Date Published: February 25, 2022
Comments Due:
Email Questions to:
Author(s)
Matthew Scholl (NIST), Theresa Suloway (MITRE)
Announcement
Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and their supporting infrastructure pose increasing risks to the economic promise of emerging markets in space. This second draft of NISTIR 8270, Introduction to Cybersecurity for Commercial Satellite Operations, presents a specific method for applying the Cybersecurity Framework (CSF) to commercial space business and describes an abstracted set of cybersecurity outcomes, requirements, and suggested controls.
The draft also:
- Clarifies scope with an emphasis on the satellite itself,
- Updates examples for clarity,
- Adds more detailed steps for developing a current and target profile and risk analysis, and
- Provides references for relevant regulations around commercial space.
Reviewers are asked to provide feedback on additional threat models that might help in the development of organization profiles, informative references on the application of security controls to satellites, and standards or informative references that might benefit all readers.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations. This report provides a general introduction to cybersecurity risk management for the commercial satellite industry as they seek to start managing cybersecurity risks in space. This document is by no means comprehensive in terms of addressing all of the cybersecurity risks to commercial satellite infrastructure, nor does it explore risks to satellite vehicles, which may be introduced through the implementation of cybersecurity controls. The intent is to present basic concepts, generate discussions, and provide sample references for additional information on pertinent cybersecurity risk management models.
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite...
See full abstract
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations. This report provides a general introduction to cybersecurity risk management for the commercial satellite industry as they seek to start managing cybersecurity risks in space. This document is by no means comprehensive in terms of addressing all of the cybersecurity risks to commercial satellite infrastructure, nor does it explore risks to satellite vehicles, which may be introduced through the implementation of cybersecurity controls. The intent is to present basic concepts, generate discussions, and provide sample references for additional information on pertinent cybersecurity risk management models.
Hide full abstract
Keywords
commercial space satellite operations; cybersecurity; cybersecurity risk management; risk management
Control Families
None selected
