Space is critically important for our society, economy and security. Both space data and space-enabled communications are central to our everyday lives, making space systems a primary target for cybercriminals.
Pascal Rogiest, Managing Director of RHEA System Luxembourg S.A. and RHEA Group’s Chief European Institutions Officer, explains the context of space security as viewed by the European Space Agency (ESA) and European Union (EU), and by RHEA from our unique position as a leading provider of both cybersecurity and space engineering and solutions.
In the 2020s, space systems deployment, space data and communications are growing in importance every year, as witnessed by the huge growth in satellite launches. In the decade up to 2018, about 2,300 satellites were launched. In contrast, it is predicted that in the following decade from 2019, an average of 990 satellites will be launched every year. That growth is being fuelled by both an increasing dependence on space applications and a dynamically changing environment exemplified by the New Space era, which is being stimulated by aggressive private investments. That leads to access to space becoming cheaper, faster and simpler. End-to-end space systems deployment and the adoption of ‘ground segment as a service’ (GSaaS) would both also be possible.
The increased profile and influence of space systems is making them a primary target for cybercriminals. Space products and services are themselves highly valuable, incorporating state-of-the-art processes and precious intellectual property. They are also a target because they provide the foundation for services and applications encompassing telecoms, observation and navigation, and are relied on by governments and defence organizations.
At the same time, today’s focus is on end-user applications, often combining space data and ground assets. Those applications rely heavily on IT ground components and networks, and clouds. Such IT features, as well as the shift to a ground as-a-service approach, are increasing the exposure of space systems to attack. Spacecraft design and development environments are also a potential target, as well as all ground/space communications links.
ESA and EU awareness
Both ESA and the EU are acutely aware of this increasing vulnerability.
From ESA’s perspective, space is contested, congested and competitive – and therefore increasingly visible to threats. Even if the target is a third party, space systems are exposed to collateral damage.
Meanwhile, the EU has expressed concerns that space-based solutions are weakened by insufficient defence against cyber threats, with security confirmed to be a central theme in the European Space Conference in January 2021.
The good news is that a raft of measures is underway to address the problem.
ESA and its ESA Security Office are committed to provide assurance to their Member States and international stakeholders that ESA can develop secure space systems that provide adequate protection in terms of confidentiality, integrity and availability. This is being achieved through ESA’s Security Framework, Regulations and Directives, and through a security agreement with the EU. ESA’s target is a holistic, coordinated approach to security. Practically, this includes ESA’s significant investment in a Security Cyber Centre of Excellence (SCCoE) at ESEC in Redu, Belgium – RHEA is proud to be leading the team developing the SCCoE for ESA. SCCoE will be complemented by ESA’s upcoming Cyber Security Operations Centre (C-SOC).
RHEA believes that cyber should be seen as an enabler of a space-based society, supporting Earth observation, satellite communications and navigation services. That is why our cybersecurity portfolio covers the whole security value chain, with managed security operations centre (SOC) services, security consulting and engineering services and advanced technology solutions.
We also foresee a convergence of cyber and physical security requirements, and our services now cover both. Through these we can provide the 24/7 protection of space assets and of related end-to-end systems that are key components for a sustained, reliable global economy, because cybercriminals can hit wherever, whenever.
Finally, we take the view that anticipation and preparation are vital. Cyberattacks will happen – it is just a case of when, not if. Space services and solutions have to be fully protected now, to ensure we can all use them with confidence in future. This is why RHEA invests a lot in innovation and in building the competences of its people.