As space threats grow in sophistication and number, so do efforts by the nations of the world to resist them. For the European Union (EU) and its executive European Commission, a key component of these efforts falls to a Prague-based agency that tests and approves the standards for keeping space assets secure.
The work of this agency, the Security Accreditation Board (SAB), is highly technical and largely classified. But what’s at stake is clear. “The EU is increasingly dependent on space-based assets and services for the functioning of its economy, its society and for security and defense,” the European External Action Service (EEAS), the EU’s diplomatic arm, said in a March 2023 news release. “Russia’s aggression on Ukraine has emphasized the vulnerability of today’s defense forces and economies to threats affecting space services and infrastructure.”
The EU has identified a wide range of potential space threats in its 2022 Space Strategy for Security and Defence. These include electronic warfare, laser and directed energy weapons, robotic arms, electronic warfare and anti-satellite missiles.
Established in 2010, the SAB works within the EU Agency for the Space Programme (EUSPA). But it stands as an independent group, separate under EU regulation from those who perform security operations in the area. The SAB has its own staff and a council of member nations that reach decisions, largely by consensus.
The work of the SAB extends to all of the EU’s space components. These are Copernicus, an Earth observation program; EGNOS, the European Geostationary Navigation Overlay Service, enhancing systems that enable precision aviation; Galileo, Europe’s Global Navigation Satellite System (GNSS) for position, navigation and timing; GOVSATCOM, Governmental Satellite Communications, secure communications for government missions, including national security; IRIS2, Infrastructure for Resilience, Interconnectivity and Security by Satellite, providing next-generation secure communications for government and business and high-speed internet where it’s lacking; and SSA, space situational awareness, for comprehensive understanding about space hazards.
Within the Galileo program, EUSPA operates the robust and encrypted Public Regulated Service for use in times of national emergency, such as terrorist attacks, by government-authorized entities, including civil protection units, fire brigades, customs officers and the police. In addition, Galileo features Open Service Navigation Message Authentication, a function accessible to all that ensures navigation messages are free from tampering.
The EU has tasked the SAB with identifying security risks and defining measures to reduce them. The SAB accomplishes this by accrediting satellite launches, systems updates, and operations and services, according to its website. The board makes some 200 accrediting decisions per year and advises the EU on general space security requirements.
Philippe Bertrand, who has held positions with the French military and the EU, was named chair of the SAB in 2022 and reelected to the position in March 2024. Here are excerpts from an interview he had with Apogee in October 2024, edited for length and clarity.
How does the SAB work to ensure the security of Europe’s space assets?
The Security Accreditation Board is a very specific body, provided with the responsibility of security accreditation for all the EU space components. So, Galileo, EGNOS, Copernicus SSA, GOVSATCOM and the new EU flagship program IRIS2. The only representatives with voting rights are the member states. The role of the SAB is to coordinate and to articulate a decision within the time schedule of a program. But what is very, very important is that the SAB make independent decisions.
Why is that independence so important?
In the space program, you have different kinds of users. Civilian, as well as government. And if you want to provide a guarantee to the users, in particular the governmental ones, that what is built is secure enough for their needs, it is important to rely upon an independent body. With the SAB, we have the capability to perform security checks, for example, with a cyber audit, we perform intrusion tests, penetration tests. So, we have an independent capability to know exactly the security level of a program component. With this independent access to information, we can guarantee independence and we can say to the government whether the program meets their needs.
What security innovations have emerged in Europe with the development of its satellites?
There are a huge number of innovations. In 2016, we entered into the Galileo initial service declaration, which was approved by the SAB. Then a few years ago, in 2021, we had new components integrated into the EU space program – Copernicus, space situational awareness and GOVSATCOM. Last year, we added the new EU program IRIS2. This year, we have had a massive ground segment upgrade on Galileo to prepare for the Public Regulated Service’s initial operational capabilities, and we integrated new satellites into the constellation. We have seen, as well, new services in the Galileo Open Service Navigation Message Authorization. Galileo today provides impressive navigation performance, that’s public knowledge, but Galileo’s second generation is in preparation and will provide up-to-date services and ensure security for decades to come. For EGNOS, it is the same. EGNOS is in service, used by civil aviation, and we worked on the current accreditation of EGNOS, but we work as well on the preparation of EGNOS’ next version, EGNOS V3. EGNOS V3 will be more secure. Innovation is considered in all the different program components. Copernicus will see a new Copernicus service for government, and again, we will work on making it secure.
IRIS2 will reach new levels of security, designed from the ground up with this in mind. How will IRIS2 contribute to secure space for Europe?
In IRIS2 you have a very important objective. The first objective is to ensure the long-term availability for the European Union, and for commercial services as well, of access to secure quality of service. To support the commission in this approach, the SAB will advise the IRIS2 program and assist the program to approve documentation, perform security checks, issue accreditation decisions, and finally make all decisions at component sites and for the launches of the satellite communication services. So, the IRIS2 is really the next challenge for Europe, for the program, for the SAB, but I am confident that – with next year the 15th year, and so much done already – we will succeed with this, as well.
How do you compare Galileo to other GNSS systems worldwide? What distinguishes it?
You must distinguish between what is public and what is less public. What is public today for Galileo is impressive navigation performance. Then, to compare the security and the reliability of different GNSS systems, it is immensely complex because parts are classified. What is important is that Galileo has been built to provide reliable and secure services with all necessary security features. For that, we work in close coordination with the program, and (forthcoming upgrades) will be a major milestone. There is a lot of work between the program and the member states in terms of service validation. All the program actors from member states and the SAB are working very hard to achieve this milestone.
Europe is many countries. How do its capabilities benefit from collaboration in space security?
Indeed, Europe is very collaborative. So, first of all, what is important is that Europe [in 2022 established] the Strategic Compass, then the Space Strategy for Security and Defence — that space is a strategic domain. After that, EU space regulations explain how all the different actors at the European level cooperate together in order to build this complex program. So, we first, with the commission, share the responsibility for the implementation of our EU space program, including the field of security. SAB is the security accreditation agency for all of the space components. In terms of collaborative approach, the SAB is the body where the objective is to achieve consensus, where all the member states [can] dig into the security of this complex program to provide expertise, and in the end, to reach a full understanding about the security achievement. It is a governance where EU institutions and member states work together on combined activity, which is key to the security of the EU space program.
Your organization guards space assets against threats and vulnerabilities. Can you describe what some of those threats and vulnerabilities might be?
Obviously, the SAB is aware of the space threats. If you look at the composition of the SAB, we have member states, the commission, EEAS, we have all of the capabilities to know and share the status of threats. In accordance with the regulations, the SAB and the commission cooperate to define risk mitigation measures when such measures are deemed necessary. So again you see the collaborative approach. At the European level, there is now a mechanism in place where a representative issues a space threats landscape analysis to the member states that includes counterspace capabilities. To share this kind of information is very important and useful.
Is this analysis available publicly?
It is classified. But the fact that it exists is public.
Does SAB work to standardize security requirements for Europe and its allies?
Our responsibility is limited to Europe space. In terms of standardization, what we do on our side is standardize all activity — accreditation conditions, such as how to accredit a launch, how to accredit a system, how to accredit services, and we standardize security accreditation strategies. We standardize the kind of audit we perform, such as cyber architecture audit, cyber configuration audit, cyber operation audit, the penetration tests that we do. We have all those components and all those services, and there are more and more services year after year. And because of the EU space program’s huge impact at the European level, all industry is involved, so the standards have widespread impact within the industrial sector, as well. Industry knows how we work. Everybody is cooperating with us at every level, which is understandable because, in the end, we make the decisions. All of us, the member states of the SAB and the program, understand why we are going in this direction and where we need to go, and this is the best way to work toward that.
Recently, SAB approved the launch of Galileo 29 and 30 outside European territory. Do you anticipate any future need for such launches and approvals?
The decisions to launch from European territory or non-European territory is a decision of the commission. Our responsibility at the SAB level is to ensure the launches occur in secure conditions. We authorized two Galileo launches from Cape Canaveral (Florida) and they have been performed through an international agreement between the EU and the U.S. to address procedures for the launch of this very secure satellite from U.S. territory. We cooperated on a day-to-day basis until the launch, and this was successful; the SAB authorized the launch. So, it was a very interesting experience and a successful one.
Did this launch pose any special challenges for SAB?
The challenge is quite simple to understand, if I may say. When you are within your territory, the territory is under your control, and when you are outside your territory, in the control of another country, it is very important to have an agreement to clarify the responsibility of all stakeholders.
Do you think the return of the Ariane launch vehicle will improve the space security landscape for Europe?
What Europe has said is that there is a need for long-term European access to space. That’s the general objective at all levels. At the SAB level, we prepare for future Ariane 6 launches considering the specific features of all the satellites we will have to launch in the coming years.