Security governance needs to be agile and reactive, European GNSS Agency (GSA) Head of Security Stefano Iannitti said at the virtual CYSAT conference, dedicated to cybersecurity for the space industry, which took place in Davos on 17-19 March. Iannitti went on to outline the main threats for a space system and the challenges faced in protecting both the services provided to users and the system itself.
Speaking about the GSA’s experience of space cyber security, Iannitti explained how the Agency monitors such challenges on a daily basis. “To manage cyber security, it is necessary for the right actor to have their hands on the system and to be able to react at the right time. The security governance aims at giving clear responsibility to each layer of the supply chain for that purpose. This governance also includes security assurance processes, internal audits, penetration tests and vulnerability management,” he said.
Evolving threat landscape
With almost two billion Galileo devices worldwide, one of the GSA’s key tasks is to protect the system, enabling it to achieve its full potential to boost innovation for the European economy and its citizens. The GSA Head of Security noted that, given the complexity of both the space segment and the ground segment, there is a wide range of security threats. “Different threats affect different segments and the threat landscape is constantly evolving,” he said.
“Security by design is a key concept,” Iannitti said, adding that this is being applied also in the development of the services provided by other components of the Space Programme, such as GOVSATCOM.
The fact that Galileo sites are spread around the world, often in remote locations, is also a challenge. “With stations spread across the globe, we need to ensure that these are not targets of malicious attacks,” he said, adding that it is necessary not only to protect critical infrastructure, but also the information that the sites contain.
Iannitti stressed the importance of security intelligence: “You need to know your threats,” he said. He made reference to a recent Galileo satellite manoeuvre to avoid a collision, adding that it is important to monitor what there is in space that poses a threat. “The European Union understands this and has introduced the surveillance and tracking component in the space programme. This gives extra support in handling this type of event and in preventing potential collisions,” he said, adding that the introduction of standards would help everybody in the best management of space.
Comprehensive security coverage
The GSA is in charge of ensuring the security of the various components of the GNSS system and, as it transitions into the European Union Agency for the Space Programme (EUSPA), its mandate will expand to cover aspects of other components of the Programme, such as Copernicus along with GOVSATCOM, and potentially also Space Situational Awareness and other initiatives such as the secure connectivity and quantum computing infrastructure that the Union will want to introduce in the Programme. “These are critical systems for the Union and they will have to be protected, especially if they deliver critical governmental services,” he said.
The GSA currently covers all the phases of security provision. The Galileo Security Monitoring Centre is an integral part of the Galileo infrastructure. It monitors and takes action in relation to security threats, alerts and the operational status of systems components. Iannitti said that to close the loop, a security accreditation process is in place. This is provided by the Security Accreditation Board (SAB), which acts independently and is composed of representatives from the Member States, the Commission and the High Representative of the Union for Foreign Affairs and Security Policy.
Regarding cooperation between EUSPA, other EU institutions and the European Space Agency (ESA), he said that different entities have different competences and missions. “EUSPA will be focused mainly on operations and service provision, and security, of course. For the development of the system we rely on ESA, and we work with all the institutions involved to manage the systems. These systems are of strategic importance to the Union and they also need political oversight,” he said.
For more information on security and the EU Space Programme, click here.