badly protected, and the industry insiders had little awareness about cyber. It was pure gold for the attackers, and I fear that space will be next.

This is precisely what I want to avoid. I'm trying to convey to the space industry that we don't want to be next. But we're heading there. We are operating more and more assets, handling more and more sensitive data, and we're poorly protected. At least, the commercial and institutional missions.

Ransomware gangs love critical infrastructure. Do you think cybercriminals might try deploying ransomware on satellites?

Ransomware is one of the most likely cyber threats for the space industry. If you're operating a constellation of satellites that provides users' a service, shutting them down kills your revenue. And then you are just on your knees. So, ransomware would be a typical tool for hackers to deploy against space players.

A common misconception is that the satellite in orbit is the prime target. But bear in mind that all the attack vectors are coming from the ground. There is no alien in space that will go and lock your satellite. This means that all the threats come from satellite design, development, testing, integration, assembly, transportation and launch. And mission control of course. But all on the ground.

Once the satellite is in orbit, you can reach it because it is connected via radio frequency or optical link. But if your secrets have been leaked, or your code has been tampered with, this happened on the ground. The only way to reach an orbiting satellite is to go through the ground segment.

The satellite is just the tip of the iceberg, we need to protect the entire lifecycle of the mission.

More from Cybernews:

Cyberattacks in Ukraine raise concerns under the Geneva Convention - Microsoft's president

Hackers breach Rosatom, Russia’s state nuclear energy corporation

Russia vs Ukraine: is big tech choosing sides?

A sophisticated Chinese hacking tool evaded attention for a decade – research

A simultaneous breach: dealing with two ransomware groups on the same day

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked