CNSS (Committee on National Security Systems) is an intergovermental organization in United States. Its main goal is to set policies based on CIA triad (Confidentiality, Integrity, and Availability). One of the guidelines is for Space Systems and it requires some attention, since it is not the final frontier but the next target for mass attacks. As the political arena is heating more and more, international criminals, state sponsored attackers, and young and curious enthusiasts will poke space arena soon. Space is also getting more and more crowded as SpaceX satellites and Chinese ambitions gain more investments and market around the globe. I believe this is time to mention the security of Space Systems. Here a short summary and some take aways from the CNSS instructions to protect Space Netwoks and Systems.

All NSS space systems and networks, including space, ground, launch, and user segments, must have cyberspace defense services. These services must cover:

  1. Prepare,
  2. Protect,
  3. Detect,
  4. Analyze,
  5. Respond,
  6. Assess
  7. And Adjust.

Cyber Security Service providers must demonstrate qualifications and ability to meet execution and delivery of these requirements. Activities must be coordinated with relevant operators, managers, owners, users, and authorities.

Implementation in traditional space platforms use (OSI layer 2 and below) meaning they implement defense services on terrestrial networks. It is suggested now that organizations to use platforms with OSI layer 3 and above functionality require additional on-board defense services. All on-orbit and terminal systems need appropriate levels of cyberspace defense.

Monitoring and Reporting

Continuous monitoring is required to manage risk and maintain authorizations.
Systems must be monitored from operational, information assurance, system, and network perspectives.

Specific monitoring requirements include:

  1. Detecting unauthorized link access attempts
  2. Monitoring and responding to electromagnetic interference (EMI)
  3. Implementing Information Security Continuous Monitoring (ISCM) strategies

For commercial Space System Services, contracts for commercial services must specify monitoring and control requirements.

Key considerations include:

  1. Network Operations Center (NOC) requirements
  2. Staffing and availability expectations
  3. Reporting procedures for outages and security events
  4. Information Assurance compliance monitoring throughout the contract lifecycle

The document is published on “www.cnss.gov” under name “CNSSI 1200 Instruction for Space Systems Used to Support” on 7 May, 2014. It has been over 10 years. We hear very little about any space related cyber security incident. It does not mean there is no cyber attack in the space but the measurements are well integrated. NSS emphasizes the importance of comprehensive cybersecurity measures across all aspects of NSS space systems, from acquisition to ongoing operations. Read full document on “https://www.cnss.gov/CNSS/issuances/Instructions.cfm” And if your browser alerts for an ssl unsecure warning, unfortunately it is true. This site manages its encription and security in a way I haven’t figured out yet. May be they will ask you to install a DoD certificate so your coputer will read their self assaigned certification. If any of you will figure it out please let me know breefly. I already have the documentation in long form.

QA, Software Tester | Web Developeer | Security Specialist | Teacher | Preacher | Strategist & Humanist

Leave a Reply

Your email address will not be published. Required fields are marked *