Cybersecurity has not been historically a priority for space engineers rather focusing on maximizing the lifetime of satellites. Today the situation is changing as thousands of satellites capable to collect and transmit sensitive data are being launched, raising deep concerns about their resilience against cyberattacks.
Aside from developing its own end-to-end data security products, CYSEC is organizing CYSAT in Paris on April 6-7th, 2022, an European event entirely dedicated to cybersecurity for space. Its purpose is to raise awareness among space engineers about the cyber threats space infrastructures are facing, to share common experiences among satellite operators and to learn from security professionals: researchers, companies, and ethical hackers.
The idea of including a live hacking demonstration on a flying satellite became reality thanks to the support of the European Space Agency (ESA) making its satellite OPS-SAT available to ethical hackers. OPS-SAT is a CubeSat of the size of a shoebox that was launched in 2019 to be a “flying laboratory”, i.e., a testbed to try new technologies around mission control and onboard satellite systems.
The Hack CYSAT challenge is looking for ethical hackers to show CYSAT participants how they can attack the satellite and then recover it. Everyone can participate: space and security professionals but also students, academics, CTF players, etc Proposed scenarios can target the flight computer onboard, the operating system, the various payloads available like a camera, a GPS, and Attitude Determination and Control System, a software-defined radio, etc. Only the mission control and ground segment are out of scope since the access to the satellite will be granted to the 3 selected teams able to participate.
“We’re asking people to do, in a controlled environment, exactly what we don’t want to happen in real life. It’s an exciting opportunity to engage with and learn from the best minds across Europe, using one of ESA’s most exciting new missions.” said Davis Evans, OPS-SAT spacecraft manager:
The goal of Hack CYSAT is primarily educational, to show space engineers concretely how hackers work and what damages they could do on a satellite, but also how an attack can be detected, remedied, and eventually prevented.
“Hack CYSAT is a fantastic opportunity for the space community to understand how hackers think and operate. Our goal is to raise awareness about cyber risks on satellites and promote a modern approach of “security-by-transparency”, similar to what other verticals managing critical infrastructures and sensitive data are implementing” added Mathieu Baily, VP Space at CYSEC and organizer of CYSAT
CYSEC has the support of the ESA and YesWeHack, a French company specialized in bug bounty. The call for ideas is open until January 31st, 2022 at hack.cysat.eu.