PAGE CONTENTS
Objectives
The high level objectives of the SECOPS project are to:
- Define the requirements and a high level design for an independent Security Operations services for Space (SECOPS) to offer to future GOVSATCOM telecommunications service providers;
- Define the specification of a secure Virtual Satellite Operator (sVSO) capability, leveraging Eutelsat Quantum, a configurable communication satellite, as a tangible use case for analysis and exemplifying the pooling and sharing concept.
In particular, the study aims at clearly identifying and establishing:
- The set of security controls (requirements) enabling protected delivery of configurable satellite communications services to meet government requirements under a ‘Pooling and Sharing’ use case, including a risk assessment;
- The specification of security service requirements (e.g., technologies and operational procedures) for continuous cyber security monitoring services to meet the identified set of security requirements;
- A gap analysis and design change assessment of the Quantum configurable satellite communications system, as an applicable use case, to meet the identified set of security requirements;
- Conduct a cost/benefit analysis of the actual market viability of proposed system and service capability.
The outcome of the study includes a preliminary high-level design of:
- a configurable satellite communications service able to meet the GOVSATCOM model expectations;
- a Security Operations Service able to provide security monitoring services to GOVSATCOM providers and operators.
Challenges
The project faces several challenges.
The first one is related to the definition of actual use cases applicable to a GOVSATCOM scenario, that is still under definition. As a consequence, the collection of the actual requirements in an effective manner, for a service not yet in place, is not trivial.
Another challenge derives from the sensitivity of the information and the types of stakeholders involved, which are mainly in the government sector. Some Stakeholders may be reluctant to provide this kind of information and they may express their requirements at a very high level, not sufficient to define the actual needs of the system.
Finally, the project aims at the definition of a broker-like security operations service independent from the actual GOVSATCOM provider, where providers and services of such kind are not commercialised yet.
System Architecture
In the design of SecOpS three different deployment options have been assessed, that define the scope and boundaries of the SECOPS service:
- Direct End-to-end security operations: operations are delivered by a central entity named Govsatcom SOC (GSOC), collecting security information from the Hub and all participating entities.
- Indirect end-to-end security operations: the Govsatcom hub is monitored by the GSOC, while the other participating entities (e.g., Govsatcom service providers) are monitored by third-party SOC (either their own or outsourced), supported by collaborative incident management capability for coordination of activities among each other and with the GSOC.
- Direct plus Indirect end-to-end security operations: A combination of the above type 1 and 2. Accounts for cases where some third-party entities will allow sensors to be added, but also some do not.
The figure below represents all the descripted options
The architecture consists of:
- A technical infrastructure aimed to collect, correlate and process relevant events
- The security operation service aimed to perform managed threat detection and response, leveraging the defined infrastructure.
The infrastructure includes:
- A SIEM (Security Information and Event Management System): A central security events and incidents detection system able to collect, aggregate and normalise logs and security telemetry from the different sources in order to identify anomalies and security events
- A set of log collectors properly sized and located at the different entities: satellite provider, service provider, final customer and end user;
- A set of security sensors (agents and network-based) deployed at network and/or system level at the different entities to enhance the quality of the information received from the common logs;
- A coordination and security information exchange platform to support communications in a distributed environment where different Security M&C are operating
Service operations consists of:
- A security operations team made of skilled and trained security analysts;
- A set of security operating policy and procedures aimed to deal with all the activities provided by SECOPS from event collection to security incident handling and follow-up;
- A service desk able to interface with all involved entities and necessary authorities to perform security event and incident management, including communications with necessary third parties.
Plan
The project started on March 2018 and the first phase is concluded in June 2019.
It was developed in two steps.
Step 1:
This step addressed the security requirements elicitation, analysis and definition of both the SECOPS and sVSO sub-system leveraging Eutelsat Quantum. Phase 1 concludes with the Security Requirements definition for SECOPS.
Step 2:
The second step addressed:
- the comparison assessment activity aimed at assessing current security capabilities, of both RHEA security services and Eutelsat Quantum system, to identify current vs. required security services capabilities;
- the requirements for the different Govsatcom options to deliver a security monitoring capability
- the change assessment aimed to provide a Preliminary Design of SECOPS related service capabilities and Eutelsat Quantum sVSO, upgrades including technical and market oriented cost vs. benefits analysis.
Step 2 provided a Preliminary Design of the SecOps and the additional security requirements to be considered in Eutelsat Quantum to address the needs of an sVSO in a commercially secure pooling and sharing environment.
Current Status
The definition study is completed.
Companies
