Home   /   Portfolio   /  BESecured PSS

BESecured PSS

BESecured Pooling & Sharing Hub

Competitiveness & Growth Core Competitiveness Secure Satcom for Safety & Security (4S)
STATUS | Ongoing
STATUS DATE | 02/12/2024
ACTIVITY CODE | 6B.076
BESecured PSS

PAGE CONTENTS

Objectives

Definition Phase (2021-2022)

During the Definition Phase, the primary objectives were to define and consolidate detailed user and system requirements. This phase focused on developing the system architecture for the Secured Pooling & Sharing System (PSS) using a proper security-by-design process. Key activities included extensive stakeholder engagement to gather requirements, creating detailed system specifications, and establishing a robust foundation for subsequent development phases.

Technology Phase (2022-2023)

In the Technology Phase, we progressed from conceptual designs to practical implementations. This phase involved the evaluation of system performance and concepts of operations through an early prototype, BESecured PSS Alpha. The prototype provided critical insights and formed the basis for the future Secure Commercial Pooling & Sharing System. Efforts were dedicated to identifying and addressing technological and security challenges anticipated over the long-term evolution (5-10 years) of the system. This phase concluded with the successful demonstration of the BESecured PSS Alpha’s capabilities and readiness for further development.

Product Phase (2023-Present)

We are currently in the Product Phase, focused on completing the verification and validation of the system. This phase involves rigorous testing to ensure the system meets all defined requirements and performs reliably under operational conditions. Key activities include:

  • Verification: Detailed testing against the user and system requirements to confirm that the system functions as intended.
  • Validation: Ensuring that the system meets the operational needs and expectations of end-users through comprehensive trials and feedback loops.
  • Security Assessment: Conducting thorough security evaluations to identify and mitigate potential vulnerabilities, ensuring the system is robust against cyber threats.
  • Pre-Operations Preparation: Finalising all necessary preparations for the system to enter pre-operations, including the development of operational procedures, training programs for users, and setting up support infrastructure.

The completion of the Product Phase will signify the readiness of the Secure Pooling & Sharing System for pre-operational deployment, marking a significant milestone in the development of a secure, commercial pooling, and sharing solution. This phase is critical in ensuring the system’s reliability, security, and effectiveness in real-world scenarios, paving the way for its full commercial launch as BESecured PSS Version 1 and BESecured PSS Version 2.

Challenges

The project is challenging. Leveraging on previous ESA studies and the experience of the involved partners, it must face a set of technically complex problems:

  • Matchmaking management for SatCom resources
  • Provision of high robustness and quality (resilience, security)
  • Define and implement a proper business model and governance structure for the delivery of the P&S Service

System Architecture

The BESecured Pooling & Sharing System (PSS) is designed to meet the stringent requirements of secure communications for commercial, government, and military users. The system architecture leverages advanced technologies and best practices in security to ensure robust, reliable, and secure communications. As we progress through the Product Phase, the architecture has been refined and validated to ensure readiness for pre-operational deployment.

Core Components and Functionality

neXat Cloud-Service Delivery Platform (C-SDP)

  • The C-SDP, a fully-fledged satellite communications specific OSS/BSS, serves as the core of the BESecured PSS, providing essential Pooling & Sharing functionalities.
  •  It connects to multiple satellites and hubs operated by various providers, ensuring comprehensive and resilient connectivity.
  • Enhanced security features have been integrated into the C-SDP to support IP-based communications for high-priority users.

ST Engineering iDirect Newtec Hub

  • This secured and enhanced hub facilitates connectivity with resource providers.
  •  It ensures seamless integration and communication between satellites and the C-SDP.
  •  The Newtec Hub is critical for maintaining high levels of performance and reliability in the BESecured PSS.

Security-by-Design Practices

  • The system architecture is developed following best Security-by-Design practices to create a secure operational environment.
  • A comprehensive Security Access Control System ensures secure access, maintaining the integrity, confidentiality, and availability of information.
  • This approach anticipates and mitigates potential security threats, ensuring long-term system resilience.

BESecured PSS Alpha

  •  The BESecured PSS Alpha, developed during the Technology Phase, served as a proof-of-concept demonstrator.
  •  It has been rigorously tested and validated from a security perspective, providing a solid foundation for the full operational system, delivered at the end of the Product Phase (Version 2).
  •  The Alpha prototype has been instrumental in identifying and addressing potential security challenges early in the development process.

Security Operations Centre (SOC)

  •  A dedicated SOC is integrated into the BESecured PSS to monitor and manage security operations.
  • The SOC ensures that all communications and operations meet the required security levels, providing continuous protection for customers and resource providers.
  • It plays a pivotal role in threat detection, incident response, and maintaining overall system security.

High-Level Architecture Overview

The architecture of the BESecured PSS can be visualised as follows:

User Interface Layer:

  • Provides end-users (commercial, government, military) with access to the system.
  • Implements user authentication and authorisation mechanisms to ensure secure access.

Service Management Layer:

  • Manages service requests from initiation to delivery.
  •  Utilises advanced algorithms for prioritisation and security treatment of service requests.

Core Service Layer (C-SDP):

  • Central hub for pooling and sharing functionalities.
  • Connects to multiple satellites and hubs, including the ST Engineering iDirect Newtec Hubs.
  • Ensures seamless integration and high availability of communication services.

Security Layer:

  •  Implements Security Access Control System for secure access and information protection.
  •  Includes encryption, intrusion detection, and other security measures to safeguard communications.

Connectivity Layer:

  •  Facilitates communication between satellites, hubs, and the C-SDP.
  •  Ensures reliable and resilient connectivity through multiple satellite operators.

Operations Layer (SOC):

  • Monitors and manages the security of the entire system.
  • Provides real-time threat detection, incident response, and continuous security management.

Plan

The project is divided in three phases:

  • Definition Phase (from October 2020 to January 2021)
  • Technology Phase (from February 2021 to April 2022)
  • Product Phase (from May 2022 to April 2025)

Current Status

The team is proceeding in the Product Phase, in preparation of the factory acceptance tests.

Companies

Starion Technologies NV
Starion Technologies NV
https://www.stariongroup.eu/
Belgium
neXat
neXat
https://www.nexat.be/
Belgium
ST Engineering iDirect
ST Engineering iDirect
https://www.idirect.net/
Belgium