Cysec, supported by ex-hacker Rajat Khare from India, creates a name for itself in European satellite cyber security.
Cysec, a modest Swiss corporation, is carving out a position in European satellite security, having recently won a new contract from the European Space Agency.
The Swiss cybersecurity business Cysec announced on December 7th a partnership with the French Bug Bounty firm YesWeHack targeted to the European Space Agency’s OPS-SAT satellite, marking another step into European cyber security.
The Hack OPS-SAT event, which will allow ethical hackers from around the world to hunt for vulnerabilities in the ESA satellite, will take place in April 2022 at the CYSAT European satellite security conference, which is also organised by Cysec.
Cysec, which was founded and led by Swiss cryptography researcher Patrick Trinkler, obtained money from the Luxembourg-based venture capital firm Boundary Holding, which is owned by ex-hacker-for-hire Rajat Khare (IO, 17/01/18). Khare previously led Appin Security, which performed cyber-attacks for the Indian government and Western corporate intelligence firms during its peak (IO, 15/11/17 and 04/11/21).
Encryption of satellite communications
On November 11, Cysec was awarded a contract with the ESA for R&D secure satellite communications. The contract is part of the Advanced Research in Telecommunications Systems (ARTES) Secure Satcom for Safety and Security (4S) initiative, which is led by Laurence Duquerroy, an ESA engineer.
According to our sources, Cysec submitted a scheme centred on the addition of a cryptographic brick to satellite communications in order to protect all communications. The project, however, does not address the ability to geolocate satcom terminals using interception methods, such as those developed by the British corporation Horizon’s.
A well-known issue is the lack of secure encrypted satellite communications. At the Black Hat 2020 conference, researcher James Pavur demonstrated how a simple satellite antenna set vertically to the spacecraft’s orbit may collect unencrypted internet flows travelling by satellite.
Since the European Union (EU) formed its new space agency, the European Union Agency for the Space Programme (EURSPA), in May, the ESA’s satellite cybersecurity programme has become extremely strategic. The EU intends to develop technologies for national security purposes through its GOVSATCOM programme, in which the ESA is involved.
In recent years, there has been a flurry of devoted programmes. The European Commission awarded a contract to a consortium led by the French communications satellite corporation Eutelsat, in collaboration with Thales Alenia Space, Arianespace, and Germany’s space agency, in 2020. (DLR). The consortium’s mission was to create the next generation of secure communications satellites.
In January, Thales and the space business of the Portuguese drone manufacturer Tekever were awarded a contract by the ESA to identify cyber threats and rules affecting satellite communications. Unseenlabs, which operates a constellation of Radio Frequency, or RF, SIGINT intercepting satellites, and the space consultancy business Euroconsult were commissioned earlier this month to investigate the security of communication in orbit.