Cybersecurity in the Era of Space Exploration

Hi everyone. It's a pleasure to be here. Um I'm Ben Simon and I would like to uh tell a story about cyber security in the era of space exploration. Um some of you may have uh already checked my bio. You may have uh understood that I I'm in the cyber security field since 21 years right now. And I'm a really really a strong uh fan of uh space science what space science. Um so uh the occasion to talk about both subjects within the same uh um situation that's that's great. Uh you may have uh also the the following questions. Why should we take care of cyber security in space exploration? I mean those guys are

really intelligent. So that's already that should be already in place. Of course the answer is not is a bit far from that. So let's understand while how we use the cyber the the the space technologies um and then we go through those risks. Uh first of all we are highly depending on those technologies those space technologies. Let's say for example the artificial satellites we use them for to observe earth uh to communicate you know internet high bandwidth internet all around the globe because yes the globe is not flat the earth is not flat so uh defense science research and even navigation you know those GPS glonas all those services so we are highly depending on

those solutions that physic ally stay on the space and um those solutions are complex. In order to fully understand what those risk are uh we need to understand some key elements. Usually we uh the those space systems are architecture in four pieces. The space segments, ground and user segments and those link segments that interconnect those ones. Those system must be integrated all of them and they are complex such as propulsion systems, communication systems, scientific instruments. Um also we need to know that usually we had or in the past we had those nation state agencies okay that did a great great job. Uh but now we have the new space. So privatization of the space is concrete right now. And

uh uh we saw last week the first private space walk okay of the history. So the privatization of the space is really something that concrete that is right now. So because all of that that we should um try to find the risk that those technology are exposed to. So first of all any IT OT traditional issues risks okay um that cyber that um that space industry um um live with those risks and but there is also some um a specific risk to that industry. The main risk um is the supply chain. So uh when in 2021 some people were uh warning about anti- uh anti-satellite missiles there were an risk analyszis on what kind of threats that bring to the space

industries and basically the answer was well if we have a constellation of satellites we don't care so much about those anti-miss anti-satellite missiles but the real threat for the industry is supply chain And there is also another one the life cycle. So come on we do have in space some satellites that are still operational and um was elaborated in the age of the first um the first computer security program back in 1972. So and then there is even AI in space you know that's a requirement for autonomous vehicles autonomous missions and we need to take care of the future risks with quantum computing for example so now we understand the situation maybe we should ask for do we

have guidelines do we have standards okay what are those best practices well all of them are quite quite recent. Some of them are even only considering some of those four segments and not the full spectre and um and yeah so those space centric cyber security standards are either lacking to recent um and in some countries like US the cyber the the space industry is even not recognized as critical industry. So they are complex. We are highly depending on those solutions. What are those risks? So I've chosen to uh to show you two kind of threats effective threats and I've started and I've selecting one of them in regards to the user and crowd segment. Why I've chosen one? This one because it

started with a 90 vulnerability and it finished with a war just one hour after exploitation of that vulnerability. Okay, so this is concrete and war is war. The second one is an exercise, a red team and blue team exercise that European Space Agency um um initiate in 2023. So again, that's really recent, right? So those fake uh um malicious guys, the red team was able to gain access to the satellites. The satellite was built in order to have such exercise, right? And those guys were able to modify the picture that the satellite was taken from Earth, okay, of Earth and was able to either remove some of those pictures or modify them. So let your imagination run wide and understand

the potential threats if that kind of satellite was a military satellite or imagery satellite for let's say your next um harvest. This is a joke of course. So you should ash of course and sometimes in the ash we add some salt but in space salt can be dangerous right. So NASA provided liquid spice various solutions. So of course those solutions come could come from technical aspects uh come also from governance awareness and human processes.

So in order to sum up, we are highly depending on space systems even if they are complex. So we need to of course secure them and um and yeah we are highly depending on them but we still use them. That's it. Thanks a lot.