Consolidate and expand existing secure systems engineering technology building blocks and create a Secure Systems Engineering framework of methodologies and tools for unclassified space missions.

 

 

ESA has invested in recent years to improve the security of the software systems by providing a Secure Software Engineering standard along with a number of tools that help developers and technical officers to implement it. The SSE4Space proposal moves the concept one level up to the system engineering domain, where security engineering methodologies and tools are equally important.

 

Today, there is no generic approach to support secure system engineering processes for space mission systems. This leads to the production and operation of systems that are vulnerable and ultimately the risk to loose or damage the Agency assets.

 

The European community has invested in the development of a Secure Software Engineering Standard which assumes that Secure Systems Engineering is applied at Mission System level and flown down to sub-system level. So far the Agency has been developing a number of Secure Systems Engineering technology building blocks, with the purpose of efficiently and effectively enabling secure systems engineering as defined in the standard. The tools have been designed to implement the secure system engineering processes in an efficient and effective way and thus allowing security to be addressed with a minimum overhead. SSE4Space will consolidate and expand these elements in a comprehensive and easy to use Secure Systems Engineering framework of methodologies, tools, and data. This framework will support all cyber-security related systems engineering processes as defined by the standards. The framework will be accessible through a set of connected software tools intended to be used by system engineers. The tools will support the engineers and provide templates and patterns wherever possible to allow for efficient and effective implementation of security processes. A low-complexity security certification concept and toolset will be developed. SSE4Space activity will also prepare for a future integration with the developments towards digital engineering, tying the security engineering information into the engineering model.

 

Task List:

• Review of existing technology components and secure engineering standards.

• Identification of technological and formal gaps.

• Consolidation of the existing technology components into an overall framework of methodologies, software tools, and supporting data.

• Specification and implementation of a certification concept and tool.

• Demonstration of the framework in a real mission to be pre-selected.

• Future concepts initial analysis.