How ESA ensures cybersecurity in space

Spacecraft in orbit and the systems on ground that fly them can be targeted by malicious attacks. Alternatively, cybercriminals can destroy or damage strategic services and crucial data – or leverage compromised space assets to support hybrid attacks against others.

Rogue states could use a compromised ground station or their own facilities to interfere with a satellite’s command-and-control communications, intercept valuable information – or use lasers to blind a satellite from the ground. Terrorist groups could use satellite jammers to create electronic interference with a satellite’s signal, send spoof signals, place malware in satellites themselves – or eavesdrop on sensitive information relayed via satellites. Even small but well-organised groups of cybercriminals could use experimental strategies to exploit the vulnerabilities of space systems to gain public recognition and visibility.

ESA has a pivotal role to play in protecting global security by keeping space systems safe from attack. The agency is continually upgrading and improving its security framework and developing its cybersecurity strategy.

The agency is ensuring robust security risk management for all its activities, with security engineering and security assurance embedded in projects from conception and throughout their lifecycles.

ESA has a specific security agreement with its Member States and with the EU, as well as an overall security policy that addresses and de-risks the evolving threat landscape.

ESA’s cyber security vision envisages advanced capabilities with infrastructure and functions geographically distributed across ESA’s network of sites acting as the backbone of a unique new capability in Europe. Able to be operated locally or remotely, it can identify threats that come simultaneously from space and from Earth, while supporting from the beginning the engineering design and development lifecycle of any space system.

ESA has developed a cybersecurity resilience ‘multi-platform’ composed of a geographically distributed system of systems that have shared capabilities and security functions. It supports the engineering phase of secure systems from design through the operational phase right up to disposal. It also helps to perform threat and vulnerability assessments, threat modelling and intelligence gathering, it qualifies and validates secure functions, and it conducts cybersecurity operational monitoring on Earth and in space.

ESA’s cybersecurity work is distributed over many sites. Engineers working at ESA’s ground station in Redu, Belgium, ensure cybersecurity in space is secure by design and as built.

Teams based at ESA’s centre for Earth observation in Frascati, Italy, forensically analyse and investigate incidents, and help support security assurance risk management across the agency.

Meanwhile people working at ESA’s mission control centre in Darmstadt, Germany, monitor the security of space missions and identify threats and vulnerabilities from space. The team is adopting renewed cybersecurity certification that includes modern best practice in secure software engineering and zero-trust architectures.

Finally, the agency is working on a quantum secure verification platform to counter the threat posed by quantum computing, which will become capable of cracking traditional cryptography easily. It aims to design and develop an overall end-to-end quantum technology platform able to support the testing, qualification and security certification of any quantum technology for security.

Massimo Mercati, Head of the ESA Security Office, said: “Space is one of the most important strategic assets for Europe, supporting European economies and the daily lives of European citizens. Keeping it safe from cyberattack is essential. ESA’s cybersecurity vision aims to strengthen its resilience by identifying emerging risks and preparing resilient strategies. ESA is a trusted and reliable partner that supports its Member States and its industrial and institutional partners to face geopolitical challenges and help Europe to prosper in a safe and sustainable environment.”