PUC3: Cyber-physical attack in the ground segment of NOA, Athens

The pilot activities of the National Observatory of Athens (NOA) were conducted in two phases: an Operational Test was organized in March 2022, for the installation and testing of the 7SHIELD first prototype, followed by the official Demonstration of the final system which took place on 29 September 2022.

The pilot demo site was the Ground Segment of NOA that is located on top of a hill in the region of Penteli, Attica. NOA is the oldest research institution in Greece, and it owns state-of-the-art scientific equipment and space-based monitoring and acquisition infrastructure, providing observations and operational services to public authorities and decision makers in charge of citizens protection against natural disasters. The critical infrastructure of NOA includes the Newall telescope of Penteli’s astronomical station, an X-/L-band antenna and processing, archiving, and cataloguing facilities for handling in real time image data from satellite missions such as MODIS, Suomi NPP, NPOESS, and NOAA, a Meteosat 2nd Generation SEVIRI antenna and archiving facility for the reception of EUMETSAT data, meteorological stations, data centres, cloud and computing infrastructure. The protection of the institution’s CI against cyber and physical threats is of critical importance for the seamless provision of the services to stakeholders on a 24/7/365 basis.

To demonstrate the 7SHIELD Key Results at NOA’s Ground Segment, three attack scenarios were simulated with the help of NOA’s operators, the technical partners responsible for developing the 7SHIELD security technologies, and the First Responders. The attack scenarios included a cyber-attack and two hybrid (cyber-physical) attacks.

Simulation of a DDoS attack on NOA’s mirror satellite ground station service

In the first demo scenario we simulated a Distributed Denial of Service (DDoS) attack on a replica of the web application of the mirror satellite ground station service operated by NOA, namely the Copernicus Scientific Data Hub service (https://sentinels.space.noa.gr/dhus/#/home). DDoS is a common type of attack that can cause severe downtime of servers and disruption of critical operational services to end-users, which in the case of NOA include fire brigades, civil protection authorities, Copernicus stakeholders and more.

In this scenario we managed to successfully demonstrate several Key Results including the Secure Authentication Mechanism, the Cyber-attack Detection Framework, the Emergency Response Plans, the Service Continuity Scenarios and the User Interfaces of the Control Room – namely the Cyber Physical Threat Monitoring dashboard, ENGAGE, and Grafana.

Intrusion at NOA’s premises in Penteli combined with cyber-attacks

In this scenario we simulated a hybrid attack where two unauthorised persons gained access to NOA’s premises, blending in a guided tour at the Newall telescope Visitor Center. The physical intrusion was followed by two parallel attempts to cause damage to the IT infrastructure of the Institute for Astronomy, Astrophysics, Space Applications and Remote Sensing (IAASARS), which supports the Ground Station’s operational services. Four different events were detected with the help of the 7SHIELD cyber and physical detectors and were correlated to produce a high severity alert for hybrid attack, which initiated the execution of the emergency response actions.

The scenario was successfully executed and the performance of various Key Results was tested, including the Face Detection and Face Recognition technology, the Video-based Object Detection and Activity Recognition technology, the Cyber-attack Detection Framework, the Combined Cyber-Physical Threat Detection and Early Warning module, the Crisis Classification Module, the Tactical Decision Support System, the Social Awareness and Warning Message Generation technology, the Emergency Response Plans and the main dashboards of the Command and Control Room.

RF interference with jamming device

Radiofrequency interference has been an issue for several years affecting sensing equipment in Penteli. It is usually unintentional caused by transponders of mobile network companies installed in Ymittos mountain, which is close to NOA’s Ground Segment. It can also be malicious in the form of intentional spoofing or jamming – as in the case of this simulated scenario – and it can lead to reception of corrupted satellite images and degradation of important services such as wildfire monitoring. NOA depends on the Hellenic Telecommunications and Post Commission (EETT) to resolve such an attack, as the competent authority for earth stations at national territory.

In this scenario we simulated a small-scale RF interference attack with the use of a small jamming device, owned and operated by the team of EETT, which participated in the scenario both as an attacker and as a first responder. EETT successfully demonstrated the spectrum monitoring equipment and countermeasures applied in such attacks. The jamming was detected with the help of the 7SHIELD cyber-attack detectors and correlators and it was mitigated executing the steps of the Emergency Response Plan. The scenario also demonstrated the Crisis Classification module, the Tactical Decision Support System, the Service Continuity Scenarios and the User Interfaces of the Command and Control Room.

PUC4: Threat detection and mitigation on the ICE Cubes Service

SPACEAPPS operates the International Commercial Experiment Cubes (ICE Cubes) Service on the Columbus module of the International Space Station (ISS). The ICE Cubes Service allows any organization or individual to perform experiments on the ISS by providing a simplified and commercial access. The ICE Cubes Facility on the ISS consists of a framework accommodating Experiment Cubes in the CubeSat format, with up to 20 single-unit or smaller multi-unit cubes, and provides power and data. Customers develop their own Experiment Cubes using commercial off-the-shelf components and following a set of safety and interface requirements. The ICECubes Service has been operating since 2018 and is mainly run from the ICE Cubes Control Centre located at Space Applications Services headquarters.

The official demonstration of ICE Cubes pilot was held on 13^th of December 2022,  which was the third and last demonstration of the 7SHIELD project.

During the demonstration of 7SHIELD in the ICE Cubes control center, three cyber attack scenarios were performed on the infrastructure. The scenarios “User Login Protection”, “DoS on Telemetry Server”, and “Detection and Prevention at the Edge” provided a comprehensive evaluation of different aspects of the system’s security. The “User Login Protection” scenario tested the protection of user access, as well as the modules of 7SHIELD supporting the prevention of cyber attacks. This includes the modeling of the ICE Cubes infrastructure, the analysis of vulnerability and cascading effects reported by 7SHIELD. The “DoS on Telemetry Server” scenario assessed the system’s ability to withstand a Denial of Service attack on its telemetry server, which is critical for the proper functioning of the ground segment. The “Detection and Prevention at the Edge” scenario evaluated the system’s ability to detect and prevent potential security threats at the network edge, within a multi-tenant customer experiments equipment, where data is the most sensitive.

By demonstrating these scenarios on the ICE Cubes infrastructure SPACEAPPS was able to demonstrate the comprehensive 7SHIELD framework. Some of the unique features that add value to SPACEAPPS ground segment security include: a comprehensive risk assessment, vulnerability reporting, operations continuity support. It also demonstrated that 7SHIELD’s approach is flexible, it can be adapted to different scenarios and environments.

https://www.spaceapplications.com/

PUC5: Cyber-attack on the ONDA DIAS platform

The first Operational Test, implemented by Serco together with other 8 7SHIELD partners, consisted in the simulation of 3 types of cyber-attacks (Man in the Middle, Denial of Service and Ransomware) to the ONDA DIAS Cloud infrastructure. The ONDA platform was updated in order to use the modules for preventing, detecting and reacting to any cyber-attack developed in the 7SHIELD project. 9 Key Results were tested, and the technologies provided by the 7SHIELD framework demonstrated to offer a complementary protection to the currently adopted detection methodology already in operation. 

From 19 September to 22 October 2021, Serco tested the first prototype of the 7SHIELD framework in a Ground Segment operational environment (ONDA DIAS cloud infrastructure).

ONDA is the Serco DIAS (Data and Information Access Services) platform enabling users to host data and to build their applications in the Cloud. The Serco Ground Segment is therefore represented by the set of infrastructure, equipment and functions that allow the processing, archiving and dissemination of Satellite data. In particular, the data archiving function has the objective to store and preserve the mission products for the long term. As a consequence, data security and privacy protection issues are relevant to both hardware and software in the ONDA service architecture.

---

Training platform

During the course of the 7SHIELD project, the 7SHIELD Training Platform has been released to support current and future end-users (both GS operators and stakeholders) to familiarise with the benefits and capabilities of the 7SHIELD platform.

It provides a general overview of the 7SHIELD framework for stakeholders as well as detailed online User Manuals for the efficient use of the 7SHIELD framework for the operators.

The 7SHIELD Training Platform is organized in four modules. Each module is complemented by video tutorials to describe relevant aspects of the tools and by the extract of the webinars that were implemented during the project development to support Ground Segment’s Operators.

The 7SHIELD Training Platform will be maintained accessible at least until March 2024.

If requested, SPACEAPPS can coordinate dedicated webinars and training sessions with the participation of the partners. This will be agreed with the partners case by case.

To access the 7SHIELD Training Platform, please visit the 7SHIELD Web page, or this use this direct URL:

https://7shield.spaceapplications.com/

---

Past Events

We are delighted to present the latest past events in which 7SHIELD partners have been actively involved.

7SHIELD Info Day

The 7SHIELD Info Day took place on 14 December 2022 in Brussels, Belgium, with a hybrid format (in presence and online).

The objectives of the event were to describe the achievements of the project, show the results that were obtained in real conditions through the five Space Ground Segments acting as Pilot Use Cases, and raise the interest in the value and exportability of the 7SHIELD system in different contexts.

With these goals in mind, the agenda of the Info Day was purposely conceived as a series of interactive sessions requiring the active involvement of participants and allowing intercommunication among the attendees. A special focus was also given to the 20 Key Results that were discussed and presented throughout the day.

104 persons registered to the event, including 38 external stakeholders, with an 80% rate of attendance and 60% of them participated in presence.