National Institute of Standards and Technology releases guide on “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”

April 19, 2022 |

It is sign of how mainstream satellites have become and part of the the consumer economy that the National Institute of Standards and Technology (“NIST”) starts the process of developing guidelines for cybersecurity relating to the operation of satellite.  The NIST has released “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”.   

While the number of satellite operators is relatively, if not absolutely, small guides such as these have a broader application for those who take cyber security seriously. 

The NIST abstract provides:

Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services, as illustrated by the increased use of commercial communications satellite (COMSAT) bandwidth, the purchase of commercial imagery, and the hosting of government payloads on commercial satellites. The U.S. Government recognizes and supports space resilience through numerous space policies, executive orders, and the National Cyber Strategy. The space cyber-ecosystem is an inherently risky, high-cost, and often inaccessible environment consisting of distinct yet interdependent segments. This report applies the NIST Cybersecurity Framework to the ground segment of space operations with an emphasis on the command and control of satellite buses and payloads.

The objectives of guide are:

  • Classifying systems, processes, and components of satellite command, control, and payload systems in order to determine cybersecurity risk posture and address residual risk in the management and control of the space segment;
  • Defining a desired cybersecurity state for the systems, processes, and components of satellite command, control, and payload systems; and
  • Establishing defined and repeatable risk management approaches to elevate an actual cybersecurity state to a desired cybersecurity

The aim is to assist organisations to:

  • Make risk-informed decisions about the cybersecurity of the ground segment and its corresponding impact on the space segment’s bus and payload,
  • Select risk-based approaches that minimize the potential effects of the disruption or manipulation of satellite bus and payload commanding and telemetry, and
  • Consider planning and action regarding the secure management and recovery of the space segment

The components of the Framework are:

  • The Framework Core provides a catalog of desired cybersecurity activities andoutcomes using common The Core guides organisations in managing and reducing their cybersecurity risks in a way that complements an organization’s existing cybersecurity and risk management
  • The Framework Implementation Tiers provide context for how an organisation views cybersecurity risk The Tiers help organizations understand whether they have a functioning and repeatable cybersecurity risk management process and the extent to which cybersecurity risk management is integrated with broader organizational riskmanagement
  • The Framework Profiles are customized to the outcomes of the Core to align with an organization’s Profiles are primarily used to identify and prioritize opportunities for improving cybersecurity at an organization

The functions are to:

  1. Identify – Develop organizational understanding to manage cybersecurity risk to systems, assets, data, and The activities in the Identify Function are foundational to the effective use of the Cybersecurity Framework, enabling an organization to focus and prioritize its efforts in a manner consistent with its risk management strategy and business
  2. Protect – Develop and implement the appropriate safeguards to ensure the delivery of critical infrastructure The activities in the Protect Function support the ability to limit or contain the impact of a potential cybersecurity
  3. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity The activities in the Detect Function enable the timely discovery of cybersecurity
  4. Respond – Develop and implement the appropriate activities to react to a detected cybersecurity The activities in the Respond Function support the ability to contain the impact of a potential cybersecurity
  5. Recover – Develop and implement appropriate activities to maintain resilience and to restore any capabilities or services that were impaired due to a cybersecurity The activities in the Recover Function support timely recovery to normal operations, reduce the impact of a cybersecurity event, and provide insight and guidance for overall

The objectives of the Protect Function include:

  • Protecting the systems that format and transmit commands to the required level of assurance;
  • Protecting the systems that receive and process telemetry or other data from the satellite; and
  • Should a threat be realized, protecting the ground segment to maintain a sufficient level of operations through verified response and recovery plans and prevent adverse impacts on the space

The objectives of the Detect Function include:

  • Enabling detection through monitoring and consistency checking and
  • Establishing a process for deploying detection capabilities and the handling/disposition of detected anomalies and

The objectives of the Response Function are to:

  • Contain events using a verified response procedure,
  • Communicate the occurrence and impact of the event on satellite operations and stakeholders,
  • Develop processes to respond to and mitigate new known or anticipated threats or vulnerabilities, and
  • Evolve response strategies and plans based on lessons learned.

The objectives of the Recover Function are to:

  • Restore the ground segment’s services to a proper working state using a verified recovery procedure so that systems dependent on those services can function properly,
  • Communicate the recovery activities and status of the ground segment services to stakeholders, and
  • Evolve recovery strategies and plans based on lessons learned.

It is a very lengthy and detailed document that makes references to other NIST publications and other guides.  Because it deals with core principles it’s commentary is not confined to satellite technology.

Leave a Reply