Strong and reliable communication is a key part of the space industry. From the signals that make global satellite navigation work to the data we collect from Earth-monitoring missions, space telescopes, human spaceflight and planetary exploration, everything has to be transferred and stored securely – including the news in ESA’s website.
And these data must be available to those who need it, uninterrupted, any time.
ESA also has to ensure that assets, far more valuable than a web page, are kept secure, such as the ground systems, data centres and networks that support the real-time operation of space missions and services, which are increasingly critical for the daily lives of European citizens.
It’s a risky world
Most organisations are vulnerable to attacks on their data or networks in some way – often through the Internet, but also through radio signals or other ways. Some will be generic attacks targeting typical weak spots, while others may be specifically directed against a vulnerable node.
Telecommunications may be interrupted, with signals being ‘jammed’, or satellite navigation system signals could be replaced with incorrect data, known as ‘spoofing’.
Europeans rely on space every day
Each year, Europe is becoming more reliant on satellites, and space-based applications are now utterly critical to the large and growing range of services on which our citizens and economies depend.
These range from navigation, broadcasting and weather forecasting to monitoring the health of our planet’s climate and the conditions of land, oceans and inhabited areas.
ESA is working to boost cybersecurity not only within the Agency but also across Europe’s space sector, helping make spaceflight more resilient to attack and accelerate the integration of space systems and services with the terrestrial economy.
“ESA has the responsibility to protect the interests of its Member States within the space technology domain, ensuring an adequate level of protection for each space system and guaranteeing the continual availability, the integrity and the confidentiality of the information,” said Massimo Mercati, heading ESA’s Security Office.
ESA takes action
Accordingly – and because most cyber incidents happen due to initial human error – ESA has established a cyber training range at the European Space Security and Education Centre (ESEC), Redu, Belgium.
“At ESA we have a range of important responsibilities for our networks and data – and it is vital that these are not interfered with in any way, they remain available to those who need them and that private information is kept private,” said Martin Ditter, Head of ESEC.
The range provides training and testing for its own employees and partners, and aims to develop knowledge in awareness, detection, investigation, response and forensics to counter cyber attacks specific to space systems.
Cyber resilience demonstration
On 6 November 2019, ESA experts from ESEC joined counterparts from 11 European countries and the European Defence Agency in Finland to provide a full demonstration to media that simulated a cyber attack and the response needed.
During the simulation, hosted at Helsinki’s House of the States, members of the European Cyber Ranges Federation displayed what it takes to ensure that civil systems remain secure.
“Cyber resilience is one of the security measures ESA has identified and prioritised within the Agency’s Cyber Security Policy. The technology and expertise ESA is developing within this area are contributing to a secure environment and to developing secure systems, duly certified and accredited,” adds Mr. Mercati.
Data from space is central to everyday life, and it is essential these are kept safe from any kind of disruption.
“Cyberattacks are things we must be prepared for, and must also be able to recover from quickly,” adds Mr Ditter.
Proposals aimed at strengthening ESA’s cybersecurity and resilience will be proposed at Space19+, the meeting of ESA Member State ministers, to be held later this month in Spain.