The French defense and electronics industrialist Thales has just won two juicy contracts around the computer security of the second generation of the Galileo program, this constellation of navigation satellites. This represents for the industrialist the tidy sum of more than 60 million euros. He is now in charge of all “elements related to security and resilience” of the program. In fact, Thales had already won the infrastructure security supervision contract in May, and the system security specification and design contract in April.
SOC and post-quantum encryption
Specifically, Thales will design and qualify the security operations center (SOC), a “very complex” structure given the nature of the Galileo constellation. In addition to its 4 billion civilian users, the satellite navigation system operates a government signal, dedicated to sensitive military-type applications. Set up with the Italian Leonardo group, the solution must be able to automate incident response and network flow monitoring, while being “able to store a significant number of data.”
The other major security project is related to the development of encryption solutions resistant to quantum threats, a reference to quantum computers whose computing power should be sufficient to easily break current encryption algorithms. One of the new encryption algorithms developed by the company and partners, Falcon, based on “mathematical problems that are more difficult to solve, even for a quantum computer,” she assures, has already been retained by the US administration.
Lionel Salmon, the cybersecurity director of Thales space systems distinguishes two types of threat against space systems. First of all the attacks on the ground system, finally quite classic. And then those directed against a satellite system. “If the latter falls, it can have potentially great consequences,” he explains to ZDNET.fr .
The interruption of service, however, could not be the most interesting effect. Its alteration could be even more valuable for an attacker, especially in the case of a navigation system such as Galileo, for example by distorting the location data provided by the system.
The computer attack that targeted the European KA-SAT network a year ago, attributed to Russia, recalled the security issues around space systems, even if this hacking had targeted the service and not the satellites themselves. However, a report from the University of Oxford indicated that the latter could well be the weakest link.
These satellites, with increasingly complex information technology, can remain in orbit for more than a decade, with limited update possibilities. They are thus not flawless, as Thales had recently proved, which had managed to take control of a demonstration nano-satellite of the European Space Agency during an offensive security exercise.