CYSAT 2023 - Priamos' insights

CYSAT 2023 at a glance

On April, 26th and 27th 2023, CYSAT took place at the Station F in Paris. The biggest European event dedicated to #cybersecurity in the #space industry gathered approximately 700 participants, in person and remotely.

Opened by CNES , and besides keynote speeches, panels, and presentations by different actors of the domain, including European Commission and German Aerospace Center (DLR) , the event gave the opportunity to participants to network and share expertise and experience with one another.

Attendees were also able to take part in a tabletop exercise, organised by the Space ISAC supported by CyberInflight , its unique european member, simulating crisis management on a Ground Station as a Service (GSaaS). The Space ISAC managed to create a constructive learning environment with a focus on problem-solving. The three-hour simulation with space security experts, including EUSPA - EU Agency for the Space Programme and our Priamos advisors, highlighted the need for collective defence and threat information sharing in the space industry.

Last but not least, the event was concluded by the world premiere demonstration of an in-orbit satellite hacking, result of a cooperation between 泰雷兹 and the European Space Agency - ESA . An impressive presentation, congratulations!

Key takeaways

After two intense and eventful days, four major takeaways of this edition of CYSAT need to be highlighted.

1 - The war in Ukraine represents a major shift for the space sector.

The role space and cybersecurity have been playing since the beginning of the war in Ukraine led to a major shift in opinion. Indeed, the KA-Sat attack and all the cyberattacks targeting space systems that followed raised awareness among the industry as well as policymakers in the need for cybersecurity in the space domain. The geopolitical context made the case for budget and effort rises in defence in the public sector as well as in the private industry. This also made the case for the #IRIS2 programme, the European Infrastructure for Resilience, Interconnectivity and Security by Satellite.

2 - Anticipation and cooperation are key.

Space missions have a long life cycle, #anticipation is therefore essential. Indeed, what is being built today need to be able to face the threats that will exist in near future. A major issue on that topic is #quantum #cryptography, which is already starting to be implemented in projects today, for instance in IRIS2.

To anticipate #threats and enhance #resilience, actors need to be aware and prepared.?On that point, the tabletop exercise demonstrated what numerous speakers also mentioned in their speeches: cyber threat #intelligence is essential, and information sharing is vital. Anticipating and detecting risks is critical for the space industry. There is therefore a need for information sharing and collective defence as they are the only sustainable way to manage #risks and overcome attacks when they happen. The creation of an EU Space ISAC will be a significant step to facilitate information sharing and cooperation.

3 - There is a need for securing the space segment, securing the ground segment is essential but not enough.

Satellites were not historically designed to be secure. The assumption that the lack of knowledge regarding satellites and how to attack them is outdated and the lack of security on the space segment is a vulnerability and a risk.

Ground segments require more well-known security measures and are therefore usually properly secured. However, so should be space segments, and the awareness is growing on this point such as with projects aiming at #ciphering communication between ground and space segments when it is not already done, or security requirements being imposed by authorities on new projects and mission.

The securing of the #supply chain is also essential to prevent attacks as it is becoming a weak link in space systems. These attacks could lead to the compromission of software and hardware.

Actors – even New Space actors – understand the need for security and the economic rentability of it. Attacks can have devastating consequences and recovering from an attack is expensive. Investing in security is economically worth it, and companies understood this.

Besides, as space is a critical infrastructure, it is essential to keep in mind the potential impact an attack can have on society as-a-whole, including but not limited to the consequences it could have on #communications, #energy facilities, #warfare and therefore national #sovereignty.

4 - “New Space” actors need to find a balance between their constraints and security.

Space used to be all about science and defence. It is not the case anymore with the growing importance of commercial space capacities and the emergence of the so-called #newspace actors.

These actors have different objectives and constraints compared to historical space actors. Therefore, they need to adapt what already exists – namely in terms of security – in order to fulfil their objectives within their constraints, while still ensuring a satisfactory security level.

Conclusion

This event was the perfect occasion for all actors of the domain to #share experience and expertise. Whether it is major companies of the space sector, startups, researchers of representatives of national and European bodies (cybersecurity agencies, space agencies, policymakers), every actor has a role to play in the space domain, and exchanges need to be enhanced among them.

It is also a great reminder that even if a lot has already been done to improve cybersecurity in the space industry, threats are always evolving, and security is a process that needs to be continually improved.?

Warmly thank Mathieu Bailly , Francis Peluffo and the entire CYSEC team for organizing this unique event in Europe. See you next year for #CYSAT'24!

Authors: Delphine Debuire and ???Médéric V. , security expert-advisors

Priamos is an independent cybersecurity advisory company, pure player for #space industry.