Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Finalizes Cybersecurity Guidance for Ground Segment of Space Operations

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.

NIST’s widely used Cybersecurity Framework consists of standards, guidelines and practices for protecting critical infrastructure. This voluntary framework is designed to help organizations manage their cybersecurity risks.

The NIST Interagency Report (IR) 8401 aims to apply the Cybersecurity Framework to satellite command and control, creating a profile for the space sector’s ground segment in an effort to help stakeholders manage risk. The goal of the profile is to complement existing security measures in an organization.

NIST’s guidance comes in response to the US government viewing space as an increasingly important element of critical infrastructure.

“A loss or degradation of space services could significantly impact the security and economic well-being of the United States,” NIST said. “The United States Government recognizes that government-owned space operations can be augmented through activities such as the leasing of commercial communications satellite (COMSAT) bandwidth, commercial space-based telecommunication services, the purchase of commercial imagery, and the use of commercial satellite buses to host payloads and other capabilities.”

The agency pointed out that the guidance focuses on the ground segment of space operations due to the fact that it may be impractical to implement some cybersecurity controls on the satellite itself due to size, weight and power constraints.

NIST’s new Cybersecurity Framework profile can help organizations that own or operate space systems identify systems and processes related to the command and control of space vehicle buses and payloads, identify threats, protect systems, detect loss of confidentiality, integrity or availability, respond to incidents, and quickly recover from anomalies.

The profile focuses on two major components: the mission operations center (MOC), which issues commands to a satellite control data handling platform and receives telemetry from the space vehicle’s bus; and the payload control center, which communicates with both the MOC and the satellite.

The NIST guidance details each of the five core functions of the Cybersecurity Framework: identify, protect, detect, respond and recover.

“When considered together, these Functions provide a high-level, strategic view of the life cycle of an organization’s managemnt of cybersecurity risk,” the document reads.

The complete document, titled “Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control”, is available on NIST’s website in PDF format.

Related: NIST Releases New macOS Security Guidance for Organizations

Related: Mapping Threat Intelligence to the NIST Compliance Framework

Related: NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.