logo wat
maggio 25, 2016 - European Space Agency

Space approach to cyber challenge

Comunicato Stampa disponibile solo in lingua originale. 

The approach developed by ESA for designing space missions such as ExoMars and Sentinel is now being used by #computer emergency response teams in Europe and North America to react quickly and securely to cyber attacks.

The technique builds on the experience gained by engineers from Belgium’s RHEA Group working in ESA’s Concurrent Design Facility (CDF) at ESTEC, the Agency’s research and development centre in the Netherlands.

RHEA Group was contracted by NATO’s Communications and Information (NCI) Agency in 2014 to develop and deploy an international Cyber Information and Incident Coordination System (CIICS) using collaborative engineering concepts similar to those employed by CDF. 

Cyber incidents can happen without warning, so service and security teams need to be able to analyse their impact and assess all possible options very quickly. This is more effective when they can call on expertise from another team or country, and quickly access available up-to-date information.

CIICS now provides #computer emergency response teams with a workflow tool for handling cyber incidents. It gives direct access to shared information which can be jointly analysed, trade-offs assessed and solutions elaborated – faster than through conventional communication channels. Sharing technical information provides a virtual reference library.

Speeding decisions with concurrent design

ESA has been using concurrent design to assess and plan space missions since 1998. With a network of computers, multimedia devices and software tools, CDF is a state-of-the-art facility that allows experts from several disciplines to work simultaneously on designing future space missions. It promotes fast and effective interactions between all the specialists, ensuring consistent and high-quality results in a much shorter time.

 “Missions and spacecraft are complex, and their assessment and design involves specialists from multiple disciplines,” explains Massimo Bandecchi, head of ESTEC’s Systems and Concurrent Engineering Section.

“Every time someone makes a decision it has an implication for another part of the project. In CDF we have all of the people in the same place, all of the time.

“Our open concurrent design tool lets them verify that data are compatible and calculate the effect of a change on the other disciplines and on global parameters such as launch date and cost.” 

Using this method, ESA has reduced the early design effort on a mission from 6–9 months to 3–6 weeks, halving costs and increasing the number of potential projects that can be assessed each year.

Missions that have been assessed and designed in the CDF include ExoMars and Sentinel-related projects, along with payloads, launchers and telescopes. In total, 200 studies and reviews have been completed during the 17 years of operation.

Two members of ESA’s CDF team, Arne Matthyssen and Sam Gerene, set up their own company in 2005 through the ESA’s business incubation centre in the Netherlands.

“We could see the potential of the CDF concept also outside the space context,” says Arne Matthyssen.

“Using the same concept we developed a flexible system answering to the needs of other industrial sectors.” Their business later became part of RHEA Group.

Different domain, similar concepts

Within NATO, the incentive for adopting a concurrent engineering approach to cyber security was to share information.

“There is now a recognised need to share cyber security information among nations in a coalition environment in order to respond faster to incidents and be on top of your security posture,” says Manisha Parmar, senior scientist at NCI Agency Cyber Security Service Line.

“We chose to work with RHEA Group because we would be able to leverage their experience and expertise.

“While it looks as if we are doing something totally different from other domains, such as space, a lot of the concepts are the same.”

CIICS is part of a NATO cyber defence project sponsored by Romania, Canada and the Netherlands since 2013. RHEA Group began the development in May 2014 and final enhancements were delivered to the sponsoring nations in October 2015. A trial release was used at Cyber Coalition 2014 in November 2014 – the largest ever NATO cyber exercise. A completed version of CIICS was used at the same event in 2015, again with great success.

“In the next stage, sponsoring countries want to establish a federation between themselves and other NATO and partner nations to share cyber defence technical information and allow incident handling to be done both within and across organisational and national boundaries,” notes Manisha. This became operational in early 2016 with RHEA Group providing operational support.

Cross-border challenges

NATO initially considered buying a commercial software package, but recognised that the project required a slightly different approach.

“Cyber incident analysis is similar to collaborative or concurrent design in that it requires analysis of options by a multidisciplinary team,” notes Douglas Wiemer, director of Cyber Security Solutions at RHEA Group.

“However, the challenge is that you now need to analyse the impacts and assess your options very quickly because cyber attacks can happen very fast.

“In addition, in cyber defence the operations teams may be from widely different organisations or nations and may not want to share everything. Instead, they want to share selected information in a controlled way within trusted communities of interest.

"This means each organisation needs its own instance of the tool, rather than everyone using one instance and sharing everything, as they do at ESTEC.”

Aude de Clercq of ESA’s technology transfer office adds: “RHEA Group has demonstrated the transfer potential of advanced ways of working that were initially developed for our European space programmes.

“With security currently being high on the agenda, other space technologies could also turn out to provide smart answers.”

Filtro avanzato