BESecured PSS BESecured Pooling & Sharing Hub

  • Status
    Ongoing
  • Status date
    2024-12-02
  • Activity Code
    6B.076
Objectives

Definition Phase (2021-2022)

During the Definition Phase, the primary objectives were to define and consolidate detailed user and system requirements. This phase focused on developing the system architecture for the Secured Pooling & Sharing System (PSS) using a proper security-by-design process. Key activities included extensive stakeholder engagement to gather requirements, creating detailed system specifications, and establishing a robust foundation for subsequent development phases.

Technology Phase (2022-2023)

In the Technology Phase, we progressed from conceptual designs to practical implementations. This phase involved the evaluation of system performance and concepts of operations through an early prototype, BESecured PSS Alpha. The prototype provided critical insights and formed the basis for the future Secure Commercial Pooling & Sharing System. Efforts were dedicated to identifying and addressing technological and security challenges anticipated over the long-term evolution (5-10 years) of the system. This phase concluded with the successful demonstration of the BESecured PSS Alpha's capabilities and readiness for further development.

Product Phase (2023-Present)

We are currently in the Product Phase, focused on completing the verification and validation of the system. This phase involves rigorous testing to ensure the system meets all defined requirements and performs reliably under operational conditions. Key activities include:

  • Verification: Detailed testing against the user and system requirements to confirm that the system functions as intended.
  • Validation: Ensuring that the system meets the operational needs and expectations of end-users through comprehensive trials and feedback loops.
  • Security Assessment: Conducting thorough security evaluations to identify and mitigate potential vulnerabilities, ensuring the system is robust against cyber threats.
  • Pre-Operations Preparation: Finalising all necessary preparations for the system to enter pre-operations, including the development of operational procedures, training programs for users, and setting up support infrastructure.

The completion of the Product Phase will signify the readiness of the Secure Pooling & Sharing System for pre-operational deployment, marking a significant milestone in the development of a secure, commercial pooling, and sharing solution. This phase is critical in ensuring the system's reliability, security, and effectiveness in real-world scenarios, paving the way for its full commercial launch as BESecured PSS Version 1 and BESecured PSS Version 2.

Challenges

The project is challenging. Leveraging on previous ESA studies and the experience of the involved partners, it must face a set of technically complex problems:

  • Matchmaking management for SatCom resources
  • Provision of high robustness and quality (resilience, security)
  • Define and implement a proper business model and governance structure for the delivery of the P&S Service
Benefits

BESecured PSS offers:

  • Security-by-design approach
  • A built-in Security Operation Centre to detect and react to cyber threats
  • Tailored procedures designed for service providers to simplify service offering.
  • Transparent and easy to use Mission Planner to simplify client service request process.
  • Domain experts in consortium with wide in-house experience and knowledge base.
Features

The BESecured Pooling & Sharing system aims to revolutionise secure satellite communications by creating a unified solution that seamlessly delivers services to diverse end-users across various security domains, needs, and regions. This innovative system addresses the critical need for reliable and secure communications in an increasingly connected world.

Key Features and Benefits

  • Unified Service Delivery: The BESecured system ensures that users, regardless of their location or security requirements, receive consistent and reliable communication services. By integrating with a wide range of satellite operators and service providers, the system offers unparalleled connectivity and flexibility.
  • Advanced Prioritisation and Security: With sophisticated algorithms, the BESecured system manages service requests with precise prioritisation and security treatment. This ensures that critical communications are prioritised and protected, providing peace of mind for users operating in sensitive and high-stakes environments.
  • Comprehensive Service Management: From the initiation of a service request to its delivery, the BESecured system handles every step with meticulous planning and execution. This end-to-end service management guarantees efficiency, reliability, and high performance, meeting the stringent demands of various users.
  • Seamless Integration: The system's ability to integrate communications from a federation of different satellites, operators, and service providers ensures a robust and resilient network. This interoperability is key to maintaining uninterrupted service, even in the face of disruptions or changes in the satellite landscape.

Value Proposition

  • Security by Design: The BESecured system is built with security at its core, ensuring that every communication is protected against potential threats. This security-by-design approach makes it an ideal solution for government, military, and other security-sensitive applications.
  • Scalability and Flexibility: Designed to adapt to the evolving needs of its users, the BESecured system offers scalability and flexibility. Whether the demand is for increased bandwidth, expanded coverage, or enhanced security features, the system can be tailored to meet these requirements.
  • Cost Efficiency: By leveraging a pooling and sharing approach, the BESecured system maximises resource utilisation, leading to significant cost savings for end-users. This makes high-security communications accessible and affordable for a broader range of organisations.
  • Reliability and Resilience: Through its integration with multiple service providers and satellites, the BESecured system ensures high availability and resilience. Users can depend on continuous service, even under adverse conditions or during peak usage times.
  • Enhanced User Experience: With its intuitive interface and comprehensive support infrastructure, the BESecured system offers an exceptional user experience. End-users benefit from streamlined operations, minimal downtime, and responsive customer support, ensuring smooth and efficient communication.
  • The BESecured Pooling & Sharing system represents an advancement of secure satellite communications, offering a robust, secure, scalable, and cost-effective solution for diverse users. As we move through the Product Phase, our focus on verification, validation, and operational readiness will ensure that the BESecured system meets and exceeds the expectations of our users, paving the way for its successful deployment and long-term success.

System Architecture

The BESecured Pooling & Sharing System (PSS) is designed to meet the stringent requirements of secure communications for commercial, government, and military users. The system architecture leverages advanced technologies and best practices in security to ensure robust, reliable, and secure communications. As we progress through the Product Phase, the architecture has been refined and validated to ensure readiness for pre-operational deployment.

Core Components and Functionality

neXat Cloud-Service Delivery Platform (C-SDP)

  • The C-SDP, a fully-fledged satellite communications specific OSS/BSS, serves as the core of the BESecured PSS, providing essential Pooling & Sharing functionalities.
  •  It connects to multiple satellites and hubs operated by various providers, ensuring comprehensive and resilient connectivity.
  • Enhanced security features have been integrated into the C-SDP to support IP-based communications for high-priority users.

ST Engineering iDirect Newtec Hub

  • This secured and enhanced hub facilitates connectivity with resource providers.
  •  It ensures seamless integration and communication between satellites and the C-SDP.
  •  The Newtec Hub is critical for maintaining high levels of performance and reliability in the BESecured PSS.

Security-by-Design Practices

  • The system architecture is developed following best Security-by-Design practices to create a secure operational environment.
  • A comprehensive Security Access Control System ensures secure access, maintaining the integrity, confidentiality, and availability of information.
  • This approach anticipates and mitigates potential security threats, ensuring long-term system resilience.

BESecured PSS Alpha

  •  The BESecured PSS Alpha, developed during the Technology Phase, served as a proof-of-concept demonstrator.
  •  It has been rigorously tested and validated from a security perspective, providing a solid foundation for the full operational system, delivered at the end of the Product Phase (Version 2).
  •  The Alpha prototype has been instrumental in identifying and addressing potential security challenges early in the development process.

Security Operations Centre (SOC)

  •  A dedicated SOC is integrated into the BESecured PSS to monitor and manage security operations.
  • The SOC ensures that all communications and operations meet the required security levels, providing continuous protection for customers and resource providers.
  • It plays a pivotal role in threat detection, incident response, and maintaining overall system security.

High-Level Architecture Overview

The architecture of the BESecured PSS can be visualised as follows:

User Interface Layer:

  • Provides end-users (commercial, government, military) with access to the system.
  • Implements user authentication and authorisation mechanisms to ensure secure access.

Service Management Layer:

  • Manages service requests from initiation to delivery.
  •  Utilises advanced algorithms for prioritisation and security treatment of service requests.

Core Service Layer (C-SDP):

  • Central hub for pooling and sharing functionalities.
  • Connects to multiple satellites and hubs, including the ST Engineering iDirect Newtec Hubs.
  • Ensures seamless integration and high availability of communication services.

Security Layer:

  •  Implements Security Access Control System for secure access and information protection.
  •  Includes encryption, intrusion detection, and other security measures to safeguard communications.

Connectivity Layer:

  •  Facilitates communication between satellites, hubs, and the C-SDP.
  •  Ensures reliable and resilient connectivity through multiple satellite operators.

Operations Layer (SOC):

  • Monitors and manages the security of the entire system.
  • Provides real-time threat detection, incident response, and continuous security management.
Plan

The project is divided in three phases:

  • Definition Phase (from October 2020 to January 2021)
  • Technology Phase (from February 2021 to April 2022)
  • Product Phase (from May 2022 to April 2025)
Current status

The team is proceeding in the Product Phase, in preparation of the factory acceptance tests.

Prime Contractor

Subcontractors