Latest News

UK Space Leaders Talk Countering Cyber Threats

By Mark Holmes | March 8, 2024
Space leaders talk about cyber threats at UK Space Comm Expo. Photo: Via Satellite

Space leaders talk about cyber threats at UK Space-Comm Expo. Photo: Via Satellite

Farnborough, U.K. — On the second day of Space-Comm Expo in the United Kingdom, cyber and defense dominated the conversations as speakers addressed the growing threat of cyber attacks on space systems and how to counter attacks.

Stefanie Grundner, consultant for the German Federal Office for Information Security (BSI) said the industry has been asking the government for guidance in order to counter attacks on space assets.

“Our big goal is to provide requirements even just for low level forms of protection,” Grundner said. “This is why we started with a minimum requirement document to share with the industry. Satellites used to be custom built. They were big and heavy. Now with the new technologies, and more intense user interactions between ground and space, and the way information is being shared, things have changed. We need to make sure zero trust principles are followed. This is very important.”

Grundner spoke of the importance of information sharing in the industry, and highlighted the work of the Space ISAC in the United States as a great example of this.

“We have to do our homework. We need to create the standards, so companies can meet them. After that, we can come together internationally. The private sector plays an important role as they are driving and accelerating technology. They are also experiencing the impacts of cyber threat, so they have a lot to share,” she said.

Richard Goodall, head of Strategy Cyber Programmes UK for Airbus Defence and Space, said that while there is so much innovation happening in the space industry, security is not always at the forefront. Operators need to be as flexible as possible to respond to a wide variety of threats.

“From a data security perspective, encryption will be a key solution. When something is put in space, the ability to upgrade and keep ahead of the threat is always a challenge. Many of the solutions deployed on the ground are applicable to the space, but not all are,” Goodall said. “There is a challenge around cost. If you look at hardware encryption, it does come with a cost. You need to manage that risk. You are likely to get attacked. You have to accept that, and figure out how to deal with it.”

Goodall admitted for all space companies the attack surface is going to increase, and that cybersecurity here is all about “managing risk.”

Leaders who understand cybersecurity are becoming increasingly important.

“When you get the head of the business that understands the significance of cybersecurity, you have the right culture in the company. When you have that focus, it embeds into the culture of that company. You need to get buy-in at that level,” he added.

Goodall also believes it is incumbent on big players such as Airbus to help small to medium-sized businesses and others in this area.

He added, “I think big industry can help a bit. They will see some of the challenges in which they operate. They have a responsibility to help smaller SMEs. It is not free to build in security from the outset. Big companies have a responsibility here.”

Sharon Lemac-Vincere, associate professor for the Hunter Centre for Entrepreneurship at the University of Strathclyde provided an academic perspective. The university in Glasgow, Scotland, will be offering one of the first ever space cyber courses for executives in the U.K.

“Entrepreneurs needs to think about security by design. We think it is nationally important to do this course. You need to have a common language between space and cybersecurity,” she said.

Lemac-Vincere spoke of the need for disruption and not just following the crowd when it comes to standards.

“We need some disruption,” she said. “The market is agile enough. What kind of standards can we make? I would turn it upside down. Why we can’t we be more ambitious with frameworks? Why do we have to use the formulas that are already there? Academia needs to engage with industry. For us, we don’t want to be doing research that has no impact. We want to help take the conversation forward.”

Arne Matthyssen, chief technology and innovation officer of RHEA Group said from a technology perspective, the raft of new technologies which could be used by nefarious actors, are also part of the solution.

“All of these emerging technologies like artificial intelligence are enablers to help counter threats. With quantum key distribution, the goal is to actually make encryption so strong that it can’t be hacked by a quantum computer. AI can be a threat, But, we can also use AI in advance of the threat,” Matthyssen said. “I want to see these technologies as a positive thing. It is not a doomsday scenario.”