The role of cybersecurity in disaster management
From checking the weather app to using satnav, our everyday lives are surrounded by satellite information. However, satellites can be helpful beyond mundane activities. Rescuers, for example, can use satellite data to tackle natural disasters and manage emergency situations.
As with any other technological infrastructure, satellites are, however, at the mercy of cyber-attacks. Following October’s International Day for Disaster Risk Reduction, we take a look at cybersecurity and what ESA is doing to avoid hacks and safeguard disaster management services.
How satellites help with managing disasters
In 2014, a hack interfered with the US National Weather Service, which had to seal off data vital for disaster planning, aviation and shipping. According to NOAA officials, the services were made available shortly after, and forecasts were resumed. However, the lack of forecasting data, even for a short time, can put lives at risk.
Floods and hurricanes are two of the extreme events that, coming unannounced, can have devastating consequences for human life. This is why services that use satellite data to monitor disasters are vital, like the Copernicus Emergency Management Service. All over the world, entities and organisations active in emergency management can use the Copernicus Emergency Management Service to map areas that may be affected by natural disasters, humanitarian crises or human-made emergency events. The service uses reliable data from satellites and locations where a disaster may occur to rapidly map an area within hours of an event.
Rescuers working during the recent Pakistan floods took advantage of this service. In late August, torrential rains left Pakistan awash. During an unusually intense monsoon season – according to officials, the wettest since 1961 – Pakistanis saw 190% more rainfall than average from the beginning of June to the end of August. The extent of flooding was unprecedented, and according to the United Nations, eight million people were displaced by the disaster. The Copernicus Emergency Management Service was activated to provide flood maps from space to help responders deal with the crisis.
Satellite data can also help prevent a humanitarian crisis occurring in the first place. Earlier this year, the Portuguese island São Jorge received threatening levels of seismic activity – 1800 small tremors were registered in just four days. These could have indicated an imminent volcanic eruption, so local authorities used satellite data to map the potential lava flow and protect people and infrastructure accordingly. Fortunately, no volcanic eruption occurred, but the local population was ready for the worst-case scenario thanks to the help of space technology.
Cybersecurity and satellites
Though far from Earth’s surface, no space infrastructure is entirely safe from cyber-attacks. Samuele Foni, a security engineer in the ESA Security Office, pays due attention to any vulnerabilities, even those related to satellites hundreds of kilometres away from our planet.
“All satellites can be attacked, but this does not necessarily mean that they can be hacked, or hacked in the same way. Satellites in low orbits, closer to Earth, are more approachable to a cyber-attack; they’re contactable with smaller and simpler antennas. However, that doesn’t mean we should forget about deep space satellites, in fact the risk is real,” explained Samuele who later pointed out: “ESA’s Security Office is in charge of supervising and controlling the security in ESA. For such scope, it’s important to mention the certification and accreditation process gives assurance to our Member States on the respect of ESA security rules and to control the security risk at an acceptable level.”
One way to prevent any satellite or other space infrastructure from being hacked is to make a broad and robust risk analysis and assessment during the planning of the mission. This involves considering the most likely types of cyber-attacks that could happen to a mission and applying appropriate countermeasures. It also involves assessing every step of the project lifecycle of a mission, from blueprint to reality. Hackers could tamper with the supply chain or place malware into the system before it is launched. They could also interfere with employees and provoke a cyber-attack from within, an attack strategy commonly known as social engineering, so risk assessments are vital to tackling these vulnerabilities.
Another way to prevent hacks is to constantly monitor a mission, both by means of automatic systems and security experts. And finally, another winning strategy to avoid a cyber-attack is to mimic it in the first place. This is what professionals call a penetration test. It involves hiring an ‘ethical hacker’ who tries to enter a system and abuse it.
“Penetration tests are a great strategy to find vulnerabilities and deal with them,” says Samuele. He adds: “This is just the beginning of what the ESA Security Office has in mind for coming years. We will also implement a secure systems engineering framework which will allow the consolidation of a secure systems engineering toolset for space missions, a bottom-up strategy for securing source code and configurations at the earliest stages of development, a secure standardisation of the relevant space standards, a structured and empowered certification and accreditation process, and last but not least, a quantum and post-quantum laboratory for the engineering validation and certification of the quantum technologies applied for security within ESA and its Member States.”
Cybersecurity at ESA
C-SOC and SCCoE are the two new ground-breaking cybersecurity centres coming to life in the near future. Establishing both centres is in line with ESA’s Agenda 2025, which emphasises an increase in the cyber resilience of all European space assets. This way, people can safely rely more and more on the systems and information enabled by space infrastructure.
C-SOC will be an operational platform from which cybersecurity professionals can monitor the ESA-wide network, information technology assets, and satellites. The centre will also detect security incidents and support ESA’s emergency response team to empower the readiness of ESA’s defensive capabilities, representing an essential tool not only for the agency, but to Member States as well.
SCCoE will enable the validation and testing of space systems through a synthetic environment, including risk analysis, forensics, and penetration testing capabilities of both information and operational technologies on demand. The centre will also be a focal point for training, with a training platform that will be used to provide courses to security experts and to train them within simulated environments.
Cybersecurity is paramount to securing all services in a world ever more reliant on space technology. ESA is working towards strengthening its resilience to cyber-attacks so that space assets can keep helping rescuers during any disaster to come.
