Cyber ​​warfare: how the conflict in Ukraine illustrates the security shortcomings of private satellites

Cyber ​​warfare how the conflict in Ukraine illustrates the security

You will also be interested


[EN VIDÉO] Spy satellites: mission to the land of the stars
Among the satellites placed in orbit around the Earth, several hundred would be spy satellites and this is not science fiction. Their mission is of a military nature, they are vectors with a strategic vocation.

On February 24, the first day of the invasion of theUkraine by Russia, a “failure” struck the KA-SAT satellite located at the constellation of the American company ViaSat. It turns out that the satellite in question (originally designed by Eutelsat) covers Europe for six access providers Internet. It notably serves Ukraine, where users found themselves without a connection after the ground terminals were put out of service. At the same time, in France, the malfunctions of KA-SAT caused Internet access cuts for several tens of thousands of subscribers to NordNet (a subsidiary of Orange). other effect collateral in Germany this time, operators lost manual control of some 6,000 wind turbines.

To this day, ViaSat and NordNet still evoke a ” cyber event which still seems unresolved. However, at the end of last week, General Michel Friedling, who is at the head of the French space forces, officially confirmed that these malfunctions were the result of a cyberattack. Although it has not been officially attributed, strong suspicions hang over Russia. ” The fact that operators and a government communicate on such an event is a first in space », observes Mathieu Bailly, head of space affairs at Cyseca Swiss company specializing in data security for telecommunications, financial services,internet of things as well as space.

On April 6 and 7, 2022, Cysec is organizing the second edition of Cysat, an event dedicated to cybersecurity in space, at Station F (campus for start-ups located in the Halle Freyssinet, in Paris). On this occasion, there will be a hacking demonstration of a satellite by several teams of ethical hackers. This is a first in Europe.

Futura: What do you know of the method used for the cyberattack carried out against the ViaSat satellite? Is this KA-SAT definitely compromised?

Mathieu Bailly: The attack, which began the day of the Russian invasion, focused on endpoint connectivity in Ukraine. We observed on the service curves a sudden drop in connectivity at the moment T when Vladimir Putin declared war. These terminals were connected via this KA-SAT satellite developed and launched by Eutelsat, then acquired by ViaSat in 2021. The attack was targeted at Ukraine, but it caused collateral damage in France and Germany.

the modus operandi exact has not been clearly identified but, from the elements we have been able to gather, security researchers are leaning towards a typical attack denied serviceor targeting the network operating center (Noc) of the satellite or by targeting ground terminals in Ukraine. The consensus that emerges in the community of experts evokes the exploitation of Noc as mirror to relay malicious information to terminals and put them out of service. But this is one hypothesis among others. The satellite itself is not damaged, it just served as a relay. These are the terminals that have been affected and it is possible that they are unrecoverable. What impresses is the precision of this attack.

Do you have concerns about other satellite communication systems?

Mathieu Bailly: Several researchers have highlighted the vulnerabilities of communication satellites which are extremely basic objects from a technological point of view and quite easy to attack. All those who come forward to replace the ViaSat connection in Ukraine, like star link, will potentially be exposed. I also worry about the companies that provide imagery data to Ukrainians and Europeans in general. It is urgent for these actors to review their threat model.

Any operator can launch a satellite without anyone questioning them about the safety of their operations

What impact can this cyberattack have on the European space industry?

Mathieu Bailly: This attack is an unprecedented example given the culture of secrecy that traditionally surrounds space activities. Seeing a civilian operator being attacked, seeing the French space command communicate officially, this should move the lines and place the subject of cybersecurity at the heart of the discussions. With what is happening in Ukraine, it is no longer possible to ignore the cyber threat for a space operator.

What is your vision of the state of security of private space systems?

Mathieu Bailly: Today, any operator can launch a satellite without anyone asking about the safety of its operations, which is incredible given the number of objects moving in orbit low and debris hazards. The distance physical of the satellite creates the illusion of protection against potential attacks. When this is absolutely not the case. It is a connected object, just like in the Internet of Things where it took some time to take stock of the serious security gaps and risks.

We are talking about tens of thousands of satellites in the years to come. Security can no longer be an option, we need a minimum of protection standards: encryption and authentication from telemetries and remote controls, management of cryptographic keys, overhaul of the internal code of the satellites to gain in robustness. It is on these issues that Cysec and the Cysat event that we organize are positioned.

Can you explain the purpose of the Cysat event at Station F next April?

Mathieu Bailly: From a historical point of view, traditional space involves scientific missions launched by large Esa-type agencies, Nasa, Jaxa. There is a news wave in the space industry linked to the arrival of SpaceX which broke the costs of access to space. It radically changed the vision, making some things possible that weren’t possible before. This has fostered the rise of CubeSats and nanosatellites. A new trend dubbed new space to designate space for commercial purposes, either to collect data or to transmit it. Hundreds of start-ups have launched. This poses new risks and issues from a cyber perspective. The United States understood this very early on, in part because of its military approach to space. In Europe, we were a little further behind in this area. Hence the idea of ​​Cysat to bring together the community of computer security researchers and the European space community.

What is the satellite hacking demonstration you are organizing?

Mathieu Bailly: A first satellite hacking competition was organized in the United States in 2020 by the US Air Strength and it was won by a French team. The Cysat 2022 is both a first for the hacking of a satellite in Europe and the first time that a hacking will be done on a device in orbit. In this case, it is OPS-SAT, a CubeSat launched by Esa in 2019 which serves as demonstrator technique to test and validate techniques related to mission control and on-board systems.

We have selected three teams of ethical hackers from around twenty applications from all over the world. The scenarios proposed were very varied, as were the profiles. Finally, we selected a team based in Germany, another in Finland and a third in the United Kingdom. One will attack the satellite camera, the other the on-board operating system and the last will carry out a typical attack ransomware.

For technical reasons related to the number of passages of the satellite in orbit (twice a day very early in the morning or very late in the evening) which do not correspond to the schedules of the conference, the hacking will be done a few days before and the hackers will come to present their work during Cysat.

What are the specific areas in which the security of space equipment must improve?

Mathieu Bailly: Each space mission is unique and we always ask operators what is the most sensitive part. Some need to protect the data connected by the payload, others want to secure the satellite itself because it has been extremely expensive. It is for this reason that we push the approach of security by design, the classic methodology in computer security but which is new in the space industry. You have to be able to ask yourself the right questions as soon as you start designing an architecture. It should be noted that small satellites, which use commercial components and whose technical characteristics are public, greatly facilitate the work of attackers who have access to a great deal of information on the electronics and on-board code. It is then easier for them to make reverse engineering to design their attacks.

Other potential threats come from the ground, at the ground station via which the operator communicates with its satellite(s). We talk about the mission controlof the’computer responsible for receiving satellite telemetry and sending commands. It’s been a number of knots critical to secure. The satellite is the tip of the iceberg in matter space cybersecurity.

How do the major institutional space players (Esa, NASA, etc.) react to these issues?

Mathieu Bailly: The United States is a little further ahead and is in the process of setting standards. In Europe, ESA is becoming aware of the issue. The specifications for new assignments are stricter in terms of safety, the requirements for subcontractors have been raised. Esa participates in Cysat and lends us the OP-SAT satellite for the hacking demonstration. You have to create a ecosystem, an industrial fabric capable of meeting these new needs. It is in this perspective that Cysec positions itself.

Interested in what you just read?

fs1