SIEM4GS: Security Information and Event Management for a Virtual Ground Station Testbed

Authors

DOI:

https://doi.org/10.34190/eccws.21.1.228

Keywords:

Ground station, Ground system, Mission operations service framework, Security information and event management, Extended detection and response, Elastic Stack

Abstract

As the space sector continues to grow, so do the cybersecurity risks. As large as the attack surface of a space system is, the ground segment remains an attractive source of intrusion points, not only because of its relative accessibility but also because the ground system is often viewed as little more than a conventional IT system. Thus, a representative security assessment of a space system cannot avoid addressing the vulnerabilities of the associated ground system and the relevant threats. This motivates the construction of a virtual ground station testbed, as part of larger reference platform, to support our ongoing research on the cybersecurity of space systems. Presented here is a discussion of the preliminary work being undertaken at the University of South Australia node of the SmartSat Cooperative Research Centre on such a testbed. A distinguishing feature of the testbed is the integration of a security information and event management (SIEM) system justifying the name of the testbed, “SIEM4GS”. Based on the latest literature on ground stations, a logical architecture and an implementation plan involving only open-source software building blocks for SIEM4GS are proposed. Features of the ground station and SIEM services are discussed. A plan is provided on how to extend the SIEM system from a primarily “detect” role in the NIST Cybersecurity Framework to a “detect and respond” role.

Author Biography

Professor Slay, University of South Australia, SmartSat Cooperative Research Centre

Prof Jill Slay is the SmartSat Professorial Chair in Cybersecurity at University of South Australia, a Fellow of ISC2, and a member of the Order of Australia. She has published more than 140 outputs in information assurance, critical infrastructure protection, security, and forensic computing. She currently focuses on the context of satellite cybersecurity and resilience.

Downloads

Published

2022-06-08