CYBER ATTACK SIMULATION ON ONDA DIAS PLATFORM
ONDA by Serco® is a registered trademark of Serco Italia S.p.A. and is one of the five ESA Data and Information Access Services (DIAS). Serco is responsible for ONDA operations and services and is the contractual entity leading with ONDA end-users.
Space mission Ground Segment represent the set of infrastructure, equipment and functions to allow the processing, archiving and dissemination of Satellite data. The data archiving function in particular has the objective to store and preserve the mission products for the long term (i.e. a longer period than the contractual coverage of the activity). The infrastructure security problem is therefore largely impacting the performance of the afore-mentioned services but it may have critical impacts especially on Data Access and Long-Term Archive service. Indeed, in case of a major attack causing the unavailability of these services, the performance of the entirely mission is affected: e.g. in case of Data Access unavailability the users cannot have access to satellite data.
Security is the combination of confidentiality, the prevention of the unauthorised disclosure of information, integrity, the prevention of the unauthorized amendment or deletion of information, and availability, the prevention of unauthorized withholding of information.
ONDA offers free and open access to a wealth of datasets from different sources – from the Copernicus Sentinels family, to EO missions to the Copernicus Services projects – and provides, upon user registration, easy-to-use resources for accessing, downloading and processing the data and information.
All data, information, applications and transactions are securely protected and our ONDA solution provides the anti-Denial of Service (DoS) attacks.
ONDA is the Data and Information Access Service (DIAS) led by Serco Italia and is hosted in OVH. The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The attackers used an Internet of Things (IoT) botnet composed also of compromised CCTV cameras. This botnet with 145607 cameras/dvr is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.
In any case, the attack was managed by the Cloud provider OVH which, despite being severely tested, did not create inefficiencies or strong latencies to the services provided.
Application and overall impact
7SHIELD proposes a framework enabling the deployment of innovative services for cyber protection of ground segments, integrating state-of-the-art technologies with the aim to prevent, detect, respond and mitigate cyber threats to the security and, in general, the integrity of the assets and operations carried out. The security of ONDA DIAS Cloud infrastructure and applications will be stressed out during the test phase and we wish to discover vulnerabilities currently unknown to us.
Moreover, we believe that, in order to enhance the pre-crisis management for prevention of cyber threats, our ONDA ground segment can evolve to adopt the innovative Single-Sign-On (SSO) service proposed by the 7SHIELD project which should ensure secure authentication, integrity and confidentiality of end user personal data adopting the modern cryptography, hybrid encryption and blockchain techniques on cloud-based solutions.
1st Operational test
ONDA is one of the DIAS (Data and Information Access Services), a platform providing access to satellite data and Cloud resources for users to develop and host their own applications.
The ONDA DIAS Cloud infrastructure has been updated in order to use the modules for preventing, detecting and reacting to any cyber attack developed in the 7SHIELD project. The 7SHIELD framework demonstrated to improve the protection of the services offered to ONDA end users: namely the Discovery (Catalogue Graphical User Interface), View (allowing visualization of data on the world map through a standard Web Map Service) and Download (for which user registration to ONDA is required).
Three types of cyber attacks were simulated:
- Man in the middle attack
- Denial of Service attack
- Ransomware attack
Pilot execution dates & partners involvement
The Pilot demonstration took place in the period from 19 September to 22 October. 9 partners have been actively involved in the tests execution and more than 50 people attended to the real exercise for demonstration organized by SERCO on 13, 15 and 22 October.
As a result of the PUC, 9 Key Results of the 7SHIELD project have been tested. In particular:
7SHIELD ensures the assessment of the risks and weakness of a service operating in the Earth Observation context and provides the users with an instrument to predict cyber-attacks by identifying suspicious activities on social media. The usage of the innovative Single Sign-On system ensures the secure authentication, integrity and confidentiality of user data.
The technologies provided by 7SHIELD are potentially detecting any type of cyber-attack and demonstrated to offer a complementary protection to the currently adopted detection methodology already in operation on ONDA. The emergency response plan and its visualization in the graphical user interface proved to be an advantage, improving the actual efficiency in response in case of a cyber-attack.