Space, an increasingly important critical infrastructure

The National Institute of Standards and Technology (NIST) has developed NIST IR 8401 under the Cybersecurity Framework to provide satellite ground segment operators with guidance on different cybersecurity applications for all systems that span the satellite ground segment.

The satellite environment is becoming more and more extensive, so its relevance is evident, both in terms of communications and security for many countries. At present, most of them are also considered critical infrastructures, so their hardening is vital, both for national security and for the operation of a large number of types of communications.

NIST IR 8401 was published on 3 January 2023 and is primarily intended, as mentioned above, to be used as a risk management programme to help satellite ground segment organisations manage and administer cybersecurity risks to systems, networks and assets. The security framework profile provides:

• A classification of command, control and payload systems, processes and components to determine the cybersecurity risk posture and address residual risk in the management and control of the space segment.
• The definition of a desired state of cyber security for systems, processes and components of satellite command, control and payload systems.
• Establish a defined and repeatable risk management approach to elevate the state of cyber security to a desired state of cyber security.

In addition, it also enables organisations to obtain the following capabilities:

• Identify the systems and processes that enable control and command of spacecraft, payloads, and determine their performance requirements.
• Identify different threats, both known and potential threats to the satellite ground segment and infrastructures.
• Protect ground segment dependent systems, through policies and procedures, physical and logical access controls, resilience levels etc.
• Detect possible loss of confidentiality, integrity or availability of ground segments.
• Respond quickly and effectively to failures in the confidentiality of the Telemetry, Tracking and Command satellite environment and the manipulation or loss of satellite commands.
• Ability to recover from potential attacks or security breaches quickly, effectively and resiliently.

SCOPE OF THE NIST IR 8401

NIST IR 8401 is focused on two components of the satellite ground segment:

• Mission Operations Centre (MOC): centre responsible for issuing commands for satellite control and receiving telemetry from the device/spacecraft.
• Payload Control Centre (PCC): centre with capabilities to issue commands and receive payload responses from satellite devices of a possible external organisation.

- Satellite ground segment components in commercial operations. Source. -

Purpose and functions

The Cyber Security Framework provides a means for stakeholders to assess their cyber security posture with reference to the following terms or functions:

• Identify: central to the risk assessment process. It helps the organisation understand and manage the cybersecurity risks to its assets, systems, data and capabilities. The objectives of the identification function include the following:
  •  Identify the commercial or operational environment and the purpose of the organisation at satellite level.
  • Identification of assets including hardware, software, personnel, roles, responsibilities and criticality of assets.
  • Identify the infrastructure that provides the functionality of the terrestrial segment.
  • Identification of current vulnerabilities, hazards and impacts, as well as trends in case hazards materialise and risks need to be assessed.
• Protect: develops and implements different security measures to guarantee the operation of critical infrastructure services. This is because both the software and hardware used in space operations is highly customised, i.e. it is not built for a modern, highly interconnected cyber ecosystem. The objetives of this function include:
  • Protect satellite systems receiving and transmitting commands between satellite systems and environments.
  • Protect systems receiving and processing telemetry or other satellite data.
  • In the event of a cyber-attack, the aim is to protect the ground segment in order to maintain a sufficient level of operations to ensure the functionality of basic operations.
• Detect: enables the development and implementation of appropriate activities to identify the occurrence of a cybersecurity incident. In addition, it also allows monitoring anomalous events and notifying users and applications of their occurrence. The main objectives of the detect function are the following:
  • Detection through monitoring and verification of users.
  • Generate a process to deploy capabilities to detect and dispose of detected anomalies and events.
• Respond: develops and implements the appropriate activities to be taken regarding a detected cyber security incident. This function is closely related to the detect function. Its main objectives are:
  • Contain cyber security events using cyber security response procedures.
  • This function also has the ability to communicate the impact of the detected event.
  • Finally, another objective is to develop strategies and response plans based on lessons learned from previous cyber security events.
• Recover: enables the development and implementation of appropriate activities to maintain plans for recovery and restoration of capabilities or services damaged due to a cyber security incident. Its objetives include:
  • Restore ground segment services to a proper operational state to recover the level prior to the security event.
  • Communicate recovery activities and status of ground segment services to all stakeholders.
  • Development of recovery strategies and plans based on lessons learned.

It should also be noted that, within each control, there are different sub-controls that allow a high-level analysis and a specific and complete qualification of the main function.

Conclusion

Space is a critical infrastructure vital to many aspects of both security and communications for any country. A problem in the security of satellite or ground segment communications can lead not only to an almost total disconnection of many types of communications, but also to a national security problem.

NIST IR 8401 has therefore made significant progress in improving both the identification of ground segment assets and the detection of, or response to, potential threats and the recovery of affected systems.

Regulatory compliance can ensure that any company or organisation can increase the level of security and its capabilities to deal with any cyber security event affecting the satellite ground segment.