Thales seizes control of ESA satellite in first Cybersecurity Exercise of its kind

Thales seizes control of ESA satellite in first Cybersecurity Exercise of its kind by Staff Writers Paris, France (SPX) Apr 25, 2023

The European Space Agency (ESA) challenged cybersecurity experts in the space industry ecosystem to disrupt the operation of the agency's OPS-SAT demonstration nanosatellite. Participants used a variety of ethical hacking techniques to take control of the system used to manage the payload's global positioning system, attitude control system1 and onboard camera.

Unauthorised access to these systems can cause serious damage to the satellite or lead to a loss of control over its mission. Thales's offensive cybersecurity team worked with the Group's Information Technology Security Evaluation Facility (ITSEF2) for this unique exercise, which demonstrates the need for a high level of cyber resilience in the very specific operating environment of space.

The Thales team of four cybersecurity researchers accessed the satellite's onboard system, used standard access rights to gain control of its application environment, and then exploited several vulnerabilities to introduce malicious code into the satellite's systems.

This made it possible to compromise the data sent back to Earth, in particular by modifying the images captured by the satellite's camera, and to achieve other objectives such as masking selected geographic areas in the satellite imagery while concealing their activities to avoid detection by ESA. The demonstration was organised specifically for CYSAT to help assess the potential impact of a real cyberattack and the consequences for civilian systems.

Throughout the exercise, ESA had access to the satellite's systems to retain control and ensure a return to normal operation.

"Thales is grateful to ESA and the CYSAT organisers for providing this unique opportunity to demonstrate the ability of our experts to identify vulnerabilities in a satellite system. With the growing number of military as well as civil applications that are reliant on satellite systems today, the space industry needs to take cybersecurity into account at every stage in the satellite's life cycle, from initial design to systems development and maintenance.

"This unprecedented exercise was a chance to raise awareness of potential flaws and vulnerabilities so that they can be remediated more effectively, and to adapt current and future solutions to improve the cyber resilience of satellites and space programmes in general, including both ground segments and orbital systems." Pierre-Yves Jolivet, VP Cyber Solutions, Thales.

In a presentation on 27 April by Thales experts and members of the ESA team, CYSAT participants can find out more about the attack scenario used in this first demonstration of offensive cybersecurity techniques, tactics and procedures.

Related Links Thales Cyberwar - Internet Security News - Systems and Policy Issues

US sanctions Chinese men linked to North Korean hackers Washington (AFP) April 24, 2023 The United States slapped sanctions Monday on two Chinese men it said laundered money for North Korea's notorious Lazarus Group, a hacking and cybercrime operation. The US Treasury alleged that Wu Huihui and Cheng Hung Man worked from China and Hong Kong to launder virtual currencies stolen by Lazarus operatives through the international financial system, including through the US banking sector, for use by the North Korean government. The Lazarus Group has been operating for more than a decade. ... read more

The content herein, unless otherwise known to be public domain, are Copyright 1995-2023 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.