The European Space Agency Explores Cybersecurity for Space Industry

Cybersecurity for space missions is not optional and should be taken seriously. The barrier to entry for threat actors has significantly shrunk, exposing organizations to attacks from hardened cybercriminals and script kiddies alike.

While Europe’s burgeoning commercial space industry is facing some challenges, the European Space Agency is taking specific steps to boost defenses, such as planning to provide access for organizations to its space cybersecurity operations center (C-SOC), which is currently under development, and providing tools to those in the space industry. In a Nov. 2 keynote presentation at this year’s Software Defined Space Conference in Tallinn, Estonia, I explained some of the immediate commercial challenges for Europe’s burgeoning space industry, and what the ESA is doing to shore up commercial space cybersecurity.

Main Cyber Threats to Space Infrastructure

The main threats that target space infrastructure are not new. In many cases they are well-known threats similar to those we see in many other business fields and in critical infrastructure outside of the space domain. The reason why those are now affecting the space domain so much is mainly due to a dramatic evolution in technology for space infrastructures.

Until a few years ago, space infrastructure used technology that did not exist elsewhere, was extremely expensive, and required special knowledge and insight to understand and attack. This created a high entry barrier for threat actors, and only large, state-level actors had the resources for a successful attack.

The situation has changed dramatically over the past decade. Commercialization is driving the fusion of standard IT technology and software solutions with the space business. That lowers the barrier for both space-based businesses and threat actors, bringing a number of everyday threats from the Internet into the space domain.

A spacecraft, even a small one, represents the most significant investment for companies that want to establish a business around space-based data and services. This is especially true for startups and smaller companies, where the survival of the company is directly connected to the operational availability of the spacecraft. As such, most companies take cybersecurity very seriously and have taken measures to protect their assets both in space and on the ground. These measures include the execution of cybersecurity controls in the ground segment and protection of the communications links by, for example, deploying telecommand authentication.

At the same time, space systems are no longer isolated, but in many cases are fully integrated with other networks such as the Internet to meet business needs. That means cybercriminals and “script kiddies” have access to the space domain, driven by the quick profits to be made through information theft or the ransoming of assets.

Common Vulnerabilities for Space Projects

The most common weaknesses and vulnerabilities targeted are the same as those we see elsewhere in, for example, a financial system. Attackers pick at the whole space system stack, from network protocol and protocol implementation weaknesses, social engineering, application, and operating system exploits, through to sending malicious commands. And now all of this can be automated, significantly increasing the likelihood of a successful attack.

ESA’s answer to this situation is to deploy a solid defense-in-depth security posture, a fully security-certified end-to-end mission ground segment called Ground Operation System Common Core — Multi-Mission Generation (EGOS-MG). All elements of this system will be available to the European space industry under European community license and, if deployed in an appropriate environment, can provide a similar level of protection for commercial ground segments.

This system is complemented with a Space Cybersecurity Operations Centre (C-SOC), deployed at the European Space Operations Centre (ESOC) and the European Space Security and Education Centre (ESEC). C-SOC will start initial operations in 2024 and will provide the ability to detect and act on emerging cyberattacks to ESA’s space system infrastructures. The C-SOC services will also be available to the European space industry.

How Technologies Can Improve Public and Private Space Cybersecurity

Artificial intelligence (AI) and digitalization have a profound impact on space cybersecurity. AI can greatly enhance cybersecurity capabilities related to pattern recognition and automated testing. In the case of the C-SOC, AI will help human staffers to understand which detected anomaly is really a cyberattack and which is a false positive. Machine learning will help the C-SOC reduce the number of false positives over time and detect novel attack patterns that did not occur before.

Likewise, digitalization — in particular, model-based system engineering (MBSE) — has the potential to significantly improve the cybersecurity engineering process for a complex system by allowing efficient threat and risk assessment. For example, the digital model will help system and security engineers to immediately understand the impact of introducing a certain security control (e.g., the encryption of telemetry) on the overall system. It could be that this encryption control requires changes to other parts of the system or updates to the risk assessment that are not immediately apparent.

However, new technologies also bring new threats. AI is particularly vulnerable to cyberattacks in the form of data poisoning. It is essential that organizations that deploy these new technologies are aware of the increased number of threats they allow for.

The ESA Directorate of Operations is currently working with the European space industry to mature these capabilities in a secure manner as part of the ESA General Support Technology Programme (GSTP), which will benefit the ESA and industry alike.