Navigation Systems Analysis: Low Cost Design and Implementation of a Security Event Logging Framework.

In this paper we examine design approaches and techniques to implement a low-cost Security Event Management (SEM) logging framework based on our experience deploying such systems on our mission-critical network. This is a crucial part of our efforts for the implementation and protection of mission critical flight systems used by the Mission Design and Navigation Section at NASA’s Jet Propulsion Laboratory. Spacecraft Navigation is the result of a complex interplay between numerous teams, performed on our Multi-Mission Navigation (MMNAV) Ground Data System. This paper reviews the process used to design fault tolerance and robustness into the security architecture, the goal of which is the protection of the users of the system from hostile external threats, while making their experience on the system as user-friendly and efficient as possible over the entire lifecycle of the system. Deriving from fault tolerant design concepts of fail-gently and independent failure, we focus particularly on the implications of examining and protecting the evolution of this system over time. Viewed especially against the backdrop of principles seen from Time Based Security, the design goal is a robust system that is secure from its implementation to its disposition. From this clear need for a secure, robust, high-reliability/high-availability computational environment to support navigation data processing, we have designed Security Information Event Management (SIEM) into the MMNAV Ground Data System. From system requirements, user, and administrator feedback, we developed a model for SEM for the overall system. Working with open-source software, an iterative approach was employed to capture and observe user actions and data flows, store such logs in a secure manner, and then implement a system to review and monitor such logs accordingly in real time. The goal was to have a means to examine the current security state of the entire Navigation Ground Data System as it evolved over time. While numerous security vendors will provide such ‘services’ or ‘appliances’ at a high price, we desired an affordable system that we designed and understood from the ground up under our control. This paper discusses the challenges of implementing this SIEM in a low cost, but robust framework – using the open source tools of Syslog-NG, Elasticsearch, and Kibana to create a system allowing real-time monitoring of our secure Ground Data System. We hope that this can serve as an excellent example for future missions with similar needs.