The Office of Space Commerce has released a draft space cybersecurity report and is inviting public comments on the document.

According to the document, space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and supporting infrastructure pose increasing risks to the economic promise of emerging markets in space.

This draft space cybersecurity report describes cybersecurity concepts with regard to crewless, commercial space operations. The document is an information reference for managing cybersecurity risks and considering how cybersecurity requirements might coexist within space vehicle system requirements. NIST is specifically interested in feedback on the document’s overall approach, the example use case, and the identified controls for the use case.

Based on feedback from this publication, NIST will also consider the utility of publishing similar reports discussing other areas of space operations as needed.

The report's authors contend that space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations.

The draft space cybersecurity report provides a general introduction to cybersecurity risk management for the commercial satellite industry as they seek to start managing cybersecurity risk in space. However, the OSC cautions that the document is by no means comprehensive in terms of addressing all of the cybersecurity risks to commercial satellite infrastructure nor does it explore risks to satellite vehicles, which may be introduced by implementing cybersecurity controls. The intent is to introduce basic concepts, generate discussions, and provide sample references for additional information on pertinent cybersecurity risk management concepts.

The National Institute of Standards and Technology (NIST) asks the commercial satellite operations community to use this document as an informative reference to assist in managing cybersecurity risks and to consider how cybersecurity requirements might coexist within space vehicle system requirements. The example requirements listed in this document could be used to create an initial baseline. However, NIST recommends that organizations use this document in coordination with the set of NIST references and applicable Standard-Setting Organizations material to create cybersecurity outcomes, requirements, and controls customized to support an organization’s particular business needs and address its individual threat models.

Comments should be emailed to DraftIR8270Comments@nist.gov by August 13, 2021.

(Source: Office of Space Commerce. Image from file)