The presentation discusses the cybersecurity risks of space systems and the framework developed by Honeywell to assess these risks.
- Satellite communication systems have been found to have security flaws, which can lead to serious consequences such as disrupting onboard satellite communication and affecting human health.
- Honeywell developed a framework with five steps to assess the cybersecurity risks of space systems, which is currently being used for certification by FAA.
- The first step is to create a security architecture by defining security perimeters, identifying assets to protect, and identifying external systems and connections.
- The second step is to create a scoring of attributes by identifying attackers and assigning occurrence values, and defining vulnerabilities by identifying protections and assigning robustness values.
- The third step is to create a threat model by identifying potential threats and assigning likelihood and impact values.
- The fourth step is to perform a risk analysis by combining the scores from the previous steps and identifying high-risk areas.
- The fifth step is to develop a risk mitigation plan by identifying and implementing countermeasures.
- The framework is iterative and allows for going back and forth between steps to improve the assessment.
- The framework is scalable and can be used for cyber-physical systems such as space systems.
In 2018, security flaws in satellite communication systems were reported to have serious consequences such as disrupting onboard satellite communication and affecting human health. Honeywell developed a framework with five steps to assess the cybersecurity risks of space systems, which is currently being used for certification by FAA. The first step is to create a security architecture, which is critical to the rest of the steps. The framework is iterative and allows for going back and forth between steps to improve the assessment. The framework is scalable and can be used for cyber-physical systems such as space systems.
When you consider critical infrastructure, we rarely consider the enabling technology and systems that realize such infrastructure; such as, agribusiness' reliance on weather and climate satellites, the U.S. military's reliance on intelligence satellites, and various transportation industries' reliance on global positioning system (GPS) satellites. Most of the world's critical infrastructure relies on space systems. Despite efforts to improve the cybersecurity of critical infrastructure, there has been little focus on cybersecurity for space systems. Challenges to secure space systems included technology development, ownership, and management perspective. This leads to the lack of guidance in the form of standards that govern space system security and, ultimately, policies that enforce these standards.This presentation first discusses the recent major cybersecurity threats to space systems, and the potential motivations for cybercriminals or nation states would be interested in compromising space systems. Next, we discuss the various perspectives required to secure space systems. The majority of the presentation describes a Honeywell technique for assessing security risks for safety-critical systems like space systems. We conclude with a discussion of possible next steps in advancing cybersecurity for space systems.