Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Finalizes Cybersecurity Guidance for Ground Segment of Space Operations

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.

NIST’s widely used Cybersecurity Framework consists of standards, guidelines and practices for protecting critical infrastructure. This voluntary framework is designed to help organizations manage their cybersecurity risks.

The NIST Interagency Report (IR) 8401 aims to apply the Cybersecurity Framework to satellite command and control, creating a profile for the space sector’s ground segment in an effort to help stakeholders manage risk. The goal of the profile is to complement existing security measures in an organization.

NIST’s guidance comes in response to the US government viewing space as an increasingly important element of critical infrastructure.

“A loss or degradation of space services could significantly impact the security and economic well-being of the United States,” NIST said. “The United States Government recognizes that government-owned space operations can be augmented through activities such as the leasing of commercial communications satellite (COMSAT) bandwidth, commercial space-based telecommunication services, the purchase of commercial imagery, and the use of commercial satellite buses to host payloads and other capabilities.”

The agency pointed out that the guidance focuses on the ground segment of space operations due to the fact that it may be impractical to implement some cybersecurity controls on the satellite itself due to size, weight and power constraints.

NIST’s new Cybersecurity Framework profile can help organizations that own or operate space systems identify systems and processes related to the command and control of space vehicle buses and payloads, identify threats, protect systems, detect loss of confidentiality, integrity or availability, respond to incidents, and quickly recover from anomalies.

The profile focuses on two major components: the mission operations center (MOC), which issues commands to a satellite control data handling platform and receives telemetry from the space vehicle’s bus; and the payload control center, which communicates with both the MOC and the satellite.

Advertisement. Scroll to continue reading.

The NIST guidance details each of the five core functions of the Cybersecurity Framework: identify, protect, detect, respond and recover.

“When considered together, these Functions provide a high-level, strategic view of the life cycle of an organization’s managemnt of cybersecurity risk,” the document reads.

The complete document, titled “Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control”, is available on NIST’s website in PDF format.

Related: NIST Releases New macOS Security Guidance for Organizations

Related: Mapping Threat Intelligence to the NIST Compliance Framework

Related: NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.