COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara.

Slides:



Advertisements
Similar presentations
ESWW4, 5-9 th November 2007 Draft Proposal: Space Weather as part of an Optional Space Situational Awareness Programme A.Glover, E. Daly, R. Marsden, A.
Advertisements

GEOSS Workshop 20 September 2013 ESRIN P. Bargellini, Ground Segment and Mission Operations Department, Earth Observation Programmes Directorate, European.
Space/GMES and Climate Change Mikko Strahlendorff, GMES Bureau.
GEO South – Eastern Europe and Eastern Mediterranean Symposium on Earth Observation Services for Monitoring the Environment and Protecting the General.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
Geo-spatial information and remote sensing for crop production and environmental care Dr. Hanns-Christoph Eiden.
GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.
Slide: 1 ROSA GRAS Meeting February 2009 Matera, Italy User Services EUMETSAT EUMETSAT Data Access & User Support.
1 State of play Robert Lowson EEA Kopernikus coordinator, GMES Bureau.
First Marine Board Forum – 15 May Oostende Marine Data Challenges: from Observation to Information From observation to data.
Copernicus The European Earth Observation Programme Astrid-Christina Koch Copernicus Infrastructures Unit Europe for GEOSS – Speakers Corner Geneva, 15.
VENUS (Vegetation and Environment New µ-Spacecraft) A demonstration space mission dedicated to land surface environment (Vegetation and Environment New.
European Union Satellite Centre © 2014 EU SatCen as CEOS Associate 28 th CEOS Plenary 28 th CEOS Plenary Tromsø, Norway October 2014 European Union.
Stephen S. Yau CSE , Fall Security Strategies.
1 Dr Reinhard Schulte-Braucks Head GMES Unit, DG ENTR, EC The role of Copernicus in Promoting the European Economy Geospatial World Forum Rotterdam, 16.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
EOSC Generic Application Security Framework
The Preparatory Phase Proposal a first draft to be discussed.
WMO WMO INTEGRATED GLOBAL OBSERVING SYSTEM (WIGOS) Cg-17, Agenda Dr S. Barrell, Chair, ICG-WIGOS WMO; OBS.
EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
CryoNet Network of Cryospheric Surface Observations Wolfgang Schöner Central Institute of Meteorology and Geodynamics Vienna, Austria.
Sensors, SWE and European spatial data initiatives – INSPIRE and GMES Brno, Radim Štampach, Ph.D.
CAPACITY Operational Atmospheric Chemistry Monitoring Missions CAPACITY Final Meeting - WP Ground Segment synthesis Final Meeting ESTEC02/06/05.
1 European Space Activities under the Research Framework Programme AMFIC Final Meeting Beijing, 23 October 2009 Hartwig Bischoff Space Research and Development.
Slide: 1 27 th CEOS Plenary |Montréal | November 2013 Agenda item: 12 Dr. Reinhard Schulte-Braucks European Commission - Head Copernicus Infrastructures.
ENEON first workshop Observing Europe: Networking the Earth Observation Networks in Europe September, Paris IIASA Ian McCallum ENEON Observing Europe:
EUM/SIR/VWG/11/012 WP 2000: Climate SBA 9 October 2011 WP 2000: Climate Societal Benefit Area Robert Husband (EUMETSAT)
ESRIN Earth Observation Program Ground Segment Department 26/09/2015 CEOS-WGISS-40 - Olivier BaroisSlide 1 Open Source Practices.
Synthesis of Strategic Issues (Climate, Disasters, Water) and a draft European strategic framework.
Satellites, Ground Segment, and Data Access Evolution at DLR K
Security fundamentals Topic 10 Securing the network perimeter.
Committee on Earth Observation Satellites Plenary Agenda Item #3 29 th CEOS Plenary Kyoto International Conference Center Kyoto, Japan 5 – 6 November 2015.
Towards an European Network of Earth Observation Networks (ENEON): Addressing Challenges and Facilitating Collaboration for non-space based Earth Observations.
IPSentinel Portuguese Infrastructure for Storage and dissemination of Satellite Sentinel Images PT02_Aviso3_003.
The Copernicus Sentinel-3 Mission: Update on status Susanne Mecklenburg – ESA Sentinel-3 Mission Manager Sentinel-3 ESA development & operations teams.
The Global Cryosphere Watch Jeff Key NOAA/NESDIS, Madison, Wisconsin USA South America GCW Meeting, Santiago, October
E u r o p e a n C o m m i s s i o nCommunity Research Global Change and Ecosystems Malta, 27 January 2004 Alan Edwards EUROPEAN COMMISSION GMES – Implications.
Expanding the knowledge base for policy implementation and long-term transitions Dr Hans Bruyninckx Executive Director, European Environment Agency (EEA)
Cloud-based e-science drivers for ESAs Sentinel Collaborative Ground Segment Kostas Koumandaros Greek Research & Technology Network Open Science retreat.
IS3220 Information Technology Infrastructure Security
ESA UNCLASSIFIED – For Official Use High Speed Network and Security For Copernicus Communities Case Study ESA EOP-G Network & Security Team Francesco Nisi,
The AGILE Research Agenda 7th EC-GI & GIS Workshop Potsdam June 15, 2001 Max Craglia, University of Sheffield Mike Gould, Universitat Jaume I, Castellón.
Monitoring Europe‘s ecosystem capital The role of Copernicus and other geographic information Working party meeting, Luxembourg, 2. March 2015 Stefan Jensen.
Oceans and Society: Blue Planet An Integrating Task of GEO for Oceans Oceans and Society: Blue Planet An Integrating Task of GEO for Oceans Trevor Platt.
State of the Global Change Grand Challenge Report to the Portfolio Committee on Science and Technology 15 September 2010.
Copernicus Climate Change Service Jean-Noël Thépaut.
Security fundamentals
Copernicus Data & Information Access Service → DIAS 28 September 2016.
2017/18 SANSA Annual Performance Plan
Integrated Management System and Certification
Copernicus Data & Information Access Services DIAS.
Copernicus Programme European Commission CEOS Plenary 2016
Presentation on Copernicus Dissemination
Broader Coordination on Carbon Observations
High level National Data Forum
Copernicus Programme European Commission CEOS Plenary 2017
How OSS could be used for GMES?
Climate Change & Environmental Risks Unit Research Directorate General
Exploitation Platforms and Common Reference Architecture
IS4680 Security Auditing for Compliance
Check Point Connectra NGX R60
Pier Giorgio Marchetti, Philippe Mougnaud European Space Agency
GCOS Strategy: advocate-coordinate-communicate
7th EU Research FP has ten themes defined in order:
The ESA Earth Observation Long Term Data Preservation (LTDP) Programme
CryoNet Network of Cryospheric Surface Observations
Presentation transcript:

COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara Angelucci, RHEA System SA CISSP, ISO27001 LA

Agenda The Copernicus context The approach Project lifecycle management Conclusions The Copernicus context The Security Framework

The Copernicus Programme A European system for monitoring the Earth for the establishment of a European capacity to access key environmental data on a routine basis for EO for the establishment of a European capacity to access key environmental data on a routine basis for EO Provides the necessary data for operational monitoring of the environment and for civil security Provides the necessary data for operational monitoring of the environment and for civil security ESA coordinates the Space Component Space Component In-Situ Component Services Component

Copernicus: the Service component Land monitoring Marine environment monitoring AtmospheremonitoringAtmospheremonitoring Emergency management Space Infrastructure In Situ Infrastructure SecuritySecurity Climate change USERS OBSERVATION

Copernicus Service Component TT&C Stations Acquisition Stations Collaborative Ground Segment Collaborative Centre A CSC Core Ground Segment GCM GS Contributing Missions Collaborative Centre A Users EDRS Copernicus: the Space component Dedicated Missions CSC Coordinated Data Access

Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework The approach

Copernicus Data Policy: policy and objectives The data policy Grant f ff full, free and open access, subject to specific limitations like: a.licensing conditions b.security interests and external relations of the Union or its Member States c.risk of disruption of the Copernicus infrastructure d.ensuring reliable access The service objectives Ensure access Ensure access to information:  in case of emergency and critical situation  delivered accurately and reliably  granted in a sustainable manner

The challenge Complex Complex: Seamless service and infrastructure Several missions Different industries Multiple contracts Different actors Dynamic Dynamic: New and evolving requirements New satellites Real time data

A twofold perspective Technical Management CSC Security Framework CSC Security Framework Standards Best practices Standards Best practices EC Data Policy CSC Security objectives EC Data Policy CSC Security objectives Risks Copernicus objectives CSC Security Framework CSC Security Framework

Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework The Security framework

The Copernicus Security Framework Security requirements Secure operations management SystemsSystems Network policy Data classification User classification Access control ApplicationsApplications Security organization SECOPSSECOPS

Security requirements Systems and applications security 1.Operating systems hardening 2.Mandatory and periodic security patching process for OS and applications 3.Secure coding practices according to best industry practices and standards 4.A strategy to adapt the system to operating system and hardware evolutions to prevent risks deriving from system obsolescence, 5.Logical three-tier architecture model (presentation, application and data tier) 6.Data and user I/O to applications are validated in terms of syntactic and semantics checks 7.System security portal

Security requirements Network Security - Implementation Policy Different security level External Networks Demilitarized Zones (DMZs) Internal Networks Central security services Antivirus/antispam Proxy Mail relay DNS/NTP Network security measures Firewall IDP DDoS defense

Security Services Network Security - The Defence Perimeter Early Warning DDOS Ctrl FWs +IDPS Ctrl Services Loc. FW+IDPS PDGS Systems Redundant central firewalls to enforce the EU/ESA security policies Redundant DDoS self-learning detection and mitigation IDS/IPS detection and blocking Central events correlation service Redundant Proxies Peripheral firewalls with local IPS/IDS ACLs and Iptables

Security requirements Access control, user and data classification ESA Unclassified - For Official Use ESA Unclassified - For Internal Use ESA Unclassified - Proprietary Information …… AuthenticationAuthorizationAccountingStorageEncryption AdministratorsOperators End users SystemsManagers

Secure operations and management

Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework Project lifecycle management

Copernicus Security within the Project lifecycle: for each project …..

…. each single function …

…. and End to end

Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework Conclusions

Facts and figures 11 centres and 2 data centres successfully deployed 3 PDGS successfully integrated over the 11 centres more than 1200 operational servers (between physical and virtual), 75 of which on the DMZ; more than 100 custom- developed applications; more than 260 TB data Circulated and disseminated / Month for Sentinel 1A more than 40 different data classes; several hundreds of users more than 40 security devices monitored on a daily basis; unauthorised requests blocked by first defence perimeter; security events blocked by the second defence layer

Conclusions Security Domains

Important Dates: Deadline for abstract submission16 October 2015 Notification of AcceptancesEnd January 2016 Issue of Preliminary ProgrammeFebruary 2016 Opening of Registration to the SymposiumFebruary 2016 Release of the Final Programme at the symposium Submission of Full Papers at the symposium Themes: Atmosphere, Oceanography, Cryosphere, Land, Hazards, Climate and Meteorology, Solid Earth/Geodesy, Near-Earth Environment, Methodologies and Products, Open Science PRAGUE MAY 2016 Main Objective: Presentation of Exploitation Results based on ESA Earth Observation Measurements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.