Dr. ing. Marco Lisi(marco.lisi@ieee.org)

Master di II Livello in "Homeland Security"Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013

SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS

2

Introduction All critical infrastructures of our society rely on ICT

systems, rendering them more intelligent but more vulnerable at the same time

Cybercrime caused about US $67 billion to US companies in 2004, according to an estimate based on the Federal Bureau of Investigation’s 2005 Computer Crime Survey

A 2011 report commissioned by the UK Cabinet office estimated cybercrime’s annual cost to the UK to be to be £27bn (about 1.8% of GDP)

Information security is a “must have” option not only for “dual use” systems, but in general for all those systems constituting critical infrastructures or devoted to emergency services, disaster recovery, crisis management, homeland security, environment monitoring and control

3

Projects and Systems Evolution 

4

Products vs. ServicesCars

Highways

Trains Railways

Stations Parking areas Aircrafts Airports Ships Etc.

5

From Platforms to Service Systems

How Technology Almost Lost the War: In Iraq, the Critical Networks Are Social — Not Electronic

WIRED MAGAZINE: Wired Issue 15.12

The future of war began with an act of faith. In 1991, Navy captain Arthur Cebrowski met John Garstka, a captain in the Air Force, at a McLean, Virginia, Bible-study class. The two quickly discovered they shared more than just their conservative Catholic beliefs. They both had an interest in military strategy.

(…) Over the next several years, the two men traded ideas and compared experiences. They visited businesses embracing the information revolution, ultimately becoming convinced that the changes sweeping the corporate world had applications for the military as well.

(…) In an article for the January 1998 issue of the naval journal Proceedings, "Network-Centric Warfare: Its Origin and Future“, they not only named the philosophy but laid out a new direction for how the US would think about war.

Their model was Wal-Mart. Here was a sprawling, bureaucratic monster of an organization — sound familiar? — that still managed to automatically order a new lightbulb every time it sold one. Warehouses were networked, but so were individual cash registers. So were the guys who sold Wal-Mart the bulbs. If that company could wire everyone together and become more efficient, then US forces could, too.

8

From Network‐Centric Warfare Systems…

9

…To Network‐Centric “Welfare” Systems

10

How many more disasters like these can we tolerate? 

11

Net‐Centric Emergency Response System

12

Large and Complex Systems (1/2) A large and complex system is a system composed of

a large number of interconnected elements, often developed and deployed worldwide, which interact dynamically, giving rise to emergent properties

Examples of complex systems for civil applications include: global satellite navigation systems air traffic control systems railway control systems space systems such as the International Space Station or

space transportation and exploration vehicles surveillance, Earth observation and Homeland security

systems electric power distribution systems telecommunication systems complex computer networks, including Internet.

13

Large and Complex Systems (2/2) A complex system often integrates existing systems

(or parts of them) in an overall large-scale architecture (“System of systems”) containing a large number of interfaces and implementing multiple modes of operation, in a highly dynamic environment

Large and complex systems require extensive logistics and maintenance support capabilities

Large and complex space-based systems (e.g. Galileo) are conceived to be in service for a long time; in this case the evolution of the system (up-gradings and modifications) has to be taken into account from the beginning.

14

Characteristics of Service Systems Large and complex systems Software intensive (several million lines of code) Capabilities-based rather than platform-based Organization and governance (human factor) Technical performance is a prerequisite for

production and delivery of services, not a final objective

Requirements related to operations, in addition to technical ones, assume a very high relevance:

Quality of Service (QoS) FlexibilityReliability, Availability, Continuity ExpandabilityMaintainability InteroperabilitySafety ResilienceSecurity

15

"Systems of Systems" and Information Security Security standards often demand that a system be

disconnected from all networks before it can be given the highest security rating

In a “system of systems”, based on an “open” architecture, trusted and untrusted domains need to co-exist and operate together

A connected machine (or system) is a vulnerable machine (or system). But a “system of systems” is inherently “network-centric”

This apparent contradiction must be resolved, finding the optimum balance between protection of information and availability of it

Need for security certification standards, encryption techniques, “air gap” and firewall technologies, secure gateways and network routers

16

The Common Criteria Standard• The Common Criteria (ISO/IEC

15408-2005) define the international standard for performing and documenting the security certification of an ICT system

• The Common Criteria define a set of seven “Evaluation Assurance Levels”

• An EAL 1 Common Criteria Evaluation requires a small set of assurance activities and provides a relatively low level of confidence in the product protection, whereas an EAL 7 Common Criteria Evaluation requires a large set of activities which provide a very high level of confidence.

17

Common Criteria Evaluation AssuranceLevels (EAL’s)

EAL1 - functionally testedEAL2 - structurally testedEAL3 - methodically tested

and checkedEAL4 - methodically designed,

tested and reviewedEAL5 - semiformally designed

and testedEAL6 - semiformally verified

design and testedEAL7 - formally verified

design and tested

18

Common Criteria Certification: Open Issues• Long time required for the execution of the

evaluation/certification process • High cost of the evaluation/certification process• Need for “air-gap” technologies at the boundaries

between trusted and untrusted domains• Availability of jointly certified hardware and

software platforms • Severe limitations in the use of commercial off-the-

shelf (COTS) software products• Limitations in the use of commonly adopted

communications protocols (e.g. TCP/IP) • Loss of certification because of minor modifications

or obsolescence of both hardware and software• Need for “encapsulation” techniques for the

utilization of non-certified components

September 13 Page 19

Conclusions In today’s world the demand for safety, security

and value-added services is increasing at a very fast pace

This implies the development of complex, integrated, highly networked systems or “systems of systems”

The “network-centric” paradigm, originally conceived for military applications, is progressively migrating towards “welfare” applications, such as safety, security, environment protection and monitoring

As technology and communications become commodities, value-added services will be provided in the future by ever more complex systems, based on network-centric architectures

Dr. ing. Marco Lisi(marco.lisi@ieee.org)

Master di II Livello in "Homeland Security"Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013

SECURITY IN SATELLITE SYSTEMS

26/09/2013

Summary All critical infrastructures of our society rely on ICT

systems; their confidentiality, availability, integrity, continuity and quality of service have to be guaranteed and protected

Satellite systems, integrated into world-wide ICT infrastructures, are more and more vulnerable to intentional and non-intentional threats

Satellite security is often limited to encryption and anti-jamming technologies, but satellite ground segments are exposed to the same type of threatstypically experienced by terrestrial information systems

Information security is no longer a “nice to have”,but rather a “must have” option.

26/09/2013

Satellite Integration in Network‐Centric Architectures

26/09/2013

Satellite Pirating

The most famous case of satellite pirating is that of John MacDougall, alias “Captain Midnight”, who was able in 1986 to superimpose his messages onto a commercial DTH TV channel. 

26/09/2013

Satellite System Components and Links

26/09/2013

Unintentional Threats to Satellite Systems

26/09/2013

Intentional Threats to Satellite Systems

26/09/2013

Satellite Systems: Threats and Countermeasures

26/09/2013

Spacecraft Communications Infrastructure

26/09/2013

Space Communications Standards

The European Space Agency (ESA) is integratingsecurity features into its space communicationsstandards

ESA communications with its spacecrafts are basedon the CCSDS (Consultative Committee for SpaceData Systems) Packet TM/TC Protocol Family, thatdoes not presently integrate default securityfeatures

CCSDS, however, has proposed new standards (SpaceCommunication Protocol Standards, SCPS) providingbuilt-in security support functions.

26/09/2013All rights reserved © 2007, Telespazio

Conclusions In a network-centric perspective, satellite systems

need to incorporate standardized and certifiable approaches to information security

So far information security has been perceived as a customized add-on, leading to a variety of security requirements and to a number of proprietary solutions, adopted by space agencies and industries

Certification standards and security solutions for network-centric military systems can be effectively applied to complex, network-centric satellite systems

Information security features, including encryption, keys management and conditional access control, will have to be designed into the network from the beginning, as an integral part of it.

Navigation solutions powered by Europe

The Galileo System, Servicesand Security Accreditation

Dr. ing. Marco LisiEuropean Space Agency

Special Advisor to the European Commissionand to the European GNSS Agency

Summary • EGNOS and Galileo are the key elements of the European

navigation “system of systems”, a strategic and critical infrastructure of the European Union;

• The Galileo global navigation satellite system, joint initiative by the European Union and the European Space Agency, is one of the most ambitious and technologically advanced service systems being developed in Europe, by European industries and with European resources;

• While the system procurement and deployment proceed following an incremental Implementation Plan, all steps are being taken for the delivery of Early Services;

• After a political decision of Vice-President Antonio Tajani, then included by President Manuel Barroso in the agenda of the European Commission, Galileo will start officially delivering Early Services, i.e. the guaranteed and committed delivery of capabilities to the community of potential customers/users, as from the end of 2014.

Galileo Implementation Plan

The Galileo Constellation

Galileo IOV Spacecraft

Galileo FOC Spacecraft

Galileo Services

From a System…

38

…to a Service

39

European GNSS Agency (GSA),Prague

Galileo Service Centre, Madrid

Early Services Task Force

Galileo System Infrastructure

Galileo Security

Monitoring Centre

Galileo Deployed Configuration

Galileo Service Centers in Europe

Galileo Stations for Early Services

43

GALILEO: The System

toexternalService

Providersand otherentities

~ 40 GSS

Constellation - 30 MEO Satellites

ERIS - External Regional Integrity Systems

GCS - Galileo Control System

GMS - Galileo Mission System

GSS - Galileo Sensor Stations

MDDN - Mission Data Dissemination Network

NRS - Navigation Related Service

PRS - Public Regulated Service

SAR - Search And Rescue

SDDN - Satallite Data Dissemination Network

TT&C - Telemetry, Tracking and Telecommand

ULS - Up-Link Station

Galileo Control Centre 2 (GCC2)(geographical redundant)

Galileo Control Centre 1 (GCC1)

ERIS13 m antenna

TT&C S-band Up-linkMission C-band Up-link

(Nav/Integ/SAR/NRS/PRS)5 combined Galileo Up-links Sites

(global coverage)

Total: 5 S-band heads Total: at least 31 C-band heads

Mission C-band Up-link(Nav/Integ/SAR/NRS/PRS)

+ 4 dedicated Mission Up-linksSites

... Direct C-band Up-linksfor Integrity

SDDN MDDN/ ULS Network

MDDN/ GSS Network

Elements of GCS and GMS

Elements of GMS

Elements of GCS

Ground Control and Mission Segments Facilities

44

The Galileo “System of Systems”

45

Galileo Security Doctrine

46

Accreditation Core ActivitiesAccreditation Authority

Security Accreditation Board (SAB)Galileo Security Accreditation Panel (GSAP)Crypto Distribution Authority (CDA)

System accreditationSystem design reviewSystem auditsVerify that all Galileo security requirements are met

Site accreditationAudits and on-site inspectionsEnsure that local security requirements are met

ComponentsReview Security TargetsFollow evaluation and certification process

PRS User SegmentPRS receiver certification, evaluation and accreditationPRS manufacturers accreditation

47

Available GNSS (GPS) Jammers

48

Susceptibility to Interference/Jamming

Conclusion

49

Galileo is readyand

eager to serve