Space Bits

Responsable Cybersécurité pour le CDE à Toulouse

Le Commandement de l’Espace recrute un Responsable Cybersécurité pour Toulouse. L’annonce est sur :

Les missions du poste sont :

– de conseiller et d’assister les états-majors, directeurs de projet, officiers programme et équipes spécialisées sur les questions relatives à la cyber sécurité spécifique au milieu spatial

– d’analyser et de critiquer les documents de sécurité relatifs aux projets spatiaux

– d’assurer un niveau de synthèse de la situation au profit des autorités de l’armée de l’air et du commandement cyber

– d’identifier les impacts technico-opérationnels des incidents et des mesures prises sur les segments sol ou bord spatiaux

– d’analyser les menaces potentielles à court, moyen et long terme et de proposer les solutions de repli et défense pour chaque système en activité

– de participer à la recherche et au traitement relatif aux modes opératoires adverses

– de mener et de réaliser des audits de sécurité des systèmes d’information sur des systèmes et technologies très variés et de maitriser les environnements data center

Missions Responsable Cyberdéfense au CDE Toulouse
Space Bits

SpaceX software team AMA on Reddit

Some members of the SpaceX software team run an AMA on Reddit just after the Demo-2 flight.
Two members of the team specifically represents cybersecurity (Jeff Dexter) and fault tolerance and safety (Wendy Shimata) but there is understandably not much on cybersecurity in this AMA (ITAR and general prudence preventing it).

The whole thread is on Reddit r/spacex and I have extracted some quotes after the break.

Space Bits

CLS Helps Rescue Hijacked Fishing Vessel

CLS, a subsidiary of CNES, has a press release reporting how they helped rescuing an hijacked fishing vessel (and its 18 fishermen crew) in the waters of the Ivory Coast thanks to its FishWeb service harvesting localisation data from various satellite systems or payloads.

I have added the press release below.

References Space Bits

Hack-a-sat Library

The US Department of Defense has published a collection of satellite hacking resources on GitHub to support Hack-a-sat: the Hack-a-sat Library.It includes papers, videos, websites, etc.

Well done!

Space Bits

Cyber risks related to ship tracking using satellite communications

A recent Cybermaretique blog’s article “L’ agence spatiale européenne finance la recherche sur les risques liés aux systèmes de positionnement par satellite“(fr), mentions an ESA contract related to cyber risks and solutions to mitigate ship tracking using satellite communications. CYSEC won the bid and has more information on the press release. Olivier‘s article gives more pointers on the subject (like Rivieramm coverage) and previous incidents.

Go read Cybermaretique for all cyber risks related to the maritime world. Thanks Olivier!

Space Bits

Space Force videos

Deux salles, deux ambiances

Pardon my French. I like them both.

Space Bits

HackASat (3/x) has small updates on HackASat challenge : in an article titled “Hundreds of hackers sign up for chance to break into a DoD satellite“, Sandra Erwin reports, quoting Dr. Will Roper from Air Force, that more than 900 participants have registered for the qualification phase.

Space Bits

IAC 71st goes cyber

71st IAC 2020

71st International Astronautical Congress was scheduled this fall in Dubai. Due to COVID-19 outbreak, the event has been replaced by a virtual one and is now called the 71st International Astronautical Congress – The CyberSpace Edition and will take place during 12 – 14 October 2020. Dubai will now how the 72nd International Astronautical Congress.

Program is not yet available but the paper selection has been made according to the original schedule (at least for the cybersecurity session I co-chair). This year, the Cybersecurity session (Cyber-security threats to space missions and countermeasures to address them) will be part of two symposium :


Let’s hope the program will allow presenters to attend.

Space Bits

Space Security Challenge

As a follow up to previous post, the Space Security Challenge or Hack A Sat (HaS) has a website. Although DEFCON 28 will be virtual this year (DEFCON Safe Mode), the Final event / challenge (“Hack a Sat Capture The Flag” hosted by the virtual Aerospace Village) will happen in August and the qualification phase is ongoing (registration closes May 24 and qualification event starts May 22).

Workshops on satellite will also be organized in August.

Rules edited by the Air Force Research Lab are availble (pdf) :

The top 10 teams will be requested to submit a “Qualification Event Technical Paper” describing the solutions for 5 challenges solved during the qualification. Papers will be reviewed by the organizer before a formal invitation to the Final Event (online) is sent to the team. 8 teams will participe, 2 will be on standby.

The Final event is composed of a new CTF (FlatSat) followed by an On-orbit challenge for teams with all the FlatSat challenges solved. A technical papers will also be requested at the end.

Each entrant must include at least one U.S. citizen or permanent resident. Official Government entities are not eligible (that makes two reasons preventing foreign space agencies to participate to this U.S. challenge).

I like the disqualification rules :

– Utilizing or engaging in Denial of service against other competitors is strictly forbidden
– All patches to open-source software must be made available according to open source license guidelines
– Any vulnerabilities discovered in open-source software must be made available to the public via a public disclosure process
– No physical coercion or intimidation is allowed
– Any acts of sabotage, tampering, misuse, attacks, or use without consent of the contest organizers property, contest infrastructure, equipment, software, or items that pertain to the contest that are outside of the contest environment are expressly forbidden

Of course, the usual disclaimer alerting participants of monitoring and interception are in the document. Publicity (disclosure) will also be part of the deal.





Content from HackASat published with permission.

Space Bits

Air Force’s orbiting satellite at DEFCON 2020

This Wired story from 2019, September describes the road taken by Air Force to decide to offer an orbiting satellite for “testing” by hackers at DEFCON 28.

After a F-15 fighter last year, Air Force will enable a select number of researchers to evaluate the security of an orbiting satellite from an attacker perspective. At the time of writing of the article the satellite targeted was unknown.

On December the 12th, released an update but the satellite was yet to be chosen, according to Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics. Internal Air Force project name is “Hack-A-Sat”, public one will presumably be “Space Security Challenge”.