HackADay has a “Lessons Learned from a CubeSat Postmortem” article on “KRAKsat Sattellite Mission – Lessons Learned” paper published by the mission team from AGH University of Science and Technology in Cracow, Poland. No crucial error described in the paper is directly linked to cyber, however some are interesting:
- Problems with clearing the flash memory (testing and implementation issues),
- Impossibility to download data from the flash memory by radio UHF2 (different implementations and behaviour of two redundant components). This one particularly highlight the issue we may face with safety measures that requires different implementations but are not done properly. I remember datacenters provider implementing different controllers and software for HVAC and power. I wonder if this is still the case.
- No emergency option to shutdown satellite subsystems permanently. Kind of reverse kill-switch.
- The lack of an own ground station. Ground stations are costly. I wonder what would be the price comparing to the overall cost of a Cubesat mission. Maybe the solution would be to plan for emergency services.
- Inaccurate analysis of the missions requirements. No comment, space is hard.
Others errors are listed as well and interesting : file systems issues (or lack-of fs in this case), data encoding, hard coded parameters, etc.
Considering the context, I highly doubt the contrary could be announced but nevertheless, some bits on cybersecurity at ESA are detailed in this ESA’s publications “ESA practices security” from November 2019.
This general publication perfectly introduces what was discussed at Space19+.
September 30, 2019:
A presentation from ESA on Cyber Resilience from “ESA Cyber Resilience Team” gives us hints on what is ahead for ESA :
December 13, 2019 :
RHEA, has operations at ESA European Space Security Centre (ESEC) in Redu, Belgium (mentioned in the publication) and few news about it :
A New Leading Cybersecurity Operations Center for Space in Europe. Not much said apart from the fact that this CYCS is blending a Cyber range / training center too. In case you were wondering how much could cost a “Cybersecurity Operational Center” (definition required at it looks to be more than a Security Operations Center), the answer is around €37 million. €14 million from Belgium, €10 million from RHEA. More than the previous source.
Actualy this is a very limited press review but I have noted some articles, mainly articles from November 2019 Via Satellite issue published before or after 2019’s Cybersat Summit, all related to Access Intelligence LLC (yeah, that one was easy to find):
The Growing Risk of a Major Satellite Cyber Attack (November, 2019) : comments on Vulnerabilities (Satellite network, supply chain), Small satellites (ground stations and Open Source software- COTS perceived as threats). Vulenrabilities may come from absence of Security Maintenance, weak encryption and old it equipment, few words on Newspace
Different Industries Face Divergent Cyber Challenges (November 15, 2019)
Satellite Providers Stymied by Lack of Cyber Standards (November 14, 2019)
Three trends we see everywhere have also impacts on our cyber posture when it comes to space systems :
– Blockchain : Blockchain: The Next Big Disruptor in Space
– SDN Sat : The Software-Defined Future of Satellites
– IA : Space 2.0: Taking AI Far Out (December, 2019)
Bits on LoRaWAN Security:
LoRa Security – Building a Secure LoRa Security by Robert Miller
Renaud est intervenu pour la COMET du 18/09/2018 : Space’s Industrial Control Systems Security 2nd Edition : IoT Devices Vulnerabilities : Aeronautics and aerospace security.
From a MITRE’s news:
The Space Information Sharing and Analysis Center (ISAC) and National Cybersecurity Center announced on Aug. 26 that MITRE will become the Space ISAC’s newest founding member, joining Kratos Defense & Security Solutions and Booz Allen Hamilton. Scott Kordella, MITRE’s executive director for space, will serve on the Space ISAC board of directors.
The Space ISAC aims to “facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member firms; and to serve as the primary communications channel for the sector with respect to this information,” according to an Aug. 26 press release.
MITRE is known in cybersecurity for many publications and tools among them the not-aging Ten Strategies of a World-Class Cybersecurity Operations Center (pdf, I have seen discussed in some space cybersecurity workshops) and the ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) project.
More on Dark Reading.
Issues like juridiction, forensics and legal use of NASA’s assets are dealt with in few articles: