German Federal Office for Information Security (BSI) published basic requirements for cybersecurity of space infrastructure facilities. The document was developed for about a year with the participation of the Airbus Defense and Space division, the German Space Agency and the German Aerospace Center.
The manual, which describes the mechanisms for protecting information at the stages from production to operation of satellites, classifies attacks and protective measures into levels from “normal” to “very high”. “Normal” damage corresponds to damage of a limited nature, as a result of which the system remains controllable. “High” degree of damage “may significantly limit the operation of the satellite system”. A “very high” level attack can lead to a complete shutdown of the system, as well as present “an existential threat of catastrophic proportions to the operator or manufacturer”.
The document lists activities at the main stages of the satellite life cycle: design, testing, transportation, commissioning and termination. It is noteworthy that the responsibility for the cybersecurity of the spacecraft is not removed from its owner even after the spacecraft is turned off: the satellite may contain secret data, and at the end of its operation it will be required to monitor it.
The authors of the instructions have no illusions and note that 100% security remains unattainable even if all requirements are met. They remind that the number of various cyber attacks is constantly growing, and the identified vulnerabilities are being exploited by attackers faster and more intensively. Satellite communications are no exception – in March, the Viasat network reported attacks on its resources.
If you notice an error, select it with the mouse and press CTRL + ENTER.