NewSpace: new frontiers and new challenges for cybersecurity

NewSpace is the trend towards private initiatives intended to relaunch and accelerate the conquest and exploitation of space. The most prominent companies are American, led by SpaceX and Blue Origin. France is also home to a number of new players, including Opus Aerospace.

At Opus Aerospace, we design, develop and manufacture launchers and spacecraft to accelerate space exploration. As part of our drive to make space more accessible, Opus Aerospace takes an interest in every constituent part of space missions.

The company is developing solutions for its ground segment, its engine test benches, its control and command environment and its trajectory and fallout simulators. And while sending a launcher to orbital altitudes is our central mission today, we are already thinking ahead to the satellite services that will be required. We are also thinking about the data they can be used to collect, relay or enhance.

All the solutions being developed are backed by a range of information systems: office automation tools, PLCs, SCADA, sensors, actuators, IoT, the cloud, electronic cards and chips, digital and analogue telecommunications, 3D printing (for the engine in particular), and so on. Our space adventure is therefore also a digital adventure.

The cybersecurity “CIA triad” is essential for our various operations to be successful: the Confidentiality of our trade secrets and customer data, the Integrity of our manufacturing processes and simulations, and the Availability of our control and command systems and communications during critical flight and orbit entry phases.

Cybersecurity therefore needs to be considered at a very early stage in our research and development and industrial scale-up processes. The challenge is to manufacture cyber-secure space products, and to do that we need to build factories that are designed with this strategic parameter in mind.

This emphasis on cybersecurity is not specific to Opus Aerospace, and today’s space news is peppered with alarm bells:

• Attack on the Viasat ground segment (rebound attack on the administration system of customers’ modems) linked to the war in Ukraine;
• Proof of concept of an attack on an orbiting satellite by the Thales team as part of the CYSAT event;
• Danger threatening the satellite physical layer with demonstrations of satellite destruction by certain competitors.

Some developments in the space industry could also be seen as new opportunities for cyberattackers. Even though undersea cables still carry most of the world’s Internet traffic, new high-speed constellations (One Web, Iris2, Starlink, etc.) will exponentially increase the amount of data passing through space, increasing attack opportunities.

The interconnected nature of these constellations could, if we are not careful, provide channels for the propagation of certain attacks. The cost of a satellite and launching it (less than €1 million) could also provide potentially malicious groups with cheap access to space.

Given our societies’ growing dependence on space-based services, it is clear that a certain degree of compliance will be required of industrial players in the space sector. The new European cybersecurity directive NIS2, which will be phased in from 2024, already contains some of these requirements and considers space to be one of eleven “highly critical” sectors.

It is likely that the European Cyber Resilience Act will also force companies in the space industry to improve the security of products that include digital components, starting at the design phase. This means that it is vital for NewSpace companies to factor in the cybersecurity aspect from the outset, ensuring they produce cyber-by-design space tools.

The dual-use aspect of the space sector – with the military’s growing need for space-based tools to plan and conduct their operations – is also a major advantage in terms of raising the cybersecurity bar across the entire space industry, commercial and military. French space commander General Philippe Adam recently wrote in the Revue Défense Nationale that he was paying very close attention to denial-of-service, hijacking and takeover attacks. He also called for greater cyber resilience.

It is against this demanding backdrop that companies in the NewSpace sector must focus on their cybersecurity if they are to meet the requirements of governments and their military and civilian customers.