SANCTUARY, in collaboration with GMV, has once again earned the trust of the European Space Agency (ESA) by securing a highly competitive tender to develop a solution for the “Detection of Unauthorized Access and Control Restoration of a Spacecraft.” By combining autonomous recovery with cutting-edge monitoring technologies, this solution will ensure that future space systems remain secure, operational, and resilient against emerging cyber-physical threats.
In response to growing cyber-physical threats in space systems, this ESA activity aims to ensure the resilience of spacecraft operations. As satellite technologies evolve, the need for effective detection, response, and recovery mechanisms has never been greater. Successful attacks, whether through communication interfaces, subsystems, or supply chains, could cause significant disruptions. This activity focuses on safeguarding space assets by ensuring timely identification of threats, efficient mitigation, and full restoration of operations.
At the core of the activity is the Spacecraft Security Monitoring, Control, and Recovery (SSMCR) function. Integrated into modular spacecraft avionics, the SSMCR expands traditional autonomous failure management systems to include security-specific recovery mechanisms. This development enables spacecraft to detect security incidents, respond swiftly, isolate compromised systems, and recover functionality with minimal downtime. Supporting this effort is the Central Data Handling System (CDHS), which acts as the critical hub for anomaly detection. By providing access to subsystem and payload data, the CDHS enables comprehensive monitoring, ensuring that potential threats can be accurately identified and analyzed.
The activity emphasizes real-time, multi-layered anomaly detection to identify cyber-physical attacks promptly. Mechanisms will analyze telemetry data for unusual patterns using threshold-based, statistical, and rule-based situational awareness techniques. These foundational approaches will be complemented by advanced technologies, such as machine learning and artificial intelligence, to enhance detection accuracy. By incorporating broader system context, these tools will help distinguish legitimate operations from malicious activities with greater precision.
To contain threats and prevent adversarial spread, the SSMCR and CDHS will implement robust security controls. These include communication isolation for compromised subsystems and explore the use of Trusted Platform Modules (TPMs) to securely update cryptographic keys. Such measures ensure that even after an initial compromise, secure communication and system integrity can be maintained.
A significant component of this activity is the development of a root of recovery mechanism. Designed to restore spacecraft security and operational functions within six hours of an attack, this mechanism represents a critical step toward resilience. The SSMCR will isolate affected subsystems, re-establish secure communication, update cryptographic keys, and restore links to prevent repeated breaches. Each step will be logged for detailed analysis, while onboard security status will be continuously transmitted to the Mission Control System (MCS) for real-time transparency and monitoring.
SANCTUARY Systems GmbH, as the prime, is working with GMV Germany in this activity, which started in November 2024 and is expected to end in May 2026.