The European Space Agency’s (ESA’s) Threat Risk Assessment on LEO Satellite Constellation (TRALEO) project is designed to gain insights into the end-to-end cyber resilience and security of low Earth orbit (LEO) SmallSats. In an extension to the second phase of the project, TRALEO-2, Starion’s cybersecurity experts are broadening the cybersecurity techniques. These enhancements will support a move towards standardised and tested security solutions, taking the project to the next level.
SmallSats, including CubeSats and nanosatellites, are increasingly being used to provide important services from space. Ensuring that both the space and ground segments of such satellites are secure is therefore essential. The TRALEO project was established to gain insights to support the detection and mitigation of cyber threats in existing missions and enhance the cybersecurity of future constellation missions.
Starion has been leading the TRALEO project since 2020, starting with a feasibility study and then progressing to study the ground and space segments of a mission operated by TRALEO project partner GomSpace, a leading manufacturer and supplier of CubeSat and SmallSat solutions. Now, in an extension to the second phase of the project, Starion’s team is using additional equipment to perform more advanced attacks, including record and replay attacks.
During TRALEO-2, Starion developed a sophisticated penetration testbed that enables real-time interactive attacks, such as man-in-the-middle and data link hijacking, as well as all types of jamming. This has been integrated with a tailored cyber-range designed and operated by Nexova, a Starion spinoff that provides cybersecurity services to critical infrastructure across Europe. This enables the simulation and repetition of attack scenarios in a hardware-in-the-loop environment. The next step is to integrate ESA’s new vector signal transceiver (VST) at ESA’s European Space Research and Technology Centre (ESTEC) into the cyber-range, with the aim of implementing, testing and validating controls at the data link layer (Space Data Link Security Protocol; SDLS).
Starion’s engineers will also be devising new attacks to test recent updates to the architecture and communications of the GOMX-4A and-4B CubeSats operated by GomSpace.
Nicola Mann, Deputy Managing Director of Starion, explained: “This extension is not just about refining the security measures for a specific system but about adopting a security-first approach and transitioning from proprietary implementations to standardised and tested security solutions. It will also enhance the operational capabilities of ESA by making the cyber-range/VST setup strategically valuable for future initiatives.
“Collaboration is essential to ensure the next generation of satellites are secure, no matter what service they are being used for, which is why we’re delighted to continue working on TRALEO with GomSpace and ESA.”
Main image: GomSpace’s GOMX-4B satellite © GomSpace