This content is not published

Cyber Safety and Security Operational Centre (CSOC) Phase 1

Thu, 11/17/2022 - 02:01
Start Date: 
End Date: 
Programme Reference: 
Prime Contractor: 
Space infrastructure plays an important key role in the Member States? economy and security therefore are exponentially becoming critical; within this evolutional context it is ESA?s responsibility, as global space leader, to ensure secure and controlled development environments to build up space systems security and safety protected in order to guarantee confidentiality, integrity and availability of information. ;
The aim of cyber resilience and the CSOC is to ensure an adequate control of the security and operational environment but also a set of security measures to validate and qualify space infrastructures security protected; in addition it will act as enabler for the competitiveness of industry within the cyber domain. ;
The objective of the CSOC 1st phase is to provide a preliminary architecture and high level requirements ?As Design?. This will allow, at the end of the phase 1, to have a clear engineering solution to initiate the follow on phase with the scope to develop, qualify and accept the ESA Cyber Safety Security Operational Center.

A large contract in phase B/C/D/E has been funded by GSTP as part of ESA’s development of the Cyber Security Operational Center (C-SOC) project, to tackle building a cybersecurity ‘fence’ around ESA’s ground and space assets. C-SOC aims to increase the cyber resilience of ESA and to ensure adequate monitoring of the security and operational environment, while also making a set of fully validated security measures available to protect space infrastructures. In addition it will act as an enabler for cyber industry competitiveness. As part of the contract different developments will be undertaken via GSTP and TDE regarding:

• secure systems,
• safe operations, 
• data transmission and
• safe management of constellation like projects. 
• These developments will be  distributed over the strategic  cybersecurity building blocks

The main mission of the C-SOC 1st phase is to identify, ?As Design?, a preliminary architecture and high level requirements for the first ESA distributed Cyber Safety Security Operational Center. ;
The outcomes of Phase 1 shall include a preliminary design of the future CSOC, preliminary functional requirements, a preliminary operational concept and preliminary security risk analysis with the related mission security posture. The preliminary design shall proof the concept of a distributed federated architecture based on ESEC with a ;continuous monitoring and control of all of ESA?s assets and services, including ESA?s space and ground segment, as well as data exploitation, from cyber threats, whether intentional or accidental, based on a holistic risk assessment approach. In addition the architecture shall be characterized by a synthetic environment scalable and integrated, which will provide capability to qualify element/segments against a cyber-contested scenarios. ;
Such approach can enable global end-to-end visibility allowing first the validation of space systems under development against cyber threat, and second, when in operation, the capability shall be focused on a monitor and control with the full acquisition and correlation of systems data, guarantee increased cyber resilience across the Agency and security services to any ESA customers according to their needs. ;
The architecture shall be based on a distributed scalable platform which will take into account all existing current ESA Cyber capability (interfacing ESOC NOC, ESRIN ;ESACERT, EOP SOC). ;The following preliminary functions are envisaged:
            • Corporate and mission critical monitor preventive and reactive network functions ;
            • Security Risk analysis functions ;;
            • Threat and vulnerabilities risk analysis distributed functions ;;
            • Sensors and technology data collection capability ;
            • big data analysis and processing ;
            • Sensor Fusion: collecting and consolidating all the security-relevant data feeds distributed in the different infrastructures in scope of the C-SOC into one integrated analytic architecture. ;
            • Analytics: correlation and triage of the real-time data feeds, incorporating knowledge about ESA?s environment, threats, and vulnerabilities. ;;
            • Alerting: escalating incidents to the service customers (e.g. ESACERT, NOC, EOP) who have the operational authority to initiate the incident response in the affected organization or area. ;
            • Situational awareness and reporting ;
            • Synthetic environment for element/ground segment critical HW validation for qualification against cyber scenarios; ;
            • Improve the user friendliness of the tool (easily accessible, usable and understandable) ;
            • Enhance the validation of the software units ;
            • Optimization of compilation time and processing time ;
            • Promote educational use of BIBLOS ;;
Application Domain: 
Generic Technologies
Technology Domain: 
9 - Mission Operation and Ground Data Systems
Competence Domain: 
8-Ground Systems and Mission Operations
Initial TRL: 
Target TRL: 
Public Document: 
Executive Summary