Much of the world’s critical infrastructure depends on the space infrastructure, including satellites, ground stations and data links at national, regional and international levels. If cyber-attack was to compromise any of these assets, the consequences could be disastrous for our safety and economic development.
Space infrastructure has already been the target of cyber-attacks. In 2014, hackers breached the National Oceanic and Atmospheric Administration (NOAA)’s computer network. Because of the attack, NOAA stopped providing satellite images to the US National Weather Service and services were taken off for two days while the systems were cleaned.
Space infrastructure is especially vulnerable to cyber-attacks. Many different links need to be protected and taken into account, from space infrastructure (satellites, ground stations, data links) to the human element and the processes and standards of the mission preparation, operations, and control.
However, when we talk about security for space, there isn’t any one-size-fits-all strategy. Security considerations must be addressed throughout the entire development and operations cycle.
Being aware of the risks from early stages of system and software development is vital for building secure infrastructure. The European Union Agency for Network and Information Security (ENISA) recently recommended that companies and EU institutions adopt a “security by design” mentality for their products and services.
“Cybersecurity should not only be seen as a negative obstacle but as an opportunity to promote a new generation of products and services that are made and or delivered with security by design as a central component,” said Udo Helmbrecht, Executive Director of ENISA.
There is indeed a trend in the space industry to introduce security protocols from early stages of system and software development. For example, the European Space Agency (ESA) advocates for the use of a Cyber-Range, which facilitates experimentation, evaluation of early prototypes and design verification testing. Experts can analyze and examine cyber-attack technologies under realistic conditions.
“Space missions have a distinct type of security needs. The Cyber Range allows to simulate the different attack scenarios and to come up with response plans accordingly,” states Stefano Zatti, Head of ESA Security Office.
While designing secure systems is vital, human error remains the biggest weakness for security. IBM revealed in its latest Cyber Security Intelligence Index that an astonishing 95 per cent of all security incidents involve human error ̶ from following links to phishing scams to visiting bad websites, enabling viruses and falling victim to other advanced persistent threats.
ESA is currently using its Cyber-Range at the ESA European Space Security Centre (ESEC) in Redu, Belgium, to train to equip staff with the tools and knowledge to recognize and respond to cyber security incidents. The ESA Cyber Range creates realistic scenario simulations ideal for hands-on training in cyber risk awareness, incident management and cyber forensic capabilities.
So far, more than 70 employees received hands-on training on cyber awareness and incident response and forensics. More courses will follow in the coming months.
Read more about security for space in OPENSPACE magazine. Subscribe to read the full story and many more.