Salus Security Bulletin - Issue 7

Welcome

Welcome to the 7th edition of Salus – RHEA Group’s cybersecurity newsletter. Since our last edition, the need for all organizations to be cyber secure has become ever more urgent. Space systems have been increasingly targeted by cyberattacks. New commercial satellite constellations, which support a variety of commercial and military services – communications, data transfer, Earth observation, reconnaissance, positioning, navigation and timing – are not spared, and face increasing risks from exposure to sophisticated cyber threats.

Over the next 10 years, nearly 25,000 satellites will be launched into space, generating US $1.2 trillion in retail trade and more than 500,000 petabytes of data. This development illustrates the shift in dependency from terrestrial networks to the space segment, and the potential economic and data security risks associated with the vulnerability of these systems.

This issue is discussed by Robert Mazzolin, RHEA’s Chief Defence, Security and Technology Strategist, in conjunction with CIGI, in a short video on The Strategic Military Importance of the Space Domain. It really is worth a watch!

Contributing to the European Cybersecurity Community Project

RHEA is one of 13 cybersecurity stakeholders from the public and private sectors contributing to the European Cybersecurity Community (ECCO) project, which has been established to support activities to develop, promote, coordinate and organize the work of the Cybersecurity Competence Community. In doing so, RHEA will capitalize on its experience as a leading stakeholder for the ECHO project (the European Network of Cybersecurity Centres and Competence Hub for Innovation and Operations).

The ECCO project is being led by ECSO, a not-for-profit membership organization. The project falls within the framework of the European Cybersecurity Competence Centre (ECCC) and its network of National Coordination Centres (NCCs). The ECCC was established under an EU regulation published in June 2021. The aim of the ECCC is to increase Europe’s cybersecurity capacities and competitiveness, working together with the NCCs to build a strong cybersecurity community.

Announcing the news, ECSO highlighted that the project will strengthen Europe’s industrial leadership in cybersecurity and increase its global competitiveness, in addition to supporting the resilience and reliability of networks and information systems.

RHEA’s activities related to ECCO will be supported by RHEA’s new European Cybersecurity Centre of Excellence, whose unique pool of expertise will provide key support to the European cybersecurity ecosystem.

Find out more about the ECCO project

Cybersecurity and the New Space Market

Within the New Space sector, space systems need to be secure both on the ground and in space. Today, cybersecurity engineering is integrating new requirements due to the digitalization of space systems. This is important for industry as they must follow the regulations produced by the Cybersecurity Satellite Act in 2022, introduced by the USA.

The commercial space market is now providing cheaper access to space, allowing organizations to launch smaller rockets with satellites of all different sizes and mission types, e.g. Earth observation, telecoms, and positioning, navigation and timing (PNT). New spaceports are being developed across Europe and globally, with Cornwall in the UK and Djibouti in Africa leading the way in launching these commercial rockets, with several more planned to follow this year.

To achieve these important milestones for the space sector, the safety and the security of the satellites, and above all, the data in transit for users’ applications is paramount. Cybersecurity for space provides the capacity to identify the potential weaknesses of any system and the software used in the workflow of data. Thanks to new technologies, such as quantum and artificial intelligence, our engineers are combining all the requirements needed to support the space activity of the New Space economy.

Read the paper by Roberto Mazzolin, RHEA’s Chief Defence, Security and Technology Strategist, on Responding to the Cybersecurity Challenges of the New Space Environment.

RHEA Installs Cyber-Range at University of Ottawa

RHEA Group’s cyber-range solution CITEF is now installed as part of the University of Ottawa and IBM’s cyber-range: a fully immersive, interactive and experiential learning facility that will enable advanced research and training in cybersecurity and cyber safety.

The University of Ottawa/IBM cyber-range has been developed to provide diverse organizations with greater access to state-of-the-art technology to build cybersecurity resilience across Canada. Through immersive learning and practice, students and professionals will learn how to better protect themselves against cyberattacks.

Located within the University of Ottawa Cyber Hub, the cyber-range will deliver critical security innovation, training and expertise in both official languages (English and French) to help grow Canada’s skilled cybersecurity workforce across government, industry and academia.

The cyber-range is equipped with cutting-edge technology and assets for cybersecurity testing, planning and training, including:

• 30 stations equipped with iMacs where training and simulations take place
• Latest IBM security software and services, like IBM's Security Information and Event Management (SIEM) QRadar, IBM Security Orchestration, Automation and Response (SOAR), IBM Security? QRadar? SOAR (formerly Resilient?) and IBM Guardium?
• RHEA’s CITEF solution for technical simulations includes:
• - Installation of RHEA’s out-of-the-box scenarios
• - Creation of customized scenarios
• - Training professional services
• A diverse scenario library that can be accessed online and in person
• Technologies that allow for the creation of an exact clone of your organization’s network and operational technology assets.

The facility is expected to open in 2023.

Learn more about RHEA’s cyber-range

Teaching Cybersecurity: Predicting the Unpredictable

Europe faces a severe shortage of cybersecurity skills. This not only presents an issue for economic development, but also for national security. The European Commission, through the European Union Agency for Cybersecurity (ENISA), has launched several actions to address this problem including a European Cybersecurity Skills Framework (ECSF) that aims to create a common understanding of the roles, competencies, skills and knowledge that Europe needs. 

Yohann B. Bauzil, Senior Space Program Manager at RHEA Groupe France, has been teaching cybersecurity at universities and engineering schools for 10 years, including the French IT and engineering school 3il. He explains how cybersecurity training works at this level and how it is changing.

Has the way of learning cybersecurity changed? 

Cybersecurity can be addressed from a cyberattack or a cyber defence perspective. 

The growth of cyberattacks has forced businesses and government agencies to reinforce their cyber defences, and so for many years training focused on cyber defence strategies. But today, the focus has shifted from cyber defence to cyberattack, as the rise of ethical hacking shows. Companies are using ethical hackers to explore an organization’s security system and find vulnerabilities. 

The young generation is much more interested in learning from a cyberattack perspective, even though it is still crucial to learn cyber defence strategies. They need both. 

Tell us about this new generation of future cybersecurity experts  

In the last 20 years, IT has dramatically changed. The students I am teaching were born in 2000, so they have grown up in a digital world. That is why they are well aware of digital security issues. 

Things are evolving so quickly that we need to prepare them for tomorrow’s cyber threats without knowing with any certainty what they will look like. Predicting the unpredictable is a great challenge in teaching cybersecurity. 

Read the full interview with Yohann Bauzil on the RHEA website

European Space Conference – Securing the Future of Europe in Space

One year ago, the 14th European Space Conference took place a month after the successful launch of the James Webb Space Telescope and the mood was, for the most part, buoyant. Soon afterwards, however, the global geopolitical situation changed significantly when Russia started its invasion of Ukraine.

The ramifications of this hostile act pervaded the entire European Space Conference this year, putting the spotlight on European autonomy, the security of space assets both in space and on the ground, the benefits of joint civil-defence missions and the need for greater agility in projects across the space sector to address all of these issues.

As part of RHEA's presence at the 15th European Space Conference, Pascal ROGIEST, RHEA’s Chief Strategy Officer was a panellist in two separate sessions. In ‘Space as a driver of sustainability – a Digital Twin of the Earth and the Ocean’, he joined a panel of senior space personnel where he commented: “There is huge amount of data available, but we need the right data available for the end user. This includes data from the ground systems. We must also ensure the digital trust of the information through end-to-end cybersecurity.”

He also took part in the panel session ‘Cyber dialogue: Securing the space assets, services and value chain’, where he joined senior personnel from the European Space Agency (ESA), the European External Action Service (EEAS), the EU Agency for the Space Programme (EUSPA) and Leonardo.

Please read RHEA’s wrap-up of the 15th European Space Conference.

RHEA Canada in the Media

During January, RHEA gained a lot of media attention thanks to Canadian journalist Nicolas Pelletier, who visited Belgium for a series of reports on cybersecurity approaches, advances and challenges in Europe and Quebec.

During his visit, he interviewed Pascal Rogiest, Chief Strategy Officer, in Belgium, and Daniel Giasson, Executive Director, Security Services and Solutions, in Gatineau, to find out why the Canadian city wants to become a cybersecurity hub for Canada and how it has the right companies and capabilities to achieve this.

The result was media coverage across TV, radio and the press. To listen to the interview, please visit Radio Canada or Ohdio.

RHEA Sponsors CYSAT 2023

Date: 26-27 April 2023

Venue: Hybrid – Station F, Paris (France) and online

For the second year, RHEA Group is sponsoring CYSAT – a dedicated cybersecurity for space event. At this event, experts will discuss how to ensure the confidentiality, integrity and availability of space data against cyber threats: a new challenge as satellites have historically been designed to be reliable but not necessarily secure.

Recent trends such as software-defined satellites, usage of commercial off-the-shelf (COTS) components, in-orbit reconfigurations, intelligence on board, quantum technologies etc. are making space assets and data more and more vulnerable to cyberattacks. CYSAT aims to bring together the space and IT security communities to build a European ecosystem capable of responding to the current and future challenges faced by the European space industry.

During the conference, which takes place in Paris on 26-27 April, RHEA will be hosting a 30-minute keynote speech and a 30-minute demonstration of RHEA’s CITEF cyber-range solution.

Find out more about CYSAT 2023.

European Cybersecurity Centre of Excellence achieves environmental certification

RHEA's new European Cybersecurity Centre of Excellence (ECCE) in Transinne, Belgium, is being developed to the highest environmental standards, and has been awarded the Building Research Establishment Environmental Assessment Method (BREEAM) 'Excellent' certification by BRE.

This reflects our commitment to contributing to a secure and sustainable society – in every aspect of our business.

Watch our short video above to discover more about this approach and our commitment to sustainability.