Speaking at CYSAT, EUSPA highlighted how its security apparatus helps protect the space-based data we depend on against malicious cyberattacks.
The number of critical services and everyday devices that depend on satellite-based data continues to increase. But with this increase comes new challenges – including cybersecurity.
Satellites have historically been designed to be reliable - but not necessarily secure. This, in combination with recent trends towards software-defined satellites, in-orbit reconfigurations, and quantum technologies, means space assets and data are now more vulnerable to cyberattacks than ever before.
“Ensuring the confidentiality, integrity and availability of space data against cyber threats is a new challenge that we simply cannot afford to ignore,” said Philippe Rosius, Head of Galileo Security Monitoring Centre (GSMC) at the European Union Agency for the Space Programme (EUSPA).
According to Rosius, who made his remarks at CYSAT (the European event dedicated to cybersecurity for the space industry) EUSPA is uniquely positioned to serve as the security gatekeeper of the EU Space Programme. “In addition to its service provision, EUSPA is responsible for ensuring that Europe’s GNSS signals are secure,” he said. “It also provides security expertise and support for the Space Programme’s other components, including GOVSATCOM, as well as to various European Commission initiatives.”
Specifically, the EUSPA security organisation provides the cybersecurity and engineering competence for all programme components. “Our security engineering and cybersecurity work defines and implements the security requirements related to the services, the systems, and their operations,” explained Rosius.
The Security Authority also oversees the operational security of European GNSS (Galileo and EGNOS). “Here our work focuses on ensuring that the systems in operation comply with the general security requirements established using a threat and risk analysis,” added Rosius.
An integral part of the Galileo infrastructure
Security monitoring is done by the Galileo Security Monitoring Centre (GSMC).
“The GSMC is an integral part of the Galileo infrastructure and has the competence to be extended to other Space Programme’s components,” said Rosius.
From its sites in France and Spain, the GSMC monitors and, when necessary, takes action regarding security threats, security alerts and the operational status of Galileo’s various components. It is also responsible for managing access to the Public Regulated Service (PRS) and ensures that sensitive information relating to its use is properly managed and protected.
“In the event of a security threat to the security of systems and services deployed, operated and used under the Union Space Programme which may affect the security of the Union, the European Council issues specific instructions to EUSPA, which the GSMC is responsible for implementing,” explained Rosius.
The EU Space Programme’s security accreditation authority
If the Security authority and GSMC make EUSPA the security gatekeeper of the EU Space Programme, then security assurance is finally ensured by the Security Accreditation Board (SAB). “The SAB is the security accreditation authority for all of the EU Space Programme’s components,” said SAB Chair Bruno Vermeire, who also spoke during CYSAT. “In this role, it ensures that all systems comply with the relevant security requirements, including Cyber and Supply Chain, and provides statements of approval to operate for the systems and services.”
An independent body within EUSPA, the SAB is composed of a representative from each Member State, the Commission and from the High Representative for the Union for Foreign Affairs and Security Policy. The Board is charged with:
- Defining and approving security accreditation strategies
- Approving satellite launches
- Authorising the operation of systems in different configurations and for various services
- Authorising the operation of ground stations
- Authorising bodies to develop or manufacture sensitive PRS technologies, receivers and security modules
- Endorsing the selection of approved products
- Approving interconnections between systems
The SAB makes its decisions in an independent manner, including in regard to the Commission and other bodies responsible for implementing the components and provision of service.
“Thanks to this robust security apparatus, EUSPA is at the front lines of cybersecurity, providing end users with the confidence of knowing that the space-derived data they depend on is safe and secure,” concluded Vermeire.
Media note: This feature can be republished without charge provided the European Union Agency for the Space Programme (EUSPA) is acknowledged as the source at the top or the bottom of the story. You must request permission before you use any of the photographs on the site. If you republish, we would be grateful if you could link back to the EUSPA website (http://www.euspa.europa.eu).