From 6 to 10 March 2023, the EU conducted the Space Threat Response Architecture (STRA) 2023 exercise at the European External Action Service (EEAS) Headquarters in Brussels.
The STRA exercise is a yearly exercise to test and enhance the EU´s response to threats to the systems and services deployed under the various components of the EU Space Programme. It builds on a scenario, which reflects the complexity of the current geopolitical landscape and emerging hybrid threats, ranging from cyber-attacks on space and ground segments to spoofing or jamming satellite signals, as well as disinformation campaigns.
During the STRA 2023 exercise, the EU´s space threat response mechanism was triggered by a cyber-security incident affecting Galileo. The incident was activated in EEAS HQ and involved key political, diplomatic and operational actors including Member States, the EEAS, the EU Space Programme Agency (EUSPA /Galileo Security Monitoring Centre), the Commission and the Council of the European Union. Italy and Spain as Galileo host nations activated their chain of command, involving appropriate national capabilities to address the incident and providing support to digital forensics and critical infrastructure protection measures.
During this exercise, the Agency demonstrated that its mission in implementing the operational security of Galileo as a component of the European Union Space Programme is fulfilled.
“EUSPA continues to take steps to ensure the security of the EU Space Programme and the confidentiality, integrity and availability of the data and services it provides,” says EUSPA Executive Director Rodrigo da Costa.
Central to this role is the Galileo Security Monitoring Centre (GSMC).
The GSMC monitors and, when necessary, acts regarding security threats, security alerts and the operational status of Galileo’s various components. It operates its mission from the two facilities in Saint-Germain-en-Laye, France, and in San Martín de la Vega, Spain.
“We provide around-the-clock monitoring of the Galileo system’s security,” explains GSMC Head Philippe Rosius. “The purpose of this monitoring is to detect accidental or deliberate security events that could cause a disruption to the programme’s services.”
In the event of a threat to the security of the system and/or its services that could affect the security of the EU, the European Council will issue specific instructions to EUSPA, which the GSMC is responsible for implementing.
Beyond its monitoring duties, the GSMC is also responsible for managing access to the Public Regulated Service (PRS) and for ensuring that sensitive information relating to its use is properly managed and protected.
“While the GSMC is an integral part of the Galileo infrastructure, it has the competence to be extended to other components of the Union Space Programme,” adds Rosius.
Security expertise to support EU priorities
EUSPA’s security expertise also makes it well-positioned to support the objectives of the recently adopted European Union Space Strategy for Security and Defence.
Proposed by EU High Representative/Vice-President for Foreign Affairs and Security Policy Josep Borrell, Executive Vice-President for A Europe Fit for the Digital Age of the European Commission, Margrethe Vestager and European Commissioner for the Internal Market Thierry Breton, the Strategy proposes actions to strengthen the resilience and protection of space systems and services in the EU EUSPA will have a key role to play for the implementation of this strategy. Firstly, the strategy proposes the creation of a Sharing and Analysis Centre (EU Space ISAC) to raise awareness and facilitate the exchange of best practices among commercial and relevant public entities on resilience measures for space capabilities.
Building on its experience with Galileo, EUSPA can ensure consistent security monitoring of all EU space programmes. In close cooperation with the Commission, the Computer Security Incident Response Team of all the EU institutions (CERT-EU) and the European Union Agency for Cybersecurity (ENISA), EUSPA will play a key role as space security monitoring and operations centre in the EU. On request, we will be ready to also assist operators of essential space systems and services across the EU27.
With user needs being always the basis of the EU Space Programme, the Commission is seeking to embed military and security user requirements in the design of relevant new EU space systems and the upgrade of existing systems. Being a user-oriented agency, EUSPA will support the identification of security-related needs, and the accreditation and exploitation of dual-use systems and services.
“Thanks to its robust security apparatus, EUSPA is an essential partner in keeping all of Europe’s space assets and the important data and services they provide safe and secure,” concludes da Costa.
Media note: This feature can be republished without charge provided the European Union Agency for the Space Programme (EUSPA) is acknowledged as the source at the top or the bottom of the story. You must request permission before you use any of the photographs on the site. If you republish, we would be grateful if you could link back to the EUSPA website (http://www.euspa.europa.eu).