Second Newsletter (Part 1/3)
Dear Reader,
We are delighted to present you the second newsletter of the Horizon 2020 project 7SHIELD – “Safety and Security Standards of Space Systems, ground Segments and Satellite data assets, via prevention, detection, response and mitigation of physical and cyber threats” (https://www.7shield.eu/).
This newsletter has the following outline:
Status of the Project
The 7SHIELD project is slowly coming to its final stage. At the end of February 2023, the consortium plans to complete works related to the project.
In more than 2 years of activity, the project partners participated in 39 international Conferences and Workshops, and in 66% of these events they provided presentations to promote 7SHIELD.
This issue of the Newsletter brings you the main outline of the period.
Successful integration of 7SHIELD
The consortium reached a new milestone with the successful integration of 32 Modules within the 7SHIELD framework which implement the 20 Key Results (Figure 1). Specifically, the 7SHIELD framework integrates several cutting-edge technologies from multidisciplinary and complementary fields which might be classified through the following main seven (7) thematic categories:
- Internet of the Things
- Sensors Technologies
- High level Analytics
- Decision Support Systems
- Crisis Management
- Situation Awareness
- Semantic Reasoning
The 7SHIELD exploits the advances on the Internet of Things (IoT) and sensors technology to deploy various types of sensors (CCTVs, UAVs, thermal and infrared cameras, laser-based tools etc.) and security probes from cyber world, that enable them to detect efficiently events or changes in the environment that hosts the services or the services themselves. Innovative AI along with deep learning technologies have been adopted to develop powerful detection modules (Detection Layer) that enable the identification of abnormal events, and cyber/physical threats. High-level analytics and semantic reasoning can seamlessly correlate the detected events, so as to identify potential complex cyber, physical and/or hybrid attacks, as well as to update the crisis managers and operators on the situational picture of their Critical Infrastructures (Situational Picture Layer). Furthermore, an advanced level of data-driven decision-making services have been developed, in the Service Layer, which can be utilized by the experts to prevent and enrich preparedness through e.g. risk assessment (pre-crisis), respond, manage (during the crisis), and mitigate (post-crisis) the threats associated with cyber-physical attacks in the Satellite Ground Segment domain. The provided technologies and services have been integrated in a harmonized way in the 7SHIELD Command Control and Coordination System (C3) which provides an advanced Security Information Management system equipped with Interactive User Interfaces and suited to support the Ground Segments of Space Systems operators.
In order to ensure all the 7SHIELD framework’s module work together synergistically and effectively to achieve their own aims, a global logical and layered architecture was defined first (see figure 1) and then, it was implemented according to the “event-driven” interoperability paradigm. This type of paradigm improves the overall system accessibility and allows more independent integration of the different modules into one unified system which provides reliable and asynchronous interaction for data exchange. In a system based on an event-driven architecture, such as 7SHIELD framework, it is essential to provide asynchronous communication between all the system components. In order to correctly manage the data exchange for communication and interoperability between the modules of the framework, a “message broker” has been used within the architecture to ensure stable and reliable communication between the components. In addition, a broker must also ensure that messages are handled and monitored within the system and delivered without loss in the same order as sent. For this purpose, as a message broker was chosen Apache Kafka (https://kafka.apache.org/) that is the most popular open-source stream-processing software, most known for its excellent performance, low latency, fault tolerance, and high throughput. Taking all aspects into consideration, Apache Kafka was adopted to handle asynchronous communication between the 7SHIELD framework’s modules. The event-driven pattern-based architecture of 7SHIELD is summarized through Figure 2, which represents the integration architecture between the components in their relative architectural layers which are interconnected with each other, communicate through the message bus and each manage the own relevant data. It is highlighted the major interactions among the prevention (as known as « pre-crisis management tools «), detection (as known as « crisis management tools «), response and mitigation (as known as « post-crisis management tools «) modules according to the logical architecture. In this light, they can act as “event producer” which detects or senses an “event” (any significant occurrence or change in state for system hardware or software) and publish/notify it as a message, while an “event consumer” is subscribed to a relevant topic, waiting for a message. As soon as the producer publishes the message on the relevant topic, a consumer is notified, and it can process the message further.
Moreover, the framework was further validated in five substantial pilots:
- ONDA Copernicus DIAS platform (SERCO, Italy) in October 2021 (1st operational trial)
- ICE Cubes Service onboard the ISS (SPACEAPPS, Belgium) in November 2021 (2nd operational trial) and December 2022 (3rd final demo)
- NOA Ground Segment (NOA, Greece) in March 2022 (3rd operational trial) and September 2022 (1st final demo)
- DEIMOS Ground Segment (DEIMOS, Spain) in May 2022 (4th operational trial)
- Arctic Space Centre (FMI, Finland) in November 2022 (2nd final demo)
Finally, in Table 1 below, is shown the list of the 32 Modules implemented within the 20 Key Results per each Critical Infrastructure Protection phase.
As main results of pilots’ execution and validation, during the second period of the project we demonstrated and achieved the following:
- diversity and complementarity of user requirements enabling true convergence of cyber and physical security
- variety of high-impact threat scenarios to SGS CIs
- concrete examples of the threats and attacks for which 7SHIELD delivers efficient support
Pilot tests and demonstrations
The developed technologies and 7SHIELD platform have been tested in five Pilot Use Cases (PUC) via real exercises involving physical, cyber and combined cyber/physical (hybrid) attack scenarios:
- PUC1: Physical Attack in Arctic Space Centre in Sodankylä, Finland, led by FMI
- PUC2: Cyber-physical attack in the Deimos ground segment in Spain, led by Deimos
- PUC3: Cyber-physical attack in the ground segment of NOA, Athens, led by NOA
- PUC4: Threat detection and mitigation on the ICE Cubes Service, led by Spance Applications Services
- PUC5: Cyber-attack on the ONDA DIAS platform, led by SERCO
Moreover, during the autumn of 2022, the 7SHIELD project organised its three final pilot demonstrations which involved PUC1, PUC3 and PUC4. The pilot demonstrations had the objective to showcase and evaluate the effectiveness of a holistic security framework developed by the 7SHIELD partners, which enables Space Ground Segment operators to confront complex threats by covering all the macro-stages of crisis management, namely pre-crisis, crisis and post-crisis phases.
The 7SHIELD pilot demonstrations were public events open to any organization or individual interested in the security and resilience of Critical Infrastructure.
The following sections provide a summary of the testing and demonstration work.
PUC1: Physical Attack in Arctic Space Centre in Sodankylä, Finland
The Arctic Space Centre is Finland’s primary infrastructure for utilization of Earth Observation data for operational services and research of the Arctic environment. The centre operates a satellite ground station in Sodankylä, Finland (67° latitude) focusing on fast delivery of remote sensing products for operational safety critical services and support of scientific research of the Arctic environment and atmosphere. The ground station consists of four satellite antenna systems capable of receiving data in X/L/S bands and transmitting on S band and high-performance computing and data storage infrastructure.
The official demonstration of FMI pilot was held on 10th of November 2022 and live streamed on YouTube channel: (https://fmiarc.fmi.fi/7shield).
The weeks before the event was dedicated to intensive testing and installation of equipment to ensure smooth piloting but some equipment had already been tested over a year to verify the usability of the equipment in the harsh environmental conditions of the Arctic Circle.
Darkness and harsh winter conditions with snow and ice provided a perfect test environment for equipment targeted to work outdoors as well as to sensors and software that in normal conditions have better lighting conditions.
Demonstration was represented as three scenarios where GS infrastructure was tested from unintentional perimeter breach to harmful activity near GS assets. The scenarios were selected as possible real and most likely threats being “Unknown person is moving towards the GS area”, “Unauthorized persons try to access the GS infrastructure” and “Hostile UAV enters the GS airspace”.
As information sources, the scenarios included face detection and recognition, UAV edge processing, multi-modal automated surveillance, laser-based detection and UAV neutralization mechanism.
The 7SHIELD demonstration at Arctic Space Centre showed and evaluated the effectiveness and usability of different innovative technologies to prevent, detect and respond to threats targeted against satellite ground stations operating in Arctic conditions. The demonstration focused on physical threats and all the physical devices were connected to 7SHIELD system that provided real-time situational picture to satellite ground station operator. In addition, the system was embedded with activity recognition software and event correlation modules making the deciding easier and faster for the satellite operator and ground station security personnel. During the pilot, several state-of-the-art techniques and devices were demonstrated to prevent, detect, response and mitigate ground-borne and air-borne threats targeted to critical infrastructure.
PUC2: Cyber-physical attack in the Deimos ground segment in Spain
During the months of May and June 2022, it was carried out in Deimos (@Puertollano site) the integration and operational tests of 7SHIELD crisis management modules against Cyber-physical attacks. To this end, Deimos team proposed different test scenarios in which, for the first time, the real-time operational capabilities of all integrated modules would be checked.
The facilities of the DEIMOS Elecnor Group in Castilla La Mancha are about 4000 m2, of which about 100 m2 correspond to satellite control center and data and communications centers. The ground stations are located on an external plot with a fence for each antenna.
In these facilities Deimos launches and develops space systems projects from their phases of feasibility studies to their launch into orbit and exploitation. These facilities also include the Ground Segment developed during the DE-2 satellite project and currently supporting several ESA missions and private operators.
DEIMOS offers a variety of services related to ground segment systems: satellite control center, data download center, hosting of antennas of private companies, etc.
From all the scenarios designed and proposed by the Deimos team, the following were selected to test 7SHIELD performances and its associated operational procedures:
- Cyber-physical attacks: Improper access to the facilities and potential damage to the Data Centre. This is a Hybrid Scenario to check the capability of the system to work against various threats of different nature.
- Cyber-attack: Unauthorized access to a virtual machine. It is a pure cyber-attack scenario designed to test detection capabilities, reaction speed and blocking attacks on Deimos’ computer systems.
- Physical attack: Malicious access to the perimeter of the ground station. It is a physical scenario designed to verify the performance of some of the components of 7SHIELD to detect in time the entry of unauthorized persons in critical areas of the Deimos facilities.
The pilot operational test at Deimos Ground Segment was the last one in the schedule before the demonstrations, and it offered the last opportunity to integrate and test modules not tested in previous pilots. In total, 18 modules were involved in the test scenarios, including one that had never been tested before and two video processing modules that had been tested in a previous pilot using recorded video were tested for the first time using real-time video stream from Deimos Ground Segment surveillance cameras.
As a result of these tests, the 7SHIELD technical partners obtained a lot of data and information on how to improve the interoperability and performance of the 7SHIELD modules in the final system, in view of the final pilot demonstrations in Greece, Finland and Belgium.