The vital role that space plays in the day-to-day operation of individual, scientific, economic, and sovereign government activities is no longer disputed. In recent years, digitization and the arrival of many “new” players have greatly changed the ways an orbital system is designed, constructed, launched, operated, and used in a geopolitical context where there are all kinds of conflicts and tensions.
It was, therefore, more recently that we were able to gauge the consequences of our dependence on space services, infrastructures, and systems, especially by observing the sharp increase in the volume and complexity of cyberattacks targeting them.
Today, the strategic importance of space is widely recognized, including by malicious actors capable of exploiting its vulnerabilities, as several recent incidents have demonstrated. It is now clear that our space systems can no longer be protected by their isolation or by technology exclusive to a few organizations. These new threats require an appropriate response.
- Interim President and CEO of CNES
This is why CNES, in addition to the measures it has already taken for many years, has decided to take a number of proactive steps to head off this ill-defined and dissymmetric threat.
We are certain that this is how we can improve our space cybersecurity practices, strengthen France’s position in this field, guarantee that the support we lend to our institutional and industrial partners’ space activities is effective and relevant, and take the space sector to the highest level
Guides
These guides, written in association with our industrial, institutional, and academic partners, represent the first building block: the recommendations they present accompany the new Space Operations Act and, thanks to your contributions, prepare our future activities, both specific and sectoral. It is therefore essential that these collections of best practices live and evolve to meet the challenges that compel us.
-
Hygiene Guide - Orbital Systems Cybersecurity
PDF - 9,0 Mo
-
Hygiene Guide - Launch Systems Cybersecurity
Coming soon
Normative Library - Space Cybersecurity
| Risk analysis | The entire process enabling the identification, evaluation and treatment of risks. |
|---|---|
| Authenticity | Principle guaranteeing that the data and information exchanged are genuine and not falsified, throughout their life cycle. |
| Authentication | According to ANSSI, authentication is a mechanism involving two distinct entities: a prover and a verifier. The prover seeks to prove their identity to the verifier by demonstrating knowledge of a secret piece of data such as a password. The verifier must be able to ensure the validity of the prover's identity by checking the accuracy of the password. |
| Supply chain | Concept bringing together all suppliers, as well as techniques, services and tools enabling the timely supply of the products necessary for an organization to develop, or make available, a good or service. |
| Value chain | Concept consisting of representing an organization as a chain of interconnected activities which each develop a more or less strategic and important value for the organization as a whole. |
| Confidentiality | Principle ensuring that data is only accessible to those whose access is authorized. |
| Cyberattack | A coordinated set of actions carried out in cyberspace that target information or the systems that process it, and undermine its availability, integrity or confidentiality. |
| Cybersecurity | The state of an information system capable of resisting cyberattacks and accidental failures occurring in cyberspace. |
| Availability | Principle guaranteeing access to data or information. |
| Cybersecurity Hygiene Guide | Collection in the form of a guide of all the best practices applicable to organizations or individuals in order to ensure the security of information systems against cyberattacks. |
| Homologation | Approval makes it possible to identify, achieve and then maintain an acceptable level of security risk for the information system in question. Approval is issued by an approval authority for an information system before it is put into operational service. |
| Incident | An unexpected and unintentional event that could be or lead to operational interruption, disruption, loss, emergency, crisis or accident. |
| Integrity | Principle for controlling and ensuring the reliability of data and avoiding or detecting any modification or alteration. |
| Menace | A threat is a situation or event that may cause harm or injury to a person, organization, system, or property. A threat can be characterized by its type (natural, human, or environmental) and/or its cause (accidental or deliberate). |
| Space operator | As defined in the 2008 Space Operations Act (LOS), a space operator refers to any natural or legal person who conducts, under their responsibility and independently, a space operation. |
| Space operation | As defined in the Space Operations Act 2008 (LOS), space operation means any activity consisting of launching or attempting to launch an object into outer space or ensuring control of a space object during its stay in outer space, including the Moon and other celestial bodies, and, where applicable, during its return to Earth. |
| Organisation | An entity or structure that brings together a group of individuals and aims to achieve specific goals (financial, military, political, etc.). For the purposes of this guide, the organization designates the entity responsible for implementing the identified best practices. |
| Risk | An undesirable situation or circumstance that has both a probability of occurrence and a potential negative impact on a project. |
| Backup | Set of measures aimed at protecting people, property, public health and the environment. |
| Logical security | All the technical, organizational, legal and human resources necessary to protect information systems against threats and vulnerabilities (excluding resources implemented for physical security). |
| Physical security | Safety measures to protect against bodily injury and damage to an organization's property. |
| Segment liaison | All communication links between systems in orbit and ground infrastructures. |
| Segment sol | Part of an orbital system, located on the ground, which operates, controls and monitors the element(s) of the space segment. |
| Segment spatial | Part of an orbital system, placed in orbit, allowing the objectives of the space mission to be fulfilled. |
| User segment | Person or system using the service provided as part of the mission carried out by the orbital system. |
| Orbital system | For the purposes of this guide, the orbital system is the set consisting of one or more space objects, the associated equipment and facilities and also includes the actors involved in the value chain, in operation, as well as those involved in the supply chain, during the upstream phases. For the purposes of the launch systems cybersecurity hygiene guide, the orbital system excludes launch operations and associated actors (launchers and launch base). |
| Space system | As defined in the 2008 law on space operations (LOS), a space system is the assembly consisting of one or more space objects and the equipment and installations associated with them to fulfill a specific mission. In the case of a launch operation, the space system is an assembly consisting of the launcher, the interfacing launch base, including the tracking systems (networks of ground stations and satellites), and the space object to be launched; In the case of an airborne launch operation, the space system is an assembly consisting of the airborne vehicle, the interfacing carrier aircraft, including the terrestrial, aerial or satellite means for tracking and controlling the stages for the backup mission; In the case of a control operation, the space system is an assembly consisting of the space object and the interfacing ground segment. |
