NIST Completes Satellite Command-and-Control Guidance
NIST’s popular cybersecurity framework is finally ready for space. Well, not really outer space—but it will be applied to the security of ground satellite command-and-control systems.
In recent years, the security of satellites has caught the attention of the military and lawmakers. Col. Jennifer Krolikowski, chief information officer at U.S. Space Systems Command, U.S. Space Force, detailed China’s tremendous strides in both the number of satellites and, perhaps, the cybersecurity skills needed to exploit satellite technology. She warned that nations such as China will increasingly try to exert more power over space communications than they have in the past.
In May 2022, the EU, UK and U.S. accused Russia of an attack targeting Ukraine’s Viasat’s KA-SAT system; the attack intended to disrupt Ukrainian communications at the beginning of the invasion.
“The cyberattack took place one hour before Russia’s unprovoked and unjustified invasion of Ukraine on 24 February 2022, thus facilitating the military aggression. This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several EU Member States,” the EU stated.
With its NIST Interagency Report, NIST IR 8401, dubbed the Satellite Ground Segment, Applying the Cybersecurity Framework to Satellite Command and Control, NIST hoped to bolster the security of the ground command-and-control portion of the satellite ecosystem with the application of its cybersecurity framework.
By creating a cybersecurity framework profile for satellite command and control, NIST said organizations can better manage their cybersecurity risks and better secure their environments. “The goal of the profile is to supplement preexisting resilience measures and elevate the postures of less mature initiatives,” the agency wrote.
The effort began in September 2018 when the U.S. National Cyber Strategy made it clear that the U.S. considered unfettered access and freedom to operate in space vital to the advancement of the security, economic prosperity and scientific knowledge of the nation. With that in mind, the federal government issued Space Policy Directive 5 (SPD-5).
SPD-5 established key cybersecurity principles to serve as the foundation for digital defense of the nation’s space systems. The directive also fosters practices within the USG and commercial space operations that protect space assets and their supporting infrastructure from cybersecurity threats.
The final NIST report provides guidance for the implementation of foundational cybersecurity practices within ground satellite command and control systems, such as developing and implementing cybersecurity plans to ensure space systems’ ability to verify the integrity, confidentiality and availability of critical functions. The framework also details how to retain or recover positive control of space vehicles.
The ground segment cybersecurity framework profile is voluntary and doesn’t define mandatory regulations or practices.