Attacks and Vulnerabilities
Critical infrastructure
News
Regulation, Standards and Compliance
Threat Landscape

European Commission initiates call to set up EU Space ISAC to strengthen security, resilience of space sector

October 05, 2023
European Commission initiates call to set up EU Space ISAC to strengthen security, resilience of space sector

The European Commission, with the support of the European Union Agency for the Space Programme (EUSPA), launched Thursday a call for expression of interest to set up and participate in an EU Space Information Sharing and Analysis Centre (ISAC). The proposal aims to strengthen the security and resilience of the EU space sector through the EU Space ISAC by developing the awareness and capabilities of its members, including large industrial groups. Public entities of relevance for the EU space sector are also welcome to support the creation and participation in the EU Space ISAC.

As announced in March 2023 in the EU Space Strategy for Security and Defence (EUSSSD), public entities of relevance for the EU space sector are also called to support the creation and participation in the EU Space ISAC. Among other activities, it will act as an information-sharing hub where members can exchange information and best practices related to security incidents and resilience measures. 

The EU Space ISAC will complement the network of other EU sectorial ISACs, and the call is open until Oct. 31, 2025, with multiple cut-off dates, including Nov. 3, 2023, 23:59 CET for those applying as founding participants only; Dec. 29, 2023; Apr. 30, 2024; Oct. 31, 2024, Apr. 30, 2025, and Oct. 31, 2025. 

“No doubt that cyber-security and resilience are getting higher and higher on the agenda of European space companies,” Guillaume de La Brosse, head of unit – innovation and newspace | Space Defence chez DG Defence Industry and Space of the European Commission, wrote in a LinkedIn post. “Space infrastructures are more and more digitalised, and therefore more exposed to cyber-security incidents. The EU Space Strategy for Security and Defence made it clear.”

The EU is taking several steps to strengthen the resilience of critical infrastructure and services, including through the adoption of the Network and Information Security (NIS) 2 Directive and the Critical Entities Resilience (CER) Directive. In this context, it aims at raising awareness and facilitating the exchange of best practices among private entities on resilience measures, including through the establishment of cooperation arrangements and Information Sharing and Analysis Centres (ISACs) across essential sectors. 

As an increasingly critical sector, and considering the ‘rapidly evolving’ nature of the space industry and the significant rise in the number of new commercial actors, special consideration should be given to strengthening the security and resilience of the EU space ecosystem. Against this background, the EUSSSD proposed to establish an EU Space ISAC.  

Members shall be legal private entities from the space sector established in the EU, developing their activity in the EU, having their executive management structure established in the EU, and that are not subject to control by a third country or by a third country entity. Additionally, EU academic institutions and other recognized institutions can also be members, provided that they develop knowledge about security and/or incidents and/or potential solutions that are relevant to the space sector. 

Public partners shall be legal public entities established in the EU of relevance for the EU Space sector, that are directly or indirectly contributing to its activity and/ or regulation, such as EU institutions, bodies, and agencies; intergovernmental European agencies acting in the space sector; other EU ISACs, where relevant; EU national space agencies; and EU National Computer Emergency Response Teams.

Participating in the EU Space ISAC will improve the security and resilience of members through various measures, including information sharing where the EU Space ISAC will act as an information-sharing hub where members can exchange valuable information related to security incidents. They will stay tuned to the latest cyber trends, security vulnerabilities, and hybrid threats. 

Members of the EU Space ISAC share security alerts and gain access to timely and actionable information about security threats at their early stages. This will allow them to respond promptly and effectively to detect, prevent, or mitigate any potential damages. It also aims to deliver enhanced cybersecurity posture through the sharing of knowledge, information, best practices, and expertise. Participants of the EU Space ISAC will enhance their collective cybersecurity resilience to better safeguard critical space assets and systems. 

Additionally, a collaborative approach to cybersecurity becomes possible by leveraging their combined resources and pooling their knowledge and expertise. Members will synergize their efforts to ‘effectively’ respond to common cybersecurity challenges. The EU Space ISAC will also provide access to expertise and guidance, thereby allowing exchanges with public partners, including cybersecurity experts, public sector agencies, and other stakeholders. These collaborators can also propose guidance and assistance to these participants. 

The EU Space ISAC will also deliver support to incident response and recovery. In the event of a cybersecurity incident, the agency can offer support to its members, including by facilitating communication between participants and relevant authorities for the characterization, response, and recovery processes. It will also help bring about networking and industry insights among participants.

The main objective of the EU Space ISAC is to contribute to the security and resilience of space systems and their supply chain. To do so, the agency aims to establish efficient and secure communication channels to facilitate information sharing between participants; and share space-related security information, including an overview of main challenges, and explore research and development needs.

It also looks to facilitate access to security expertise and boost skilling of the industry, including by raising awareness about training opportunities and organizing activities or events, while exploring measures and initiatives to enhance the readiness and the resilience of EU Space ISAC members’ capabilities for detecting, mitigating, and recovering from security incidents.

The agency also intends to propose ready-to-use and actionable resources and tools for participants, including guiding the implementation of relevant EU regulations and shared best practices, and facilitating feedback and sharing of experiences of its members. It also brings targeted support to its members upon request, proposing advice, support, and evaluation, and collaborates with EU similar organizations or communities with recognized expertise. It further considers dialogue with non-EU similar organizations or communities, where relevant, and supports information sharing in the context of major security incidents, where needed.

For this call, applicants shall specify if they apply as members or as public partners. In addition, applicants shall indicate if they want to apply for the position of founding participant. If so, they will have to participate in the first board meeting of the EU Space ISAC. All applicants shall present their motivation, a commitment to active participation (including a description of their future involvement), a description of the expertise that would be relevant for the EU Space ISAC, their interest in working groups and/or communities of interest, and their expectations from the EU Space ISAC. 

Applicants interested in becoming founding participants will be required to undergo an interview to assess their motivation and the resources they are willing to contribute to the EU Space ISAC (commitment). The evaluation will also consider the characteristics of the applicant, i.e. if they are an SME or a larger industrial player. The level of commitment expected from each applicant will be based on their means and available resources, ensuring a proportionate contribution.

Earlier this week, the European Commission, in collaboration with member states, staged an extensive cyberattack simulation to bolster readiness and preparedness. Senior cybersecurity representatives from EU member states, the Commission, and the EU Agency for Cybersecurity (ENISA) are taking part in a two-day ‘Blueprint Operational Level Exercise’, or Blue OLEx 2023, to test EU preparedness in the event of a cyber-related crisis.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure