Providing security for a country today means expanding the traditional Defence concept towards a global security approach, which also includes the production and use of data, cyber security, Space control, and the security of critical infrastructures. The C-SOC, the first centre in Europe that enables the identification and analysis of attacks aimed at the IT components of ESA's digital infrastructure and OT assets within missions, on the Ground and Space segments, operates in this context.
The C-SOC employs advanced functions to ensure prevention, protection, deception and analysis of cyber-attacks of Space assets, enabled by Leonardo's Cyber Threat Intelligence platform and other state-of-the-art components integrated into the system, including automated capabilities and prepared for the possible extensive use of artificial intelligence. The centre operates in a complex scenario, which may involve malicious actors with different criminal objectives, for-profit or geared to attack the critical infrastructure of an adversary country in a conflict scenario. Criminal actions may involve direct attacks, with attempts to target space assets directly, or exploit vulnerabilities in systems and networks outside them.
Active since May 2, the C-SOC was presented on May 24 to EU and NATO representatives visiting the ESA/ESEC (European Space Security and Education Centre) headquarters in Redu (Belgium). During the event, the C-SOC’s distinctive elements in the cyber threat scenario were described, for the different segments of the Space sector.
In particular, three operational scenarios were demonstrated that highlighted the C-SOC's capability to identify illicit actions and activate the appropriate response and mitigation activities, guaranteeing the adoption of the most correct and effective management procedure for each type of incident: an attack on the Ground Segment, with the attempt of hijacking a satellite by compromising a supply chain device; an attack on the Space Segment, where a satellite is directly targeted by a malicious actor, through a malicious action launched from one of its “Rogue” Ground Stations; the capabilities of the C-SOC Portable Operational Platform (C-POP), which make the services and functionalities of the C-SOC available to stakeholders, guaranteeing secure operations and data confidentiality.
A distinctive feature of the C-SOC is its resilience, which ensures the ability to continue providing the service, and thus the protection of monitored elements, even in the event of a complete unavailability of the primary system in ESA/ESEC.