CYBER ATTACK ON ONDA DIAS PLATFORM
Image provided by jcomp – it.freepik.com
ONDA by Serco® is a registered trademark of Serco Italia S.p.A. and is one of the five ESA Data and Information Access Services (DIAS). Serco is responsible for ONDA operations and services and is the contractual entity leading with ONDA end-users.
Space mission Ground Segment represent the set of infrastructure, equipment and functions to allow the processing, archiving and dissemination of Satellite data. The data archiving function in particular has the objective to store and preserve the mission products for the long term (i.e. a longer period than the contractual coverage of the activity). The infrastructure security problem is therefore largely impacting the performance of the afore-mentioned services but it may have critical impacts especially on Data Access and Long-Term Archive service. Indeed, in case of a major attack causing the unavailability of these services, the performance of the entirely mission is affected: e.g. in case of Data Access unavailability the users cannot have access to satellite data.
Security is the combination of confidentiality, the prevention of the unauthorised disclosure of information, integrity, the prevention of the unauthorized amendment or deletion of information, and availability, the prevention of unauthorized withholding of information.
ONDA offers free and open access to a wealth of datasets from different sources – from the Copernicus Sentinels family, to EO missions to the Copernicus Services projects – and provides, upon user registration, easy-to-use resources for accessing, downloading and processing the data and information.
All data, information, applications and transactions are securely protected and our ONDA solution provides the anti-Denial of Service (DoS) attacks.
ONDA is the Data and Information Access Service (DIAS) led by Serco Italia and is hosted in OVH. The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The attackers used an Internet of Things (IoT) botnet composed also of compromised CCTV cameras. This botnet with 145607 cameras/dvr is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.
In any case, the attack was managed by the Cloud provider OVH which, despite being severely tested, did not create inefficiencies or strong latencies to the services provided.
Application and overall impact
7SHIELD proposes a framework enabling the deployment of innovative services for cyber protection of ground segments, integrating state-of-the-art technologies with the aim to prevent, detect, respond and mitigate cyber threats to the security and, in general, the integrity of the assets and operations carried out. The security of ONDA DIAS Cloud infrastructure and applications will be stressed out during the test phase and we wish to discover vulnerabilities currently unknown to us.
Moreover, we believe that, in order to enhance the pre-crisis management for prevention of cyber threats, our ONDA ground segment can evolve to adopt the innovative Single-Sign-On (SSO) service proposed by the 7SHIELD project which should ensure secure authentication, integrity and confidentiality of end user personal data adopting the modern cryptography, hybrid encryption and blockchain techniques on cloud-based solutions.