In this interview series, we put a spotlight on key individuals guiding the future of Axelspace. This interview highlights Hiroshi Sasaki, Chief Information Security Officer(CISO), as the seventh member to be featured. He addresses the importance of balancing business agility and challenges with the protection of critical societal infrastructure among other considerations.
*Check here for other members interviews
Hiroshi Sasaki / CISO
He started his career developing industrial control systems at a Japanese manufacturing company. After working there for 14 years, he transitioned his career to information security with the aim to commercialize industrial cybersecurity. Ever since he has been actively engaged in raising awareness and proposing solutions for security by giving lectures and writing both Japanese and international articles. He is also a CISSP certification holder. He has been contracted to provide information security operations at Axelspace since December 2021 and is currently the Chief Information Security Officer (CISO) at Axelspace Holdings.
Applying industrial cybersecurity knowledge to satellites business
As a child, my curiosity spanned a multitude of interests rather than being confined to a specific field. Space has been one of the stronger interests I had to a point where I bought astronomy yearbooks, and majored in astrophysics in my junior year of university.
After graduation, I worked for a company where I was involved in the development of factory control system devices for 14 years. I switched to McAfee in 2012 when industrial cybersecurity was still in its early stages. Critical infrastructure protection (CIP) was beginning to draw attention at that time because of cyber attacks on Iran’s nuclear facilities. That was when McAfee was looking for security professionals with expertise in control systems.
My encounter with Axelspace was back in 2022, when I participated as a member of the expert committee for the “Guidelines on Cybersecurity Measures for Commercial Space Systems” established by the Ministry of Economy, Trade and Industry (METI). Ryuichi Kokubo, current Co-CTO of Axelspace, was also participating as a committee member, and this encounter led me to work with Axelspace as an external partner to support their information security. As I gradually deepened my understanding of the new societal infrastructure Axelspace is building through satellite solutions, I decided to take on the role of CISO with a strong belief that my expertise in industrial cybersecurity could contribute to satellite businesses and its societal infrastructure.
How to maintain the balance between security and business growth
My main mission as CISO is to “realize proactive information security,” intending that information security shall not be perceived as a cost center and is instead an investment for improving corporate values. To realize this mission, I take initiatives from the four perspectives of 1) scalability, 2) automation, 3) monitoring over restriction, and 4) protection and incident response.
Even if policies and guidelines are well-established with meticulous details, this may increase problems and risks if they are ineffective or have a large gap with the actual business operations. Additionally, excessive access restrictions and security protections can also hinder business’s agility, capacity to take on new challenges, and ability to create more value.
The goal of security is the reduction of business risks. What’s important is not to blindly formulate rules but to maintain the balance between cost and risk reduction by checking whether risks are actually reduced. We strive to balance security and business growth by gaining a deep understanding of the business and selecting the most effective measures to address the risks we have identified.
For example, when there’s internal fraud, we consider early risk detection and log trail acquisition through monitoring before restricting employee activities. In response to increasingly complicated cyberattacks in recent years, we have been working on strengthening not just defensive measures but also incident response since it is difficult to completely prevent cyberattacks.
Many companies, including ventures and start-ups, tend to take a passive approach towards information security, viewing it predominantly as a cost center.
While Axelspace is a start-up, we are also a societal infrastructure provider. Therefore, ensuring safety through security measures is tied to our corporate values and business growth. We believe that security measures should be prioritized especially in startups, and we aim to realize “proactive information security.”
Differences in security measures between space and non-space companies
Due to the nature of handling satellites as a societal infrastructure, Axelspace is required to implement significant countermeasures. Interestingly, the core principles behind these measures align closely with those implemented by larger corporations. Despite budgetary and resource constraints typical of a space startup with just over 150 employees, our compact size serves as an advantage, enabling us to swiftly and efficiently implement optimal countermeasures. A prime illustration of this is the rapid integration of security automation
Creating a system to strengthen the space industry
In the future, I would like to establish a security platform for the Japanese space industry. With digitalization and networking being normalized, it is difficult to ensure security of the entire supply chain if individual companies only continue to take their own measures.
This is where Axelspace shines. Leveraging our comprehensive expertise across all stages of the satellite solution life cycle, we have the capability to construct a standardized model for security measures that spans the entirety of the life cycle. Furthermore, we believe that expanding this model to the whole industry would serve as a collaborative effort in strengthening Japan’s space industry.
In my mind, the company vision, “Space within Your Reach,” is interpreted as “the realization of a platform supporting secure space solutions.” I believe that securing safety and peace for digital devices is crucial to realizing a world where people perceive satellites as accessible technology.