180 likes | 312 Views
DRAFT. ASI Security Practices. NOTE: Intent is to provide enough detail to compare & contrast various the various Agency practices in order understand where differences lie and eventually determining how to create standards. AGENDA. Agency Background Overall Agency Security Policies
E N D
DRAFT ASI Security Practices NOTE: Intent is to provide enough detail to compare & contrast various the various Agency practices in order understand where differences lie and eventually determining how to create standards
AGENDA • Agency Background • Overall Agency Security Policies • Mission Specific Security Practices
AGENCY BACKGROUND • History The Italian Space Agency came into being in 1988. Its purpose was to coordinate all of Italy's efforts and investments in the space sector that had begun in the 1960s. Within twenty years' time, ASI became one of the most significant players in the world in space science, satellite technologies and the development of mobile systems for exploring the Universe. Today, ASI has a key role at the European level where Italy is the third contributor country to the European Space Agency. It also is involved at the international level. For example, ASI has a close working relationship with NASA, which has led to its participation in many of the most interesting scientific missions of recent years. One of the most fascinating projects has been the construction and activities of the International Space Station where Italian astronauts are by now at home.
AGENCY BACKGROUND Types of missions performed • Exploring space: • Saturn and its satellites through the NASA/ESA/ASI Cassini/Huygens mission; • Mars through its collaboration with NASA and ESA. • MARSIS radar system on the Mars Express probe and the SHARAD radar system, onboard the NASA Mars Reconnaissance Orbiter probe. • Beppo SAX satellite was the first to provide an answer to the mystery surrounding the gamma-ray bursts phenomena and was awarded by the American Astronomical Society in recognition of this achievement. • SWIFT mission, which is targeted at studying the "gamma ray burst" phenomenon. Within the framework of ESA programmes, Italy, through ASI, has contributed greatly in developing the XMM satellite for observing the universe. • AGILE, a gamma ray astronomy telescope that is achieving important results.
AGENCY BACKGROUND Types of missions performed • Observing the Earth: • ERS-1, ERS-2, ENVISAT(ESA programmes) and in developing collaborations with other European and international space agencies. • COSMO-SkyMed programme, a constellation of LEO (Low Earth Orbit) satellites. It is the first dual (civilian/military) satellite observation system. Its four satellites will be able to observe the Earth by night and sunlight and with any weather condition, helping to forecast landslides and floods, to coordinate aid during fires or earthquakes, to control and manage crisis areas. • In addition, ASI and CONAE have signed an agreement for building the SIASGE system. The SIASGE system will integrate the Italian COSMO-SkyMed satellite system and the SAOCOM Argentinean system and will have the capability of covering 80% of the international community's requirements. So, thanks to this cooperation, SAR will be based both in “X” band and in “L”, with an improvement of the quality of images.
AGENCY BACKGROUND Types of missions performed • Living in space: • development, in an ASI/NASA bilateral cooperation, of three Logistics Modules (Leonardo, Raffaello and Donatello) which will transport materials and experiments in a conditioned environment from the earth to the ISS and back. They will also be used as habitation modules once they are docked to the orbiting station; • the participation in ESA programs for the development of Columbus Laboratory, ATV (Automated Transfer Vehicle), CRV (Crew Rescue Vehicle) and cupola; • the development, through another agreement with ESA, of Nodes 2 and 3, the interconnecting elements among the various pressurized modules of the Station. In exchange of the fundamental contribution given by ASI (and by the Italian industrial system) to this project, NASA offers Italian astronauts six flight opportunities on the Space Shuttle missions that reach the ISS.
AGENCY BACKGROUND Types of missions performed • Accessing space:Italy is strongly committed to this field, in particular with VEGA, a medium launch vehicle (for satellite up to 1,5 tons in Low Earth Orbit) promoted through the European Space Agency. ASI is the main sponsor of Vega, with the 65 % of the total budget, and the Italian industry is strongly involved in the launcher realization.
AGENCY BACKGROUND Types of missions performed • Satellites for navigation and telecommunications: ASI has developed the SIRIO (1977) and ITALSAT F1 and F2 (1992, 1996) satellites.At the ESA level, it has participated in the OLYMPUS and ARTEMIS projects. Italian industry is now present in advanced sectors such as Ka band systems, L band systems, communication systems for civil protection, etc. ASI has now started to experiment and develop new services and technologies for the ground segment as well as for the space segment. In particular: • For multimedia and interactive communication (Tele-education, Telemedicine) ASI participates in the ARTEMIS and ARTES 3 programs (Euroskyway, Shared) • For mobile communication is participating in the ARTEMIS program and has developed the EMS payload embarked on Italsat F2 • For satellite navigation ASI is participating in the European project ARTES9/GNSS1 and is strongly involved in the Galileo project.
AGENCY BACKGROUND Ground and space network architectural overview • Asi has its headquarters in Roma and operative centers: • The Centre for Space Geodesy (CGS) is located in the municipal district of Matera about 450 km south of Roma). Opened in 1983, its budget is about 10 millions per year. Mainly devoted to earth observation through advanced space techniques (space geodesy and remote sensing), the CGS has recently been dealing with other fields, in particular space robot technology and interplanetary missions. • The Stratospheric Balloon Launch Base is located in the region of Trapani-Milo (Sicilia) was opened in 1975 and represents a world structure able to carry out the design, the launch and the flight management of this specific technique, with a specialization in the systems of great mass and volume. During last years several types of balloons have been launched successfully from the base ranging from 100.000 balloons to 1.100.000 m3 balloons. The balloons represent an alternative and/or a significant complement to satellites and to the International Space Station.
AGENCY BACKGROUND Ground and space network architectural overview • The Broglio Space Centre (BSC) of Malindi, Kenya, because of its equatorial location on the Indian Ocean's coast, is the ideal place for activities of launch and satellite control from earth. The centre is made of two segments, the marine segment represented by the launch oceanic platform and the earth segment represented by the data receipt centre. The last launch - Scout vector embarking the San Marco D/L satellite - was carried out on March 25th, 1988. Since then platforms are not used and are generally submitted to the ordinary upkeep. • ASI’s Science Data Centre (ASDC – Frascati, 20 km south of Roma) was established in September 2000. On the basis of the experience so far acquired in the management of BeppoSAX satellite scientific data centre, ASI wished to establish a centre aimed at supplying products and services for the scientific community pertinent to Observation of the Universe space missions.
OVERALL AGENCY SECURITY POLICIES Classified activities National legislation and directives issued by IT NSA are applied, which are in compliance with common accepted “minimum standard” NATO, UEO,UE, ESA. The Implementation of security measures and procedures is necessary, in particular, with reference to classified programs which are managed by ASI in cooperation with IT MoD, at national level (COSMO-SkyMed, PRESAGO) and at inter-government cooperation (ORFEO, F-DUGS) or in cooperation with EU institutions (Galileo and GMES with EU Council, Commission, GSA and with ESA). Most part of this activity is performed in ASI headquarters (Roma). All measures and procedure are applied in the following fields: • General security and documentation security; • ICT security; • Industrial security; • Infrastructural security.
OVERALL AGENCY SECURITY POLICIES Industries and sub-contractors dealing with classified programs committed by ASI • Security assurance is under specific responsibility of top management of any company, consortium, etc. For this purpose a Security Officer is appointed; • Any Company has its own Security organization according to national regulations, issued by IT NSA, which controls directly or through delegated people the effective implementation of measures and procedures; • Stringent measures are applied to facilities and Centers where classified works are performed.
OVERALL AGENCY SECURITY POLICIES Unclassified activities Physical security • 360 degrees fence/wall and adequate clear zone on both sides (operative center); • No parking zone on both sides of fence/wall (operative center); • CCTV System (including recording); • Perimeter lighting; • Internal guard service (trained and briefed); • Patrols with irregular intervals; • Authentication with dedicated badge; • Personal badge must be exposed within premises; • Random luggage check; • Automatic employees and visitors log – in/out; • Reserved parking lot on premises; • Central key control system and keys issued on limited basis; • Movement sensors in buildings/rooms and intrusion alarm; • Alarm signal routed to guards desk and external authority.
OVERALL AGENCY SECURITY POLICIES Unclassified activities ITC security • PC are provided by ITC service, using of extraneous PC is not allowed within ASI premises; • Each user has been released an user-id with specific grants; • Passwords must respect strength criteria; • Routers and firewalls protect the LAN; • SW and HW installing is allowed only to ITC service; • No wi-fi service has been implemented; • Exchange of “sensitive” technical documentation is performed applying password to files to be exchanged (e.g. word/excel files) • Etc.
MISSION SPECIFIC SECURITY PRACTICESadditional to overall agency security policies • Ground Segment: located within critical buildings clearly earmarked • Access controls • Specific access control points (badge/code pads); • Automatic logging of access and exit; • Access control lists available and regularly updated; • Number of entrance doors reduced to minimum necessary; • Access to “sensitive area” is allowed only to persons having “need to access”; • Visitors are accompanied; • Security services applied • Safes with combined lock (key + code); • Anti-flood, anti-fire systems • Network interconnection (depending by case): • Interconnection to internet; • Air-gap applied; • No interconnection to internet
MISSION SPECIFIC SECURITY PRACTICES Requirements for Launch Service Providers (LSP) of dual-use satellite (1) • appoint an officer to be responsible for supervising and directing security measures in relation to the contract or sub-contract; • Declare to relevant NSA people to be employed on the contract to obtain security clearances at the required level; • maintain, preferably through the officer responsible for security measures, a continuing relationship with NSA in order to ensure that all classified information involved in the contract or subcontract is properly safeguarded; • supply to NSA any information on the persons who will be required to have access to classified information concerning the contract; • maintain a record of employee taking part in the classified work and who have been cleared for access to classified information. This record must show the period of validity and the level of the clearances;
MISSION SPECIFIC SECURITY PRACTICES(cont) Requirements for Launch Service Providers (LSP) of dual-use satellite (2) • allow access to classified information only to people who have been authorized to have access by relevant NSA; • limit the dissemination of classified information to the smallest number of persons is consistence with the proper execution of the contract or sub-contract; • comply with any request from relevant NSA that persons to be entrusted with classified information sign a statement undertaking to safeguard that information and signifying their understanding of their obligations under national legislation on the safeguarding of classified information, and that they recognize that they may have comparable obligations under the laws of the other countries in which they may have access to classified information;
MISSION SPECIFIC SECURITY PRACTICES Requirements for Launch Service Providers (LSP) of dual-use satellite (3) • LSP undertakes not to utilize, other than for specific purpose of the contract, or subcontract, any classified information supplied. • Following documents have to prepared and signed: • Memorandum of Agreement (MOA) between launch site country and IT relevant government authorities; • Security Requirements Summary; • Security Implementation Plan; • Security Transportation Plan.