Space-Cyber: So You Think You Are Resilient?
Space has entered a new era with rapid commercial advancements in technology. But as we extend our reach into the cosmos, we must also address the pressing issue of cyber resilience.
Share This Article:
Originally published in Top Cyber News Magazine.
You have probably come across the term “cyber resilience” before. It is a hot topic across all critical infrastructure sectors and is becoming increasingly important, especially in the space industry. The reliance on interconnected systems in space infrastructure raises concerns about potential cyber attacks that could compromise critical missions.
Whether you are involved in the operations of the ground or space segment, or you are selling space technologies that aim to support these operations, cyber resilience is crucial to ensuring your business and your services are sustainable in any event.
But what exactly is resilience and how do you assess it?
If you or anyone you know is selling a ‘resilient’ solution, this is the first question you need to ask. It is crucial to distinguish between security and resilience as they are not the same! Whilst security or compliance aim to assure your business and make your solution more robust, resilience instead aims to sustain your core operations in a degraded state.
Resilience in space systems can be defined as “the ability of a space system, including its services, sub-components, and supporting functions, to anticipate, react to, survive, recover from, and adapt to adverse events, whilst maintaining control and sustaining core operations in a degraded state”.
This is best represented by the below chart, which demonstrates the functionality of a resilient space system before, during, and after a cyber attack.
As depicted, a resilient system must be able to Anticipate threats throughout the entire cycle. This ensures that you are on-guard even during active incident response. Cyber attacks commonly use deceptive tactics to divert your attention and resources, aiming to evade detection as concurrent attacks are executed.
Once a threat is detected, a resilient system will be well-positioned to react and contain the threat before any impact is inflicted.
However, resilience assumes that your security defences will be compromised at some point, so the next step is to Survive the adverse impact. This means that your business is prepared to combat an active cyber attack and keep critical systems online, shedding less vital services and activating redundancy mechanisms to Sustain core operations.
Once the threat is contained and system stabilised, the Recover phase is about “bouncing back” and restoring full functionality, as well as post-incident analysis and effectively managing public and corporate relations.
The final step of the resilience cycle is to Adapt using lessons learned, including reassessing your cyber risk exposure and tolerance and implementing any new cyber security mitigations.
As you can see, the resilience process leans on existing security controls but is markedly different in the way it is assessed and modelled. So the next time you see a claim of being “resilient”, make sure you ask how.
Space has entered a new era with rapid commercial advancements in technology. But as we extend our reach into the cosmos, we must also address the pressing issue of cyber resilience.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.