Civilian space assets are more and more providing critical services to society, such as navigation or earth observation, and thus are becoming attractive targets for cybercriminals. Like other major businesses, the European Space Agency had to adapt secure software development lifecycles for its vital data systems in order to reduce the risks resulting from application layer attacks. Thanks to its good reputation for security and governance services at ESA, Telindus was chosen to help deliver an important tool to efficiently implement the secure software engineering standard in the Agency.
Including a SSDL into ESA's software development processes
Information Security is a topic of growing importance for ESA in all areas of space mission systems development and operations. For ESOC as the operational centre of ESA, secure software engineering related to critical data systems, such as spacecraft control systems, is very relevant. Thus, ESOC was looking for industrial partners to study the inclusion of a secure software development lifecycle (SSDL) into their software development processes. "This happened in the scope of the Luxembourg Task Force study programme, which is a collaboration between the Luxembourg government and ESA. It has the objective to raise the familiarity of the Luxembourg industry with space-related activities and increase the competitiveness of Luxembourgish companies in that field", says Daniel Fischer, Data Systems Manager at European Space Agency. "Telindus was selected as industrial partner for the activity in the context of this programme because of its experience in software security and the overall quality of the proposal."
Integrating security while reducing complexity
The main results of the GASF study project are a secure software development process framework, a software tool, and a security requirements catalogue. This portfolio enables the specification of software security requirements for ESA data systems, taking into account their sensitivity, project needs, and deployment environments. It supports the integration of security aspects into ESA software development activities without creating unnecessary overhead for the ESA technical officers or the industrial software developers.
The benefits for EUROPEAN SPACE AGENCY
Governance enforced SSDLC that works with and enhances the European Cooperation for Space Standardization (ECSS) standards
GASF Tool permits to efficiently handle requirements selection and to bring crucial security information to software developers
Improvement of the general security and reliability of the operational data systems
Reduction of the complexity of the integration process
Discover their story
Download the Business Case
The Telindus team understood our specific need very well and was committed to develop a constructive and interactive working relationship with ESA.