The objective of the project was to establish the CSCE as the enabler for collaborative cyber information sharing and analysis for the space and critical infrastructure sectors, developing enabling technologies supporting knowledge enhancement and information exchange specific to cyber-security with multiple aims:
- Study, share, understand and raise awareness about cyber issues;
- Train, test, exercise and further develop cyber-security professionals;
- Establish a cyber-security technology test bed to develop, integrate and test advanced cyber-security technologies; and
- Collaborate and coordinate cyber-incident response measures.
In order to develop the envisioned cyber-security services, three technology enablers have been developed within the CSCE project:
- Collaborative coordination of Incident Response Platform (CIRP). CIRP provides a secure and near real-time environment for security operations personnel to coordinate and share cyber-incident information in order to assess impacts, identify and evaluate mitigation actions and prioritize response measures.
- Cyber-security Integration, Test and Evaluation Framework (CITEF). CITEF provides an environment for cyber-security test and evaluation of space systems and architectures, commercial-off-the-shelf (COTS) solutions and advanced prototype technologies in emulated operational virtual environments. CITEF also enables realistic hands-on training and hosting of operational exercises through advanced end-to-end simulations.
- Security Aware Concurrent Design Platform (SACDP). SACDP provides an integrated and multi-disciplinary engineering environment for system and software feasibility analyses supported by a cyber-security threat and risk assessment module and a secure system and software engineering requirements database.
The project faced multiple challenges, related to the three technological platform to be developed:
- CIRP: The CIRP platform has been designed in order to scale up to hundreds of tenants and hundreds of thousands of cyber-security tickets per year to be handled, with serious scalability challenges to be faced.
- CITEF: The main challenge for the CITEF platform was related to ensuring a proper user experience on activities such as the design of very complex virtual environments for emulation, testing, cyber range. The construction of the virtual networks leveraging the environments, in particular, is extremely complex.
- SACDP: The main challenge for the SACDP platform was related to the complexity of embedding multiple risk assessment methodologies on a single software platform, encompassing different levels of precision for the risk assessments outputs, depending on the system engineering phase when the risk assessment is performed
Each of the CSCE technological platforms developed within the CSCE project brings consistent improvements in the cyber security landscape:
- CIRP encompasses a complex management of different level of confidentiality for the cyber incident information tickets, allowing multiple tenants to share only the desired information (possibly enriched and correlated with additional data)
- CITEF is not designed for a single purpose only: it is a full framework allowing the users to create and manage multiple different virtual environments related to different activities (from vulnerability testing/pen test to cyber range, to red team-blue team exercises, etc...). The main goal is to build complex virtual environments and support the users on the usage and management of these environments and the related activities: this widens the scope to multiple possibilities (while in the actual market typical competitors usually focus on single activities)
- SACDP enables ‘security-by-design’ concepts in the full system and software development life-cycle, leveraging a user friendly approach for conducting risk assessment iteration on systems still in development. From a market perspective, this is a unique feature.
Each of the CSCE technological platforms encompass a set of unique capabilities, the foundation of the services to be delivered as final goal for the CSCE project:
- Cyber Incident handling (customizable/extendable workflow and data model)
- Cyber Incident sharing (selective sharing of information parts with specific partners)
- Distributed federated deployment model
- Structured data formats according to industry standards (STIX, CVE, etc.) for interoperability
- Allows linking to external system data sources
- Technological Readiness Level: 9
- System-of-systems solution involving a range of emulation technologies for mission control, ground station, and satellite systems
- Supports multiple space mission types and covers both mission control and data segments
- Adaptable test harness with standardized interfaces: discrete components within the end-to-end service can be independently replaced by technologies under test
- Range of security testing capabilities (static and dynamic application testing tools, technical vulnerability assessment and penetration testing tools)
- Adapted to the unique requirements of space assets security testing
- Supports consistent system testing against formal requirements
- Technological Readiness Level: 9
- Fully support security-by-design activities embedded on system/software engineering life-cycle
- Reduces the complexity of risk assessment activities
- Fully supports multiple risk assessment methodologies and different level of detail for the risk assessment outputs
- Technological Readiness Level: 9
CIRP and SACDP leverage on a multi-tier software architecture, composed by a data tier, a back-end tier, a front-end tier and a client tier.
For CIRP, the required scalability is achieved with the usage of a micro services architecture based on Docker, allowing the platform to be deployed on multiple hardware appliances.
CITEF leverages a more complex architecture, since it is composed by a custom software layer (a multi-tier application leveraging the creation and organization of the virtual environments) and an infrastructure-as-a-service layer based on COTS software, managing the instantiation of the desired virtual environments.
The project started on August 2017 and concluded at the end of December 2019.
CSCE was mainly divided on two phases, with a set of reviews for each phase and for each technological platform (the three streams had different internal schedule, being CIRP the shortest and CITEF the longest):
- Technology Phase (CIRP, CITEF and SACDP must reach TRL 6)
- System Requirements Reviews
- System Architecture Reviews
- Preliminary Design Reviews
- Critical Design Reviews
- Product Phase (CIRP, CITEF and SACDP must reach TRL 9)
- Test Readiness Reviews
- Factory Acceptance Reviews
The project has successfully concluded, with full acceptance of all the outputs from ESA.
Even if the Artes project has been concluded, the Cyber Security Centre of Excellence is fully active in ESA ESEC (Redu, Belgium) on providing the services enabled by the developed CIRP, CITEF and SACDP technologies:
- Education and training services
- Test and evaluation services
- R&D and security-by-design services
- Secure Operations Centre services
More information on www.rheagroup.com