Civilian space assets are more and more providing critical services to society, such as navigation or earth observation, and thus are becoming attractive targets for cybercriminals. Like other major businesses, the European Space Agency had to adapt secure software development lifecycles for its vital data systems in order to reduce the risks resulting from application layer attacks. Thanks to its good reputation for security and governance services at ESA, Telindus was chosen to help deliver an important tool to efficiently implement the secure software engineering standard in the Agency.
Information Security is a topic of growing importance for ESA in all areas of space mission systems development and operations. For ESOC as the operational centre of ESA, secure software engineering related to critical data systems, such as spacecraft control systems, is very relevant. Thus, ESOC was looking for industrial partners to study the inclusion of a secure software development lifecycle (SSDL) into their software development processes. "This happened in the scope of the Luxembourg Task Force study programme, which is a collaboration between the Luxembourg government and ESA. It has the objective to raise the familiarity of the Luxembourg industry with space-related activities and increase the competitiveness of Luxembourgish companies in that field", says Daniel Fischer, Data Systems Manager at European Space Agency. "Telindus was selected as industrial partner for the activity in the context of this programme because of its experience in software security and the overall quality of the proposal."
«The Telindus team proved to be a very reliable, professional, and flexible partner throughout the execution of the project, which became the Generic Application Security Framework, GASF. The team was not only able to achieve the objectives of the project but to exceed them in a number of aspects», Daniel Fischer witnesses. The development of the GASF enables new capabilities, which need to be tightly integrated into the existing software development processes. Such activities require constant interaction between ESA and the industrial partner in order to achieve the most optimal result. This goes beyond traditional development projects that are mostly driven by fixed requirements with limited space for change during the project execution. «The Telindus team understood this specific need very well and was committed to develop a constructive and interactive working relationship with the ESA Technical Officer. These open interactions often led to modifications of the project activities and even to the identification of additional features for the project, which the Telindus team took aboard even if this meant additional effort. This was very much appreciated by ESA and showed Telindus’ commitment to the activity», says Mr Fischer. «One driver for this is also that Telindus will be able to re-use the developments made within the GASF project also in other markets outside the space domain. As such, the project constitutes a positive endeavour for both partners», he adds.
The main results of the GASF study project are a secure software development process framework, a software tool, and a security requirements catalogue. This portfolio enables the specification of software security requirements for ESA data systems, taking into account their sensitivity, project needs, and deployment environments. It supports the integration of security aspects into ESA software development activities without creating unnecessary overhead for the ESA technical officers or the industrial software developers.
''The Telindus team understood our specific need very well and was committed to develop a constructive and interactive working relationship with ESA.''
DANIEL FISCHER - Data Systems Manager ESA