From 30 November to 2 December, the Satellite Applications Catapult, in partnership with the British High Commission to Australia, hosted three workshops on Cyber Security in Space.
These workshops sought to encourage Australian and UK businesses to engage on a number of cross-sector challenges, to develop an awareness in Cybersecurity, and to highlight the opportunities that this area presents in the International Space Sector. Experts from leading organisations discussed topics of interest followed by smaller group facilitated discussions with our distinguished speakers from:
155 companies from Australia and the United Kingdom registered for these three workshops and, through facilitated discussions with experts in the field, companies were able to gain knowledge of cross-sector opportunities in the UK and Australia.
The event resulted in a large number of follow up discussions for collaboration between the UK and Australia. This would not have been possible without the support of our sponsors at the British High Commission and the Australian Space Agency.
If you have any questions following on from these events, please contact firstname.lastname@example.org or if you are a UK company looking for further information about entering the Australian market, please contact Lachlan at email@example.com; if you are an Australian company looking to enter the UK market, reach out to Caitlin at Caitlin.Gheller@fco.gov.uk.
Scroll down to view the event recordings for all three sessions, plus the Q&A.
This session provided context to the workshop series by describing the current global space-cybersecurity conjunction, the types of threats that the space sector faces, and the implications of a ‘do nothing’ approach.
Following on from the scene setting in the previous session, this segment explored national and international strategies to mitigate cyber related risks and create an understanding of the respective roles of government and industry in developing space-cybersecurity capacity.
The final session in the series aimed to identify joint UK – AUS pathways that can be exploited to build cybersecurity capacity in respective space infrastructures. We closed the series with a networking session to help join the right people to the right people from both countries.
Does the nature of cybersecurity mean that cross-nation collaboration is difficult, and how do we overcome that?
Rajiv Shah: The nature of space and cyber security means that collaboration across nations is critical – no one nation can solve all the problems and have all the relevant expertise itself. It needs to be done in a way that builds trust and transparency eg common standards, full visibility of supply chains etc, and between nations with shared values and philosophies.
How secure do you think our current space assets really are? Particularly those which may be 10+years old?
Rajiv Shah: Probably not as secure as we would like them to be! This is especially true for older systems – look at the problems of legacy systems on Earth running old unsupported versions of Windows, and then think how old some of those space assets are. This means we need to use systems thinking, how do we build resilience around these assets that we can’t easily upgrade or replace, but in a way that can reduce the risks and/or impact of them being subject to a cyber attack.
Where do small sats come in? Are they inherently more secure because of signal strength or do they present their own problems?
Rajiv Shah: Small sats are a risk and an opportunity. Simplicity and a more focussed target user base and transmission/reception area can help improve security by reducing the potential attack surface. However the rapid development and build cycles mean they main not go through the same rigorous review and assurance process typically used for larger space systems developed over many years.
Do the skills exist in the marketplace to deliver secure satellite systems – especially now we are launching so many small satellites around the world?
Rajiv Shah: The skills probable do exist, but are dispersed – different people have different skills that need to come together, and no one country has all the answers. We need collaboration, and also need to nurture and train those with the right aptitude in order to build the skill base.
Do you think it will ever be possible to eliminate all risks from complex supply chains? If a nation really wants to hack can we really stop them?
Rajiv Shah: We will never be able to be 100% secure; but we need multi-layered defence to make it as difficult as possible for an adversary, to have monitoring in place to detect those that get in, and response and recovery plans to deal with attacks that we don’t detect and stop in time.