7SHIELD short description
The project aims to address the security and resilience of EU Ground
Segments of Space Systems, in response to the European Union’s call for
prevention, detection, response and mitigation of combined physical and cyber
threats to Critical Infrastructure in Europe.
The Copernicus era has created a new market with the massive amounts of
satellite data that the ground segments of space systems receive and serve to
the industry and governmental bodies. A cyber or physical attack to their
installations or communication networks would cause debilitating impact on
public safety and security of EU citizens and public authorities. A physical
attack on a space ground segment would make the distribution of satellite data
problematic and, on the other hand, a cyber-attack in its data storage, access
and exchange would affect the reliability, accessibility, interoperability and
reusability of the data.
Current
approaches in cyber-physical security of critical infrastructure do not fully
exploit the recent advances in surveillance and detection mechanisms with
robotic technologies and Artificial Intelligence. 7SHIELD brings together 22
partners from 12 European countries to design and develop an integrated,
flexible and adaptable framework covering all the
macro-stages of crisis management (prevention, detection, response and
mitigation) to protect EU Space Ground Segment Infrastructure against cyber,
physical and C/P threats.
The 7SHIELD framework integrates advanced technologies for data
integration, processing, and analytics, machine learning and recommendation
systems, data visualization and dashboards, data security and cyber threat
protection. The 7SHIELD platform is co-designed with first responders’ teams
and will contribute to policy-making, standardization and new guidelines for
contingency planning and service continuity.
The platform has successfully integrated 26 Modules and 20 Key
Results. Moreover, it has been
evaluated and demonstrated in the following five substantial
pilots and installations of Ground
Segments of Space Systems, (a) covering a diversity and complementarity of user requirements enabling true
convergence of cyber and physical security; (b) covering a variety of high-impact
threat scenarios to SGS CIs and (c) providing concrete examples
of the threats and attacks for which 7SHIELD delivers efficient support.
- ONDA
Copernicus DIAS platform (SERCO, Italy)
- ICE
Cubes Service onboard the ISS (SPACEAPPS, Belgium)
- DEIMOS
Ground Segment (DEIMOS, Spain)
- NOA
Ground Segment (NOA, Greece)
- Arctic Space Centre (FMI, Finland)
2. The need for a 7SHEILD FrameworkSatellite
communications play a vital role in the global telecom systems. We live in a
world where an ever-increasing stream of digital data is flowing between
continents to be used in multiple domains, e.g. Atmosphere, Marine, Land, Climate Change,
Security and Emergency).
The sustained growth
in the volume of satellite data produced by public and private constellations
generates:
- An
increasing demand for satellite-based communication and data from space-based systems delivering services for today’s
economy and governments
- An
increasing number of ground segment infrastructures receive/distribute massive amounts of (satellite) data
- An
increasing need for secure spectrum usage. Ground segments increasingly appear
as potential “new targets” for “new threats”, especially the
cyber-physical ones
A
physical/cyber-attack to their installations or communication networks,
respectively, would cause debilitating impact on public safety and security of
EU citizens and public authorities. A physical attack on a Space Ground Segment
makes the distribution of satellite data problematic and, on the other hand, a
cyber-attack in its data storage, access and exchange affects not only the
reliability of data.
The physical technologies are
mature, meanwhile, cybersecurity depends greatly on physical security.
The cyber-attacks are increasing in number and in sophistication. The security
budget of companies is increasing
Current approaches are inadequate
to provide a high-level of protection/resilience of EU Ground Segments
- Recent
advances in surveillance mechanisms with robotic technologies and AI are not
fully exploited or are fragmented
- Development
of a transparent user-oriented resilience-driven decision support system
is still missing
- Depend
heavily on secure and resilient capabilities
- Capabilities
rely significantly on international cooperation to
develop norms and standards
- Standards
move slowly and still considered outdated
For
this reason, in response to the topic SU-INFRA01-2018-2019-2020
“Prevention, detection, response and mitigation of combined physical and cyber
threats to critical infrastructure in Europe” of the EC H2020 Grant, propose
to provide to provide a flexible and holistic security framework covering all
the macro-stages of crisis management (prevention, detection, response and
mitigation) to protect EU Space Ground Segment Infrastructure against cyber,
physical and C/P threats.
3. 7SHIELD Consortium
The 7SHIELD
Consortium is composed by:
- 5 Ground Segments
infrastructure owners and operators
- 3 first responder and
policy organizations
- 3 academic and research
institutes
- 11 large
enterprises and technical SMEs
Figure 3‑1 – Consortium
Map and list of Partners
4. 7SHIELD Objectives and Benefits
7SHILED
aims to provide a flexible and holistic security framework covering all the
macro-stages of crisis management (prevention, detection, response and
mitigation) to protect EU Space Ground Segment Infrastructure against cyber,
physical and C/P threats.
Figure 4‑1 – Objectives and Benefits
5. 7SHELD Benefits
In order
to protect
EU Space Ground Segment Infrastructure against cyber, physical and Cyber/Physical
threats, the integrated, flexible and
adaptable framework covers all the macro-stages of
crisis management, using dedicated security tools applications
Prevention Modules:
o KR1: Critical Infrastructure Resilience Platform (CIRP-RAT), Digital
Vulnerability Assessment (DiVA)
o KR2: Secure Authentication Mechanism - Single Sign On (SSO)
o KR3: Model Based Design and Assessment (MBDA)
o KR4: Cyber and Physical Threat Intelligence (CPTI)
Detection Modules:
o KR5: Data Collection and Edge Processing (DCEP)
o KR6: Face Detection and Recognition (FDR)
o KR7: Video-Based Object Detection (VOD), Object Detection at the Edge
(ODE), Activity Recognition (AR)
o KR8: Cyber-Attack Detection Framework (CADF) & Cyber-attack
Correlator (CAC)
o KR9: Multi-Modal Automated Surveillance (MMAS)
o KR10: Perimeter Laser Sensor (PLS), Laser Fence Sensor (LFS) and 3D
Mini Drone Detector (3D MND)
o KR11: Geospatial Complex Event Processing Engine (G-CEP), Availability
Detection Monitoring (ADM), Hyper Combined Correlator (HCC), Situational
Picture Generation and Update (SPGU)
o
KR12: 7SHIELD Knowledge Base
o
KR19: Unified Alert Format
(UAF), Situation Information Model (SIM)
Response:
o
KR13: Crisis Classification
(CRCL)
o KR14: Tactical Decision Support System (TDSS)
o
KR20: Integrated Command
Control and Coordination System (IC3S), Cyber-Physical Threat Monitoring
Dashboard
Mitigation
o
KR15: Social Awareness and
Warning Message Generation (MG)
o
KR16: UAV neutralisation
mechanism – Flying Hunter (FH)
o KR17: Emergency Response Plans (ERP), Service continuity scenarios (SCS)
for cyber and/ or physical attacks
Figure 6‑1
– 7SHIELD Architecture
6.1 Cyber-Physical layer
It consists of Ground Segment
assets to be protected against cyber and physical threats as well as physical
sensors/systems and cyber probes/applications used to collect respectively physical
and cyber data.
6.2 Detection Layer and technology
In includes DETECTORS to collect
“EVENTS” captured by sensors deployed in the cyber-physical layer, to inspect
and analyse them and to notify as “ALERT” only those are mostly
noticeable/relevant:
o
Data Collection and Edge
Processing (DCEP)
o
Object Detection at the Edge
(ODE)
o
Face Detection and Recognition
(FDR)
o
Video-based Object Detection
(VOD)
o
MultiModal Automated
Surveillance System (MMAS)
o
Perimeter Laser Sensor (PLS)
o
Laser Fence Sensor (LFS)
o
3-Dimensional
Mini drone (3D-MND)
Cyber:
o
Network Intrusion Detection
System (NIDS)
o
Endpoint Detection and Response
System (EDRS)
o
Availability Detection
Monitoring (ADM)
o
RF Interference Detector (RFID)
6.3 Situation Picture Layer
It includes CORRELATORS to validate,
enrich, aggregate and correlate the notified alerts on cyber or physical
threats, creating new alerts on cyber and/or physical incidents/attacks.
The 7SHIELD framework provides the
following type of correlators:
- PHYSICAL: Geospatial CEP Engine (G-CEP)
- CYBER: Cyber-Attack Correlator (CAC)
- CYBER-PHYSICAL: Hyper-Combined Correlator (HCC)
- OTHER: Availability Correlator (AC)
6.4 Service Layer
Prevention tools for cyber and
physical threats
- Data
Confidentiality and Integrity Service to provide a
robust identity management tool for multi-factor authentication, data integrity
and confidentiality.
- Model
Based Design and Assessment to model the overall
infrastructure and its hierarchical decomposition, in terms of assets to be
protected, their interfaces and the messages exchanged between them,
considering the dependencies between different components.
- Critical
Infrastructure Resilience Platform and Digital
Vulnerability Assessment Tool to model the Critical Infrastructure assets
and to identify the threat agents and the attack strategies that could
compromise them, performing respectively a cyber and physical risk assessment
on hazards.
- Cyber-Physical
Threat Intelligent to search, monitor and analyse
C/P threats across multiple sources (e.g. Dark Web and Underground communities
and marketplaces, social media networks, blogs, forum, etc. ).
Response tools for cyber and
physical threats
- Crisis
Classification Module to enhance the decision-making
processes, by providing real-time (or “near” real-time) assessments of the
severity level of an ongoing physical and/or cyber-attack in critical satellite
and ground segments.
- Social
Awareness and Warning Message to construct concise
and informative messages to disseminate to a variety of stakeholders (e.g.
citizens, FRs, SGS employees) about the occurrence of an incident, the
immediate consequences and any action should be taken
- First
Responders Support System to enable FR teams to be
self-aware and have more information to support effective decision making in
the field without an infrastructure or C2 support
- Flying
Hunter is a specially assembled drone which flies
towards the intruding drone and catches the intruding drone using the net
hung under belly, brings the drone to a predesignated location on the
ground, and drops it there.
- Emergency
Response Plans (ERPs) include strategies,
procedures, best practices and systems commonly required for
response and recovery.
- Generalized
Operational Business Model Tool for Service Continuity allows for a better, faster and more efficient response to
emergencies, incidents or crises, with rapid and tested reactions,
in order to minimize impact and time to recover.
6.5 Interface with Users
- Cyber
Physical Threat Monitoring provides advance
capabilities for semi-automated monitoring of the SGS CI security and
intelligent early warning in case of detected anomalies, C/P attacks or hazards
It provides a ‘single point of entry’ for users allowing them to access all of
the relevant up-to-date information
- ENGAGE
Dashboard and Visual Analytics supports the
response activities are related to specific incidents on the Ground Station by
informing users about the situation, helping them to organise the response
activities, enabling the communication with the FRs on the field