Last week, Switzerland-based CYSEC announced it had extended its seed round by 4M Swiss francs ($4.3M) to 7M Swiss francs (~$7.5M). Founded in 2018, the company creates “confidential computing” products designed to harden highly sensitive data used in clouds, data centers, and at the “edge.”
The fintech-focused cyber startup plans to use new funds to expand into two target markets: cryptocurrency and edge computing, which includes space. The company participated in ESA’s incubator program, and more recently, launched its first-gen embedded system on SpaceX’s Transporter-3 mission.
We spoke with Mathieu Bailly, CYSEC’s VP of space, about the trials and tribulations of building end-to-end security systems for new satellites and spacecraft. NB: The following interview has been edited for length and clarity.
You say that “satellites are built to last, but aren’t built with security in mind.” Mind elaborating?
Historically, space engineers have focused on reliability and durability—maximizing the service life of satellites—often at the expense of security. Think of satcom buses, for example, getting very profitable once they have passed their expected life duration. The same engineers have been asked to develop new space missions which require a radically different approach as the exposure to cyberattacks has increased dramatically. New space missions in particular have shorter lifespans, with less constraints on durability, but much more on security. Hence the need to change the paradigm in the approach of developing spacecraft.
When and why did you decide to make space a target market?
CYSEC was founded in 2018, and back then, was focusing on fintech. I decided to join the team when I realized that the thousands of satellites to be launched and valuable data collected would make space a paradise for cyber criminals. We took part in the ESA incubator program, where we performed extensive market research that clearly confirmed there was a need to be addressed, particularly in the new space segment.
From a technical perspective, what does it take to extend your core competency—secure, confidential computing—to space? What extra steps do you have to take?
Securing mission control software and handling telemetry/telecommand (TMTC) data on the ground is not so different from securing crypto-trading software. However, securing on-board software and data required developing an embedded version of our product, capable of running on all popular architectures used by satellite manufacturers and operators. The first generation of our on-board product was launched on Jan. 13 with the Transporter-3 mission. We just managed to successfully communicate and will begin testing shortly.
Why is it harder to secure space compute/data processing than assets on Earth?
On-board security is more challenging just because space is challenging to start with. Then, you add the complexity security mechanisms with a minimum impact on all budgets available on board and without adding risks to the mission. We spend a lot of effort explaining to space engineers that security is here to help, to contribute to the success of the mission, and does not aim at making their lives more complicated. Security should be seen as an enabler to the business case and should help convince clients that the service is resilient and sustainable by design. There is a lot of education to be done in the space market.
What is the status quo of infosec for satellites and in-space assets today? What is the threat landscape/surface like?
Operating space assets require a complex, distributed architecture. There is an orbital system, (or even a lot of them), a mission control center, a cloud infrastructure, a ground stations network, and sometimes, terminals on ground. There are usually two links, one for the TMTC data and one for the payload data, potentially doubling the complexity. That makes a large attack surface with many potential entry points for an attacker.
So far, only governments have been able to afford the security solutions offered by a handful of historic players. However, these solutions are lightyears away from being to fit the needs of smallsat, LEO, new space, and commercial missions, which tend to be a lot less mature in terms of security. That’s the case for two reasons: 1) There is a lack of expertise within these teams and 2) there are no products available off-the-shelf. This is where we are trying to help.