Challenge
The Cosmo SkyMed and MUSIS Projects both involve verification of satellite systems’ protection from cyberattacks. The Cosmo SkyMed is a low-orbit, dual-use (civil and defence) Earth observation satellite system operating in the X-band, while MUSIS is a Multinational Space-based Imaging System for surveillance, reconnaissance and observation. Both these projects began for use in the defence sector and were subsequently applied to civil use as well.
Approach
Our involvement in the SkyMed project was in:
- Security Risk Analysis of all the system TOEs (Target of Evaluation) in order to estimate the criticality of every component regarding all security aspects (both information and physical security) defined by the National Security Authority directives and in order to define which countermeasures must be adopted in order to mitigate the identified risks
- Assistance in the definition of the System Security Requirements and redaction of Security Related documents (RSS, RISS, RSC, RESS, Security Target)
- Security Operation documents
- Redaction of requirements for remote, distributed, tactical equipment with CJTF (Combined Joint Task Force) operational focus
- Assistance throughout the whole COMPUSEC Evaluation and Certification phases. We supported the on-going certification process (one ITSEC and three Common Criteria).
For the MUSIS project, we were involved as part of the classified security design team. One of the main activities addressed was the analysis of security constraints belonging to each system, concerning the interoperability.
We proactively participated to the preliminary definition of the security architecture concerning:
- Keys’ management
- telemetry encryption/decryption
- remote control commands encryption/decryption
- image sharing and archiving
- security roles and responsibilities
- performance analysis of the possible solutions.