Description

Objective: The objective of the activity is to develop a space centric framework for cyber information exchange, a threat and vulnerability assessment tool, and sets of reference security blueprints for future product implementations. Targeted Improvements:The immense majority of attacks use known security breaches: this framework will help defuse at least 85% of common attacks. Description:There is a growing need to increase the cyber resilience of space systems supporting critical missions in the areas of crisis management, surveillance, and key infrastructures. To ensure an efficient protection in terms of confidentiality, integrity and availability, it is crucial for any cyber strategy to cover the security pillars of technology, people, processes and environment all together. This will boost the cyber-readiness of the industry. With a scope limited to satellite communications, the activity objective is to gather the critical building blocks for a common understanding of cyber, to federate relevant stakeholders and to enable the development of preventative countermeasures at technological and administrative levels. The cyber resilience framework will cover the following three pillars: 1. Exchange - Space cyber threat intelligence platform; 2. Analyse Space threat and vulnerability framework; 3.Implement - Common security blueprints for space systems and their components. For the first pillar the activity will study how the European satcom stakeholders can be brought together in a common forum to exchange satcom cyber intelligence; increase their awareness; facilitate assessment; and enhance compliance with cybersecurity standards. Following the Space ISAC approach, the study shallsurvey the relevant stakeholders, identify the best governance model, define a list of resources and services to be offered in priority by the platform, and propose an implementation roadmap. The second pillar will develop a common knowledge base of cybersecurityrisk management and of adversary tactics and techniques adapted to satcom ground and space segments. For that purpose, existing frameworks such as MITRE ATTCK and NIST IR8270 will be used as a starting base. A self-assessment tool will be produced for the industry to evaluate their cyber security risks in an easy and comprehensive way.The third pillar will address the topic of cybersecuritycertification for satcom systems and shall be inspired by ENISA's candidate EUCC scheme, based on the Common Criteria framework. Building on top of the 2nd pillar framework, it will identify relevant satcom components, such as user terminals and gateways, and develop preliminary sets of security requirements. The blueprints shall be developed for future use and tailoring in commercial/governmental satcom projects.This activity is fully in line with the safety and security pillar of ESA Agenda 2025. In order to promote the use of security standards across the space industry and help start-up and SMEs to offer trusted products and services, software shall be delivered under an ESA Software Public Licence (Type 2).