The satellite communications (satcoms) sector is a prime example of a complex aerospace cyber-physical system. To provide a secure, robust communications capability, satcoms systems are designed to implement defense in depth from targeted attacks and component failure as well as operate effectively in harsh environmental conditions. Due to the prohibitive cost of replacement, satcoms spacecraft are frequently designed with lifespans of over a decade and must provide a continual service – where any downtime is seen as unacceptable.
Recently, several international governments have developed cyber-strategies that go against the traditional ‘quarantine, resolve, remediate’ methodology. For example, the United States government now requires the continuation of operational capabilities as a priority – over and above that of the isolation and quarantine of systems that may be impacted in a cyber-attack. This new approach will require not only multiple levels of redundancy and a structured approach to cyber-defense, but multiple information and service pathways that use independent protocol and vendor pathways to provide ongoing operational capabilities.
While new cyber-strategies are requiring systems architects to rethink their approach to cyber-defense, there is actually no cause to re-invent the wheel. Effective lessons can be learned from a satcoms industry that has faced such requirements for many decades. Indeed, the Aerospace domain is, by its nature, required to produce systems that are designed to survive the simultaneous failure or attack of multiple components. For cyber-strategists and systems architects, this requires a shift in thinking away from the protection of information and towards the continuity of service.
In this paper, we present a methodology, adapted from aerospace practices, that facilitates the design of systems designed to provide continuity of service even while under attack. We also leverage established best practices in the cyber-security space and suggest enhancements to common methodologies found within the aerospace industry. For example, due to complex mission-critical requirements, legacy interoperability and multiple vendors, aerospace projects are frequently resistant to implement recommendations from penetration tests – as such changes require extensive retesting and validation. We believe, and demonstrate proof-of-concept, that our presented methodology will enhance both the resilience and security of traditional cyber-systems, as well as aerospace cyber-physical systems – and that this approach can minimize associated time, resource and cost expenses. We conclude our approach by the application of our methodology in various hypothetical, and tangible project architectures, and compare this to traditional approaches.
Are you a researcher? Would you like to cite this paper?
Visit the ASEE document repository at
for more tools and easy citations.