Serco Europe has operated in Italy for the past 30 years in providing highly specialised services for public agencies and organisations. Serco’s Italy core business field is Space, supporting the European Space Agency (ESA), the Italian Space Agency (ASI), the German Aerospace Center (DLR), European Environmental Agency (EEA) and many others to organise, maintain and process its huge volume of Earth Observation Data and to extract, manage process and archive valuable information. To support these critical operations, Serco Italy employs 250+ highly specialised staff. Serco Italy also developed a strong portfolio of competence in IT services, as the backbone of Data Exploitation and Scientific Services, an example being the Cloud, Virtual Desktop, Service Desk and many others. In December 2017, leveraging on its recognized expertise, SERCO Italy was awarded by ESA and EC to operate one of the Copernicus DIAS, called ONDA.
Role in the project
Serco is participating in 7SHIELD project, as Pilot, designing and implementing a use case targeted to stress the security of the ONDA DIAS Cloud infrastructure and applications and, as technical partner, implementing of a secure authentication mechanism for generic EO data access services. Serco will also participate to raise awareness and maximize the dissemination of the project activities and outputs by contributing to establish collaboration with other projects and organisations.
Secure authentication mechanism
The secure authentication mechanism of ONDA DIAS will be further improved from 7SHIELD novel technologies and is planned to be tested in a near-ready to market environment. This mechanism will support to (i) secure personal data storage in the system backend; (ii) secure encrypted personal data search; (iii) expressive and advanced access control over encrypted data; and (iv) secure data integrity verification.
Cyber-attack on the ONDA DIAS platform
ONDA by Serco® is a registered trademark of Serco Italia S.p.A. and is one of the five ESA Data and Information Access Services (DIAS). Serco is responsible for ONDA operations and services and is the contractual entity leading with ONDA end-users.
Space mission Ground Segment represent the set of infrastructure, equipment and functions to allow the processing, archiving and dissemination of Satellite data. The data archiving function in particular has the objective to store and preserve the mission products for the long term (i.e. a longer period than the contractual coverage of the activity). The infrastructure security problem is therefore largely impacting the performance of the afore-mentioned services but it may have critical impacts especially on Data Access and Long-Term Archive service. Indeed, in case of a major attack causing the unavailability of these services, the performance of the entirely mission is affected: e.g. in case of Data Access unavailability the users cannot have access to satellite data.
Security is the combination of confidentiality, the prevention of the unauthorised disclosure of information, integrity, the prevention of the unauthorized amendment or deletion of information, and availability, the prevention of unauthorized withholding of information.
ONDA offers free and open access to a wealth of datasets from different sources – from the Copernicus Sentinels family, to EO missions to the Copernicus Services projects – and provides, upon user registration, easy-to-use resources for accessing, downloading and processing the data and information.
All data, information, applications and transactions are securely protected and our ONDA solution provides the anti-Denial of Service (DoS) attacks.
ONDA is the Data and Information Access Service (DIAS) led by Serco Italia and is hosted in OVH. The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The attackers used an Internet of Things (IoT) botnet composed also of compromised CCTV cameras. This botnet with 145607 cameras/dvr is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.
In any case, the attack was managed by the Cloud provider OVH which, despite being severely tested, did not create inefficiencies or strong latencies to the services provided.
Application and overall impact
7SHIELD proposes a framework enabling the deployment of innovative services for cyber protection of ground segments, integrating state-of-the-art technologies with the aim to prevent, detect, respond and mitigate cyber threats to the security and, in general, the integrity of the assets and operations carried out. The security of ONDA DIAS Cloud infrastructure and applications will be stressed out during the test phase and we wish to discover vulnerabilities currently unknown to us.
Moreover, we believe that, in order to enhance the pre-crisis management for prevention of cyber threats, our ONDA ground segment can evolve to adopt the innovative Single-Sign-On (SSO) service proposed by the 7SHIELD project which should ensure secure authentication, integrity and confidentiality of end user personal data adopting the modern cryptography, hybrid encryption and blockchain techniques on cloud-based solutions.