DIN Standards Committee Aerospace
Space product assurance - Security in space systems lifecycles engineering
Abstract
Security is a concern now adays in society in general and, as a consequence, in the space domain as w ell. Space systems, infrastructure and other space assets have a significant value and have a high exposure by themselves and in the public perception. Security breaches and/or attacks in this domain could cause collisions in space and disruptions in critical data streaming. While this is acknow ledged by everybody, security is not systematically implemented in the lifecycle of space systems in Europe. It is implemented in missions w ith explicit security requirements, e.g. Galileo but not in most missions; or at least only in specific aspects (e.g. ground to space communications). This is probably due to a perception of security as a driver for additional costs, restrictions, and a vague association w ith secrets. How ever, this does not need to be the case. For example, missions spend systematically effort in ensuring the dependability of space systems. Dependability is generally considered in association w ith safety and it supports it. How ever dependability could also support basic security, like protection against the accidental disclosure of scientific data from a mission due to a system failure. For example, dependability analyses and associated resulting implementation could be extended to provide basic security w ithout a significant additional cost. The new standard needs to provide requirements on the implementation of security of the system in question, andrequirements on the processes implemented during the lifecycle of the system. This means ensuring the correct implementation of required security functionality in the system (e.g. implementation of an Information Security Management System in the ground segment); and also ensuring reasonable security of the lifecycle itself (e.g. ensuring reasonable management of key design information). The security needs of a space system can vary very w idely, for example a science mission and a system like Galileo, and the cost and constraints imposed by a high level of security can become very significant. For this reason the new standard must take into account the w ide variation of security needs and be highly adaptable, probably through tailoring, to those w ide needs. In some cases the resulting system(s) may need security certification and this specific case needs to be considered also in the new standard. The new standard also must consider the interaction betw een security of the system and its lifecycle, and the corporate security of the organisations involved. Corporate security is usually specific to each organisation and may be constrained by national regulations or standards. The new standard should take this into account and stay at a level, in the relevant aspects of security, w hich does not impose unnecessary constraints of conflicts w ith corporate security of the organisations involved in the lifecycle. In the production of the new standard, the types of methodologies and techniques that can support the implementation of security in space systems and their lifecycle need to be defined to ensure that the implementation of the standard (and before that, its adoption) is reasonable. Some examples of these types or areas are: • Security risks analyses and management • Technical security analyses, like, for example, vulnerability analyses • Space system information management • Infrastructure used during the space system lifecycle Being a new standard, the needs for key tools to support their implementation is also to be analysed. While the standard should not prescribe the particular methods, tools and technologies to use, the existing ones and the needs for new ones should be identified during the production of the standard. This w ould a crucial input for the eventual planning and initiation of related activities (by TBD organisations and programmes) for the development or adaptation of those methods, tools and technologies, taking into ...
Begin
2021-02-23
WI
JT005207
Planned document number
DIN EN 16602-80-10
Project number
13116524
