Date Published: June 2021
Comments Due:
Email Questions to:
Author(s)
Matthew Scholl (NIST)
Announcement
Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and supporting infrastructure pose increasing risks to the economic promise of emerging markets in space.
This draft report describes cybersecurity concepts with regard to crewless, commercial space operations. The document is an information reference for managing cybersecurity risks and considering how cybersecurity requirements might coexist within space vehicle system requirements. NIST is specifically interested in feedback on the document’s overall approach, the example use case, and the identified controls for the use case. (Note that the use case is only notional for illustrative purposes and is not intended to be a set of specific cybersecurity recommendations.)
Based on feedback from this publication, NIST will also consider the utility of publishing similar reports discussing other areas of space operations as needed.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations. This report provides a general introduction to cybersecurity risk management for the commercial satellite industry as they seek to start managing cybersecurity risk in space. This document is by no means comprehensive in terms of addressing all of the cybersecurity risks to commercial satellite infrastructure nor does it explore risks to satellite vehicles, which may be introduced by implementing cybersecurity controls. The intent is to introduce basic concepts, generate discussions, and provide sample references for additional information on pertinent cybersecurity risk management concepts.
Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite...
See full abstract
Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations. This report provides a general introduction to cybersecurity risk management for the commercial satellite industry as they seek to start managing cybersecurity risk in space. This document is by no means comprehensive in terms of addressing all of the cybersecurity risks to commercial satellite infrastructure nor does it explore risks to satellite vehicles, which may be introduced by implementing cybersecurity controls. The intent is to introduce basic concepts, generate discussions, and provide sample references for additional information on pertinent cybersecurity risk management concepts.
Hide full abstract
Keywords
commercial space satellite operations; cybersecurity; cybersecurity risk management; risk management
Control Families
None selected
