CS Notes

07 Space Cybersecurity, OT Security, and Final Insights

Apr 18, 20258 min read

This final training session delved into the specifics of cybersecurity challenges unique to the space domain, provided a practical case study on securing Operational Technology (OT) networks, and offered concluding insights reinforced by a “war story” highlighting fundamental security principles.

Cybersecurity in space (CyberPeace Builders / CyberPeace Institute)

This presentation contextualized space infrastructure, outlining its vulnerabilities, the relevant governance landscape, and offering advice for briefing leadership entities like the European Space Agency (ESA).

European Space Agency (ESA) Overview

Established in 1975 and headquartered in Paris, ESA comprises 23 member states. It operates critical European space infrastructure, including the Galileo navigation system, the Copernicus Earth observation program, and the Ariane launch vehicles. ESA’s core mission is to shape Europe’s space capability development and ensure continued benefits for citizens globally.

Interdependencies, Importance & Challenges

Space infrastructure underpins vital global services, including communications, GPS (timing and navigation), military operations, aviation safety, and financial transactions, making it critical for national security and economic stability. However, as highlighted by agencies like ENISA, it faces unique cybersecurity challenges.

Ground-to-satellite communications are vulnerable to threats like spoofing (providing false signals), jamming (disrupting signals – often considered EW but potentially involving cyber components), and malware targeting ground or space segments. Unique challenges exacerbate these risks:

  • Long Lifecycles: Systems often operate for over 20 years, complicating regular patching and updates.
  • Physical Access: Satellites are difficult or impossible to access physically for upgrades or repairs.
  • Ground System Exposure: Ground control stations, data links, and user terminals remain susceptible to common terrestrial IT threats.
  • Legacy Protocols: Many systems rely on older, potentially less secure communication protocols.
  • Militarization: The increasing use of space for military purposes raises the stakes and likelihood of hostile actions.

International Governance & Treaties

While specific space cybersecurity regulations are still developing, several international treaties form the existing governance backdrop:

  1. Outer Space Treaty (1967): The foundational framework prohibiting weapons of mass destruction in orbit and establishing principles for peaceful exploration and use.
  2. Liability Convention (1972): Establishes state liability for damage caused by space objects.
  3. ITU & Spectrum Management: The International Telecommunication Union governs radio frequency use, crucial for satellite communications, aiming to prevent harmful interference.

Cybersecurity for space assets is also an increasingly prominent topic in forums like the UN Open-Ended Working Group (OEWG) on Cybersecurity.

Tips for Briefing ESA Leadership

When presenting policy recommendations concerning space security, especially in a crisis context like the 9/12 challenge, consider the following:

  • Stay Focused: Tailor recommendations to ESA’s perspective, offering credible, strategic, and implementable options.
  • Timeframes: Structure proposals into immediate response, short-term actions, and medium-term strategies.
  • Coherent Narrative: Weave together scenario details, intelligence, and context to build a compelling story that links the technical threat, policy urgency, and geopolitical situation.
  • Balanced Tone: Project assertiveness in addressing the threat while maintaining diplomatic caution, acknowledging ESA’s civilian role in an increasingly militarized domain.
  • Holistic Approach: Recognize that a robust response likely requires collaboration beyond ESA, involving entities like NATO, the EU, national agencies, and the private sector.

OT Network Security: A Practical Example (Monti Stampa Furrer & Partners)

This presentation used a case study to illustrate the process of analyzing and securing an Operational Technology (OT) network, highlighting common vulnerabilities and a structured path to improvement.

Initial Analysis & Information Gaps

An initial network topology diagram often lacks crucial details, such as a clear legend, definitions for different network segments, specifics on wireless communications, and identification of “floating” assets discovered via scans but not documented. Client discussions typically reveal further critical information: the types of networks present (e.g., Office IT, External Operational, Internal Operational), the status of network hardware (e.g., unmanaged switches in OT zones, core switches running vulnerable firmware without filtering), and insecure practices (e.g., old shared WPA2-PSK passwords for operational Wi-Fi). Identifying key assets like Primary PLCs/Controllers and SCADA Servers is also vital.

Identifying Security Gaps

Combining diagrams with client insights often reveals significant security shortcomings:

  • Poor IT/OT Separation: Lack of clear demarcation and buffer zones (like an IDMZ).
  • Flat OT Network: Insufficient internal segmentation, allowing easy lateral movement for attackers.
  • Insecure Wireless: Use of outdated protocols and weak authentication.
  • Vulnerable Firmware: Devices running known exploitable software versions.
  • Dual-Homed Assets: Devices connected to both IT and OT networks, creating risky pivot points.
  • No Traffic Monitoring: Lack of visibility into network flows hinders detection.
  • Poor Inventory Management: Incomplete knowledge of connected assets.

Why These Risks Matter in OT

OT environments face unique consequences from cyber incidents. Most attacks originate in IT networks before pivoting into OT, as demonstrated by incidents like Industroyer2 targeting Ukrainian power grids. A summary report to the client would emphasize findings like incomplete documentation, insufficient IT-OT separation enabling lateral movement, flat OT network structures facilitating pivoting, risky dual-homed assets, and generally poor security management practices (lack of hardening, patching, vulnerability management).

Six Key Security Principles for OT Networks

Securing OT networks requires a structured, multi-layered approach based on key principles:

  1. Asset Inventory & Categorization: Maintain a comprehensive, continuous inventory of all devices, detailing type, OS/firmware, criticality, usage, ownership, and network services.
  2. Device & System Hardening: Reduce the attack surface through physical security, patching, proper privilege management, access controls, and secure configurations (e.g., disabling unused ports/protocols). This is challenging in OT due to uptime requirements, legacy systems, and safety constraints.
  3. IT-OT Network Isolation: Implement a dedicated Buffer Zone (Industrial Demilitarized Zone - IDMZ) as the sole connection point between IT and OT. All traffic should terminate in the IDMZ, using secure methods for necessary data exchange.
  4. OT Network Segmentation: Divide the OT environment into isolated segments based on risk, function, or location using firewalls or other controls (e.g., following the Purdue Model or similar architectures).
  5. OT Network Segregation: Define and enforce strict communication rules between segments using filtering mechanisms like firewalls or data diodes. Visualize flows to ensure policy compliance.
  6. Defense-in-Depth (DiD): Layer multiple security mechanisms (filtering, IDS, application whitelisting, PAM, segmentation) assuming individual layers might fail, thereby providing redundancy.

OT Security Maturity Assessment & Framework

Assessing OT security maturity helps manage operational risks and meet compliance requirements (e.g., NIS 2). This process requires OT expertise and leverages standardized frameworks like NIST CSF. Frameworks like the MSF OT Cybersecurity Blueprint and MSF OT Measures Framework provide structured approaches, categorizing specific controls by priority (Basic, Robust, Advanced) across People/Process, Technology, and Time dimensions. Real-world regulations, like Switzerland’s revised StromVV for electricity suppliers, often mandate specific standards (based on frameworks like NIST CSF) and maturity levels depending on the criticality of the infrastructure, with defined transition periods and compliance monitoring.

Cyber 9/12 Strategy Challenge Training Session (Falk Heger)

This concluding part offered final thoughts, reinforcing key lessons through a “war story” and summarizing practical takeaways.

War Story: The Importance of the Basics

Understanding attacker capabilities is crucial. Threat actors can be categorized by capability and motivation, ranging from LOW (activists, opportunistic attackers using commoditized tools) and MEDIUM (organized crime, activists using bespoke methods) to HIGH (state actors, advanced crime using sophisticated techniques like zero-days) and VERY HIGH (state actors with extensive resources using cutting-edge methods like supply chain attacks).

An example attack chain targeting a satellite control system illustrated how basic security failures enable compromise:

  1. Initial Access: Gained via physical access, perimeter weakness, or phishing.
  2. Exploitation: Leveraged misconfigurations, system weaknesses, weak passwords, and a flat network.
  3. Privilege Escalation: Exploited readable passwords, excessive data access, AD misconfigurations, and poor hardening.
  4. Lateral Movement: Utilized default/reused passwords, relay attacks, and insufficient password protection.
  5. Outcome: Resulted in control of the satellite system, domain dominance, persistence, and data exfiltration.

The key takeaways from such incidents are profound: even seemingly simple systems can become high-value political targets, and the specific system compromised is often less important than the fundamental failures in basic security controls that allowed the breach. Therefore, being brilliant at the basics is paramount. This includes robust governance, thorough environment understanding (asset management), supply chain risk management, effective awareness training, strong IAM, diligent vulnerability management (patching), reliable anti-malware, network security (segmentation), continuous testing, incident response planning, and reliable backups. Resources like NIST publications (IR 8401, IR 8270) and BSI guidelines offer further guidance.

Random Stories and Key Take-aways

  • Communication is Key: Cybersecurity incidents and policy ultimately involve people. Effective communication, especially by leadership during a crisis, is vital. Consider the human impact.
  • Regulations Evolving: Regulatory approaches are shifting towards being risk-based, proportionate, and multi-disciplinary, encompassing the supply chain. Understand which layers regulations address and consider creative parallels from other domains.
  • Security as an Enabler: Frame security positively – not just as a cost center, but as a critical enabler of trust, resilience, and new business capabilities. Consider the varied impacts (positive/negative risk) of regulations on different stakeholders.
  • Logistics in Crisis: Remember the human element. During high-stress incidents, ensure the logistical needs and well-being of the response team are addressed (“Let my people go surfing”).

Graph View