ESA and Telindus make Europe’s gateway to space safer

Theirs goals

Civilian space assets are more and more providing critical services to society, such as navigation or earth observation, and thus are becoming attractive targets for cybercriminals. Like other major businesses, the European Space Agency had to adapt secure software development lifecycles for its vital data systems in order to reduce the risks resulting from application layer attacks. Thanks to its good reputation for security and governance services at ESA, Telindus was chosen to help deliver an important tool to efficiently implement the secure software engineering standard in the Agency.

The challenge

  • Including a SSDL into ESA's software development processes

Information Security is a topic of growing importance for ESA in all areas of space mission systems development and operations. For ESOC as the operational centre of ESA, secure software engineering related to critical data systems, such as spacecraft control systems, is very relevant. Thus, ESOC was looking for industrial partners to study the inclusion of a secure software development lifecycle (SSDL) into their software development processes. "This happened in the scope of the Luxembourg Task Force study programme, which is a collaboration between the Luxembourg government and ESA. It has the objective to raise the familiarity of the Luxembourg industry with space-related activities and increase the competitiveness of Luxembourgish companies in that field", says Daniel Fischer, Data Systems Manager at European Space Agency. "Telindus was selected as industrial partner for the activity in the context of this programme because of its experience in software security and the overall quality of the proposal."

The solutions

  • Going beyond traditional development projects

    The development of the GASF enables new capabilities, which need to be tightly integrated into the existing software development processes. Such activities require constant interaction between ESA and the industrial partner in order to achieve the most optimal result. This goes beyond traditional development projects that are mostly driven by fixed requirements with limited space for change during the project execution.

The results

Integrating security while reducing complexity

The main results of the GASF study project are a secure software development process framework, a software tool, and a security requirements catalogue. This portfolio enables the specification of software security requirements for ESA data systems, taking into account their sensitivity, project needs, and deployment environments. It supports the integration of security aspects into ESA software development activities without creating unnecessary overhead for the ESA technical officers or the industrial software developers.

The benefits for EUROPEAN SPACE AGENCY

  • Governance enforced SSDLC that works with and enhances the European Cooperation for Space Standardization (ECSS) standards

  • GASF Tool permits to efficiently handle requirements selection and to bring crucial security information to software developers

  • Improvement of the general security and reliability of the operational data systems

  • Reduction of the complexity of the integration process

Discover their story

The Telindus team understood our specific need very well and was committed to develop a constructive and interactive working relationship with ESA.

Fischer Daniel - Data Systems Manager
Download the Business Case