Welcome to the fifth edition of Salus, RHEA’s security business bulletin. Since the Russian assault on Ukraine started in March, the requirement for all organizations to maximize their cybersecurity defences has been brought into sharp focus. Keeping abreast of developments in the cyber landscape has never been more important for business leaders and cybersecurity professionals alike.
It is timely, therefore, that in this issue of Salus, we cover the creation of a European Cybersecurity Centre of Excellence in Transinne, Belgium. This Centre, due to be operational by the end of 2023, will offer a full range of services across the cybersecurity spectrum for all types of organization, including defence. In addition, we discuss the convergence of cyber and physical security, which must be considered together in all future security plans.
We also introduce you to three very different cybersecurity projects that RHEA is involved in: one involving quantum key distribution across Europe and another working with the European Space Agency to protect the exchange of data within complex manufacturing, assembly, integration and testing (MAIT) processes within the space domain. Finally, our Security Services and Concurrent Design teams have been working together to enable security-by-design for LOTUS, a multi-million-euro initiative to create a Europe-wide, cyber-resilient unmanned aircraft with a stealth design.
If you are interested in finding out how RHEA can project your organization or would like to explore potential collaboration on security projects, please contact us at: info@rheagroup.com
Transinne – Enabling European Security Resilience
With the increasing rise in cybercrime, amplified by the war in Ukraine and the growth of cybercriminals, critical infrastructures are investing heavily in cybersecurity protection in order to safeguard their activities and ensure their digital infrastructure and services are sustainable. To support and strengthen European organizations against the perpetual threat of attacks, and to act as a centre of excellence to ensure digital trust, a consortium of organizations (IDELUX, Assar, BNP Paribas Fortis and RHEA Group) is creating a European Cybersecurity Centre of Excellence in Transinne, Belgium.
This new centre will provide a unique cybersecurity ecosystem and pool of expertise in the heart of Europe to effectively address any preventive and corrective concerns and needs that European organizations may have when it comes to securing their operations, IT systems and data. It will provide a central facility for any European third-party organization, including businesses, institutional organizations and critical infrastructure, to support the design and operations of all their IT systems and securing their utilization. It will offer a full range of services across the cybersecurity spectrum, including consultancy, training, validation, testing, design, managed security operation centre (SOC) services, cybersecurity products and solutions, and incident response.
Cyber and physical security may seem like very different areas of concern for organizations, but today, the two activities are increasingly converging, spurred on by a range of business and personal transitions, and more recently by the global COVID-19 pandemic.
In the past 20 years, the increasing connectivity of IT systems and accessibility by the wider population has accelerated this convergence. At the start of the 21st century, the physical security sector was using digital infrastructure to provide physical services – such as connected security cameras and video surveillance – in response to the changing needs of users. Thanks to greater connectivity and the growing power of the internet, this level of integration was bound to grow, and two decades later, this transformation continues at pace and will never end.
Today, systems and physical assets are connected and intelligent, leaving no differentiation between the physical and IT worlds when organizations and individuals are thinking about security. Ultimately, when you are protecting physical assets, consideration must be applied to how those assets are connected and how they interact with each other.
The scope and variety of cyber threats to manufacturers have expanded significantly in recent years, and now include everything from highly complex Stuxnet-style attacks to relatively common ransomware threats. Apart from malware assaults, cyberattacks against manufacturers can include attempts to damage data, steal intellectual property (IP) and industrial sabotage.
In response, RHEA Group Security Services is starting a new and exciting journey with the European Space Agency (ESA), Engie Laborelec and Sabca to explore how to protect the exchange of data within complex manufacturing, assembly, integration and testing (MAIT) processes within the space domain.
The complexity of space projects demands different levels of confidentiality and security needs, involving several actors and different authorities. The RHEA-led team will select suitable, real use cases for a digitally based MAIT process considering a distinctive product lifecycle management (PLM) instance within the space sector.
The team will perform a comprehensive analysis of threats, vulnerabilities and risks associated with the chosen use cases. A suite of cybersecurity tools and frameworks will be incorporated in a dedicated demonstrator, together with an emulation of the MAIT processes. A set of cyber scenarios will then be executed, with the aim of validating the effectiveness of the selected technologies in the context of cyberattacks.
To conclude the project, a study will be published that provides an overview of the outcomes of each stage, along with clear results of the demonstrator and recommendations for future opportunities where the outcomes can be leveraged by ESA and the space industry.
LOTUS
The Low Observable Tactical Unmanned Air System (LOTUS) project is a multi-million-euro initiative to create a Europe-wide, cyber-resilient unmanned aircraft with a stealth design. Funded by the European Commission (EC) through the European Defence Industrial Development Programme (EDIDP), the aim is that it will contribute to the competitiveness and growth of the European Union’s (EU’s) defence capabilities. Uniquely, it is being designed in the EU and made with mainly European parts.
RHEA is part of the LOTUS consortium that is developing this next generation of tactical remotely piloted aircraft systems (RPAS). The 4-year project covers the design, production of prototypes and testing.
A cyber-resilient aircraft requires the highest level of cybersecurity to be built into the system, ensuring the data sent and received is protected. We therefore aimed to incorporate a cybersecurity strategy from the early stages of the LOTUS project and included several cyber risk analyses in the project plan. However, to apply the principle of ‘security by design’, the project went further and included the security assessment in the early design cycles, merging it with our concurrent design methodology to develop a process that enabled a full-scale cybersecurity evaluation early in the project and employing our COMET™ software to model the system and its components.