Canadian cybersecurity firm Dominant Information Solutions Canada (DISC) is working on a new way to help protect satellites as part of a European Space Agency (ESA) program.
The Ottawa-based company, which recently expanded its business on space security and satellite cyber defences, is the first Canadian company participating in the ESA’s Cybersecurity Makerspace program. It will be working alongside German space systems company OHB SE to create new methods and tools to help protect satellites from hacking and disruption by both non-state and state actors.
SpaceQ reached out to Marc Kneppers, Vice-President of R&D at DISC, to learn more about the company, space-based cybersecurity, and the ESA project.
DISC and cyber threats
A glance at DISCโs somewhat sparse website conveys no small amount of mystery regarding the company and its services.
DISC describes itself as a โsecurity companyโ that routinely helps companies in dire circumstances, saying that โin most cases, when you need us, something has occurred that is not good for your business.โ A quick glance reveals very little information about their methods and tools, with references mostly to โcyber breach and incident response supportโ, along with some legal work in support of their clients.
Notably, DISC is also very clear that they will never reveal who those clients are. Where other companies might have case studies, DISC only says โdisclosure of our clients is something that goes against our corporate policies. We rely on referrals for business.โ
Kneppers said that, yes, thatโs the policy, and that the sensitive situations that their clients find themselves in require that DISC โrespect that privacy and the position they’re in at that time.โ He confirmed that they do work like โincident response, forensics, hardware and software security assessmentsโฆand then niche work like legal support.โ
The company is often called on to provide expert legal testimony, according to Kneppers, though again he couldnโt go into details.
Most of DISCโs personnel are former members of Canadian security agencies, Kneppers said, like DND, CSIS or the CSE. The founder and CEO, Nicholas Scheurkogel, had a fourteen-year career focused on cybersecurity at the Department of National Defence before moving into the private sector. His team are no strangers to the idea of working quietly on serious problems.
Kneppers, by contrast, came to DISC from a career at Telus, where he learned firsthand how much of a challenge cybersecurity can be. He joined Telus in the mid-1990s during the rise of the Internet, and said that he had to grapple with all manner of security issues: โ3G/4G/5G, AI, Enterprise networks, acquired businesses, Quantum Key Distribution, .. the whole show.โ
That time at Telus led to a hands-on education in cybersecurity, and Kneppers said that โwhat may be surprising to some people is that I don’t think I had any significant training in cyber security.โ He said that he took some training courses during his time at Telus, but his hands-on education meant that โthe training was more supplemental than foundational.โ
DISC and security in cyberspace
Kneppersโ does have an advanced degree, however: a Masterโs in Astrophysics. And when Scheurkogel decided to expand DISC into space cybersecurity, Kneppers said he was brought in to โlead that space initiativeโ and to โsee if we could commercialize it.โ
Cybersecurity in space is becoming an increasingly pressing concern. โSatellite companies aren’t talking about the specific breaches yet,โ Kneppers said, but it is happening; not only with satellites as targets but with ground stations as well. Kneppers mentioned โthe ViaSat hack by Russia at the start of the Ukraine warโ as a prominent example, where the ViaSat ground stations were hacked to disrupt field communications during the opening of the war.
Kneppers believed that this wasnโt unique to ViaSat, but was a straightforward exploitation of common VPN vulnerabilities that were โa basic IT problemโฆnothing fancy.โ If it happened to ViaSat, it could happen to others, and could have devastating consequences for space-based communications.
And, in turn, Kneppers said that he has โspoken to companies that gather industry specific intelligence about hacker activityโ that have revealed โan increase of incidents in the space industry.โ Space can often be seen as โa technology domain that feels a bit untouchable,โ he said, yet is โbecoming heavily interconnected and reachableโ, and โwith an increasing number of โnew use-cases with minimal protection.โ
This โreinforces the need for multiple layers of cyber security,โ Kneppers added, one that โrequires peer support and input from critical infrastructure oversight organizations.โ He mentioned Space ISAC as a key point of collaboration, and one that DISC has already joined.
While this is a problem, it also presents an opportunity for cybersecurity companies like DISC. So when when DND put out an IDEaS challenge (Innovation for Defence Excellence and Security) intended to find ways to โdefend and protect satellites from natural and artificial threats,โ Scheurkogel and DISC seized the opportunity to help build defenses against these threats to space-based infrastructure and brought Kneppers on board.
DISC, Kneppers, and Scheurkogel were ultimately successful, and DND agreed to fund the project in 2020. DISC ended up getting their chance to develop a space cybersecurity tool.
Space security eClypse
That IDEaS-funded tool that DISC developed is called eClypse.
Kneppers said that part of this effort to deal with threats to space-based infrastructure needs to be โdetecting space events to contribute to collaborative information sharing.โ Thatโs the role of eClypse. eClypse is designed to be integrated at a hardware level with a satellite, and to carefully watch out for signs of intrusion. The system will perform โcyber intrusion detection on the actual satellite,โ Kneppers said, and then โsends security-specific telemetry to the ground where it can be analyzed by the ground station.โย
According to DISC, some of the signs it looks for can include โalteration of onboard software,โ โhijacking of processors,โ โinstallation of covert software or command & controlsโ and โchanges to critical firmware or onboard software. This is, Kneppers said, โthe kind of information that a collaborative group might exchange as early-warning indicators of breach.โ
Kneppers did not give further details on eClypse, but said that these kinds of tools have to be flexible; that โthe defender’s job is to build very broad defenses that may not be focused on a specific type of attack.โ But though the challenges are somewhat similar to terrestrial cybersecurityโKneppers said โthe differences between space and terrestrial are relatively smallโ in terms of the defenses, there are unique constraints that they face when developing systems like eClypse.
Kneppers noted that โevery satellite has a finite limit of power, space, and cooling,โ and that you always โhave to make the case that the benefit justifies the extra cost and launch weightโ for hardware solutions like eClypse. Even with software solutions, a satellite โcannot afford to be doing a lot of extraneous calculationsโ owing to compute and bandwidth restraints.
The still-in-development eClypse technology received a TRL 6 space readiness rating in early 2024, as well as winning the Airbus Challenge for โBoosting Responsible Commercialization of Spaceโ in October of 2024. In the announcement at that time, DISC said in their release that it will be โworking towards bringing eClypse to a TRL 8 to demonstrate its effectiveness in space.โ
DISC in the ESA Cybersecurity Makerspace
The ESAโs Cybersecurity Makerspace project is intended to โprovide a platform for industry, research institutions, and new entrants to implement, and test small-scale technical activities relevant to the space and Satcom cybersecurity domain.โ
The project is focused on โthe practical evaluation of emerging technologies and methods in areas such as secure communications, AI-assisted analysis, vulnerability assessment, software security, and anomaly detection.โ Kneppers said that the goal was โto create a contract structure that allowed new ideas and new vendors to enter their procurement system.โ
(Kneppers added that any opinions or statements heโd made to SpaceQ were his own, and did not reflect the positions of the ESA.)
This is a solid fit for DISC, and it isnโt a surprise that they sought to get involved. As Canada isnโt part of the European Union, however, some work had to be done in order to have DISC participate in the makerspace.
Part of it was through their collaboration with OHB SE. Kneppers said that OHB will be โacting contractor and project manager,โ as well as โproviding some material related to a production satellite of theirsโ that will be useful for threat assessment. OHB will be the actual ESA contractor, and will in turn subcontract to other companies, including non-EU ones like DISC. Kneppers said that they are โexcited to work with OHBโ on this project, as โit gives us access to their expertise andโฆhigh-end knowledge about satellites.โ
The other key player was the Canadian Space Agency(CSA). Kneppers explained that the biggest reason why DISC was able to participate in the Makerspace was the CSAโs investment in the ESA Advanced Research in Telecommunications Systems (ARTES) program, which allows Canadian organizations to bid on ESA work. So, Kneppers said, they needed to get โan explicit letter of support from the CSA indicating that they approved the use of the money towards the cybersecurity makerspace program.โ Kneppers briefed the CSA on their idea, they evaluated it, and then approved it and sent their approval to the ESA.
With both the CSA and OHB on board, as well as the ESA, DISC could get started on their project.
DISCโs satellite security framework
That Makerspace project isnโt eClypse, however, but a โsatellite threat assessment framework.โ According to DISCโs announcement, their project โfocuses on creating a principles-based threat assessment framework that can be applied across satellite types, from commercial off-the-shelf small satellites to bespoke mission-critical platforms.โ
The framework, DISC said, โanalyzes information flows, identifying potential corruption points in data streams including GPS positioning, command telemetry, and sensor imagery.โ
Kneppers gave more details.
He said that DISC wanted โto threat-model a series of satellites and then see if we could create a generalized framework that would streamline the assessment of security for newly procured satellites.โ To do that, Kneppers said, DISC will โtake two satellites that represent, somewhat, two bookends of satellite maturity and capabilityโ: one purchased from the open market, and one thatโs a customized OHB satellite. โOur work,โ he said, โis to do a threat assessment of each and determine what we think are the top areas of weakness.โ
While these initial assessments will largely be manual, Kneppers is hoping that it can be both automated and standardized to at least some extent, as โwe think that there are similarities across the ecosystem despite the high level of customization.โ He believes that they can create a framework that โis semi-automatedโ and that โgets you to an 80% evaluation of the risk of some new satellite.โ That would benefit a wide variety of builders and operators, and would โopen up satellite procurement to a larger swath of the marketโ by minimizing cybersecurity risks.
โThis Makerspace project,โ Kneppers said, โwill cover the satellite assessment and framework creation and maybe some of the automation, which we can then finish on our own.โ He added that โweโve got the program for a year,โ and that โweโre taking about 6 months per satellite roughly speaking.โ
The two open source frameworks that theyโre drawing on for the evaluations are the American โSpartaโ framework and the ESAโs โSpace Shield.โ Each is a โcatalog of attacker techniques and objectivesโ that are somewhat different in how they approach the threats at various phases of a satelliteโs life cycle, and (Kneppers discovered) very different in how they model an attackerโs desired outcome.
Sparta is more focused on the threat of destruction and degradation, while Space Shield includes data corruption and integrity attacks that could be used for (say) a ransomware attack. Nevertheless, DISC is aiming to incorporate both their framework, so as to provide more effective defences.
The final framework, Kneppers said, could ideally become a report that says โhere are the five areas of weakness, and here are the six things you can do about it.โ But he acknowledged that it may become quite a bit more complex than thatโespecially as the current documentation for the satellites theyโre studying feature โa lot of detailed descriptions about voltages and how things work, but very few descriptions about how to authenticate a command.โ There may be a lot more work to be done, and a lot of needed detail to be added.
Once theyโve finished the year of ESA work, whatever shape it takes, Kneppers said that theyโll โhave the framework,โ and will do verification with OHB engineers โthat weโre on the right track and we have some confidence in it.โ Then theyโll present their results to the ESA, along with some analysis on frameworks like Sparta and Space Shield.
After thatโs done, the goal is to โtake that result and create the automated tool that might simplify the entire process and enable new entrants into space to make good security decisions as they build.โ
How that tool works, and exactly what it does, is something that the rest of us may never learn. In turn, the proof of its effectiveness may be in the intrusions and corruptions that we donโt experience. An appropriate outcome for this quiet cybersecurity company with its secret client list, where every one of those events that didnโt happen may be the best possible proof of a job well done.
From the archives: The Emerging Space Cyberwarfare Theatre โ Space Quarterly Magazine, March 2013