Security Frameworks & Standards | Satellite Security

Overview

Satellite systems occupy a unique position in the cybersecurity landscape: they are critical infrastructure, they operate across international jurisdictions, they involve radio frequency emissions subject to spectrum regulation, and they support missions ranging from commercial broadband to national security. This intersection of concerns has produced a complex and evolving ecosystem of frameworks, standards, and regulations.

Unlike traditional IT security, where frameworks like NIST SP 800-53 and ISO 27001 have been dominant for decades, space cybersecurity standardization is relatively nascent. Many of the most important documents have been published only in the last five years. Security practitioners working in the space domain must navigate standards from telecommunications bodies (ITU, ETSI), space agencies (NASA, ESA), defense establishments (DoD, CNSSP), international coordination bodies (CCSDS, UN COPUOS), and general cybersecurity organizations (NIST, CISA) — often simultaneously.

This page provides a comprehensive survey of the frameworks, standards, and regulations that govern satellite cybersecurity, how they interrelate, and practical guidance on applying them.

Framework Comparison

The following table summarizes the major frameworks and standards relevant to satellite and space system cybersecurity.

Framework / Standard	Organization	Scope	Mandatory / Voluntary	Primary Focus	Year
NIST IR 8270	NIST	Commercial satellite operations	Voluntary	Cybersecurity introduction & risk profiles	2023
NIST IR 8401	NIST	Satellite ground segment	Voluntary	Ground segment security controls	2023
NIST SP 800-53 Rev 5	NIST	General information systems	Voluntary (mandatory for federal)	Security & privacy controls catalog	2020
NIST CSF 2.0	NIST	All critical infrastructure	Voluntary	Risk management framework	2024
CCSDS 350.0-G-3	CCSDS	Space missions	Voluntary (de facto standard)	Security architecture overview	2022
CCSDS 352.0-B-2	CCSDS	Space data links	Voluntary (de facto standard)	Data link encryption protocol	2020
CCSDS 355.0-B-2	CCSDS	Space communications	Voluntary (de facto standard)	Encryption algorithms for space	2022
SPD-5	White House / OSTP	US space systems	Directive (US policy)	Cybersecurity principles for space	2020
CNSSP-12	CNSS	National security space systems	Mandatory (US national security)	Information assurance policy	2018
CMMC 2.0	DoD	Defense industrial base	Mandatory (defense contracts)	Contractor cybersecurity maturity	2024
ITU Radio Regulations	ITU	Global RF spectrum	Mandatory (treaty obligation)	Spectrum allocation & interference	2024
ETSI TR 103 908	ETSI	Satellite earth stations	Voluntary	Earth station equipment security	2023
ISO/IEC 27001	ISO/IEC	Information security management	Voluntary (certifiable)	ISMS framework	2022
ITAR / EAR	US State / Commerce	Space technology exports	Mandatory (US law)	Export control	Ongoing
UN COPUOS LTS Guidelines	United Nations	Spacefaring nations	Voluntary (soft law)	Long-term sustainability	2019

Framework-to-Segment Mapping

The following diagram illustrates how the major frameworks and standards map to different satellite system segments. Understanding this mapping is critical for determining which standards apply to your specific operational context.

graph TB
    subgraph Frameworks["Frameworks & Standards"]
        NIST_IR8270["NIST IR 8270<br/>Commercial Satellite Ops"]
        NIST_IR8401["NIST IR 8401<br/>Ground Segment"]
        NIST_CSF["NIST CSF 2.0"]
        CCSDS350["CCSDS 350.0<br/>Security Architecture"]
        CCSDS352["CCSDS 352.0<br/>SDLS Protocol"]
        CCSDS355["CCSDS 355.0<br/>Encryption Algorithms"]
        SPD5["SPD-5<br/>Space Policy Directive"]
        CNSSP12["CNSSP-12<br/>National Security"]
        CMMC["CMMC 2.0"]
        ITU["ITU Radio Regs"]
        ETSI["ETSI TR 103 908"]
        ISO27001["ISO 27001"]
    end

    subgraph Segments["Satellite System Segments"]
        SPACE["Space Segment<br/>(Spacecraft, Payload)"]
        GROUND["Ground Segment<br/>(Control Stations, NOC)"]
        USER["User Segment<br/>(Terminals, Receivers)"]
        LINK["Link Segment<br/>(Uplink, Downlink, ISL)"]
    end

    NIST_IR8270 --> SPACE
    NIST_IR8270 --> GROUND
    NIST_IR8270 --> LINK
    NIST_IR8401 --> GROUND
    NIST_CSF --> SPACE
    NIST_CSF --> GROUND
    NIST_CSF --> USER
    CCSDS350 --> SPACE
    CCSDS350 --> GROUND
    CCSDS350 --> LINK
    CCSDS352 --> LINK
    CCSDS355 --> LINK
    CCSDS355 --> SPACE
    SPD5 --> SPACE
    SPD5 --> GROUND
    SPD5 --> LINK
    SPD5 --> USER
    CNSSP12 --> SPACE
    CNSSP12 --> GROUND
    CNSSP12 --> LINK
    CMMC --> GROUND
    ITU --> LINK
    ETSI --> USER
    ETSI --> GROUND
    ISO27001 --> GROUND
    ISO27001 --> USER

1. NIST Space Cybersecurity

The National Institute of Standards and Technology has produced several publications directly addressing space system cybersecurity, in addition to its general-purpose frameworks that are widely applied to satellite operations.

NIST IR 8270 — Introduction to Cybersecurity for Commercial Satellite Operations

Published in February 2023, NIST IR 8270 is the most comprehensive single document addressing cybersecurity for commercial satellite operators. It was developed in collaboration with industry stakeholders through the NIST National Cybersecurity Center of Excellence (NCCoE).

Key contributions of IR 8270:

Mission-based risk approach: Rather than prescribing specific controls, IR 8270 encourages operators to assess cybersecurity risk in the context of their specific mission — recognizing that a commercial broadband constellation has different risk tolerances than a government Earth observation mission.
Satellite-specific threat taxonomy: The document catalogs threats unique to satellite operations, including RF jamming, command injection, firmware compromise during manufacturing, and supply chain attacks on space-qualified components.
Lifecycle coverage: IR 8270 addresses security across the full satellite lifecycle — design, manufacturing, integration and testing, launch, on-orbit operations, and decommissioning. This is significant because many satellite vulnerabilities are introduced during manufacturing or integration, long before the system becomes operational.
Risk profile mapping: The document maps satellite-specific threats to the NIST Cybersecurity Framework functions (Identify, Protect, Detect, Respond, Recover), providing operators with a structured approach to gap analysis.

Practical application: Operators should use IR 8270 as a starting point for developing a satellite-specific cybersecurity program. The document’s threat catalog can serve as input to a threat modeling exercise, and its lifecycle approach helps ensure that security is considered from the earliest design phases rather than bolted on post-launch.

NIST IR 8401 — Satellite Ground Segment Cybersecurity

Published alongside IR 8270, NIST IR 8401 focuses specifically on the ground segment — the most accessible attack surface in satellite systems and the one most amenable to traditional cybersecurity controls.

Scope and structure:

IR 8401 addresses the following ground segment components:

Component	Security Concerns
Mission Control Center (MCC)	Access control, command authentication, audit logging
Ground Stations / Antennas	Physical security, RF chain integrity, SCADA/ICS security
Network Operations Center (NOC)	Network segmentation, monitoring, incident response
Telemetry Processing	Data integrity, real-time anomaly detection
Command Generation	Authentication, encryption, command validation
Key Management Infrastructure	HSM deployment, key distribution to spacecraft
Ground Network Interconnects	VPN/encryption for inter-site links, firewall policies

Key recommendations:

Treat ground station networks as operational technology (OT) environments, applying ICS/SCADA security principles in addition to IT security controls.
Implement network segmentation between the TT&C (telemetry, tracking, and command) network and enterprise IT networks, with strict firewall rules and unidirectional gateways where feasible.
Deploy hardware security modules (HSMs) for cryptographic key management, particularly for command authentication keys.
Establish baseline telemetry profiles to enable anomaly detection on spacecraft health data.
Implement role-based access control (RBAC) with multi-factor authentication for command authorization, including two-person integrity (TPI) for critical commands.

NIST SP 800-53 Controls Mapped to Space Systems

NIST SP 800-53 Revision 5 provides a comprehensive catalog of security and privacy controls for information systems. While not space-specific, many of its control families map directly to satellite system security requirements. The following mapping highlights the most relevant control families and their space-specific application:

Control Family	Space System Application	Key Controls
AC (Access Control)	Ground station access, command authorization, TPI	AC-2, AC-3, AC-6, AC-17
AU (Audit and Accountability)	Telemetry logging, command audit trails	AU-2, AU-3, AU-6, AU-12
CA (Assessment, Authorization)	Mission readiness reviews, security assessments	CA-2, CA-6, CA-7
CM (Configuration Management)	Flight software versioning, ground system baselines	CM-2, CM-3, CM-6, CM-7
CP (Contingency Planning)	Backup ground stations, safe mode procedures	CP-2, CP-7, CP-10
IA (Identification and Authentication)	Operator authentication, spacecraft authentication	IA-2, IA-3, IA-5
IR (Incident Response)	Anomaly investigation, RF interference response	IR-4, IR-5, IR-6
MA (Maintenance)	On-orbit software updates, ground system patching	MA-2, MA-4, MA-5
PE (Physical and Environmental)	Ground station physical security, TEMPEST	PE-2, PE-3, PE-6
PL (Planning)	Security engineering in mission design	PL-2, PL-7, PL-8
RA (Risk Assessment)	Satellite threat modeling, vulnerability analysis	RA-3, RA-5, RA-9
SA (System and Services Acquisition)	Supply chain security for space components	SA-4, SA-9, SA-12
SC (System and Communications Protection)	Link encryption, command authentication	SC-7, SC-8, SC-12, SC-13, SC-28
SI (System and Information Integrity)	Flight software integrity, telemetry validation	SI-3, SI-4, SI-7, SI-10
SR (Supply Chain Risk Management)	Counterfeit parts detection, trusted foundries	SR-1, SR-3, SR-5, SR-6

NIST Cybersecurity Framework (CSF) 2.0 Applied to Satellite Operations

The NIST CSF 2.0, published in February 2024, introduces a sixth function — Govern — alongside the original five (Identify, Protect, Detect, Respond, Recover). For satellite operators, the CSF provides a high-level risk management structure that can be tailored to space operations:

Govern (GV): Establish organizational context for satellite cybersecurity — define risk appetite, assign roles (CISO, mission assurance lead), establish supply chain risk policies for space-qualified components.
Identify (ID): Catalog all assets across segments (spacecraft bus, payloads, ground stations, terminals, inter-satellite links). Conduct threat modeling using satellite-specific threat catalogs from IR 8270.
Protect (PR): Implement link encryption (CCSDS SDLS or proprietary), command authentication, ground network segmentation, access controls, and supply chain verification.
Detect (DE): Monitor RF spectrum for jamming/spoofing, analyze telemetry for anomalies, deploy IDS on ground networks, monitor for unauthorized command attempts.
Respond (RS): Define playbooks for RF interference events, anomalous telemetry, unauthorized access attempts, and ground station compromise. Coordinate with Space ISAC and relevant government agencies.
Recover (RC): Maintain backup ground station capabilities, document spacecraft safe mode recovery procedures, establish procedures for re-keying cryptographic systems.

2. CCSDS Security Standards

The Consultative Committee for Space Data Systems (CCSDS) is an international body comprising major space agencies (NASA, ESA, JAXA, ROSCOSMOS, CNES, DLR, ASI, UKSA, and others) that develops standards for space data handling and communications. CCSDS security standards are the de facto international standards for securing space communication links.

CCSDS 350.0-G-3 — Security Architecture

CCSDS 350.0 is a Green Book (informational/guidance document) that provides the overarching security architecture for CCSDS-based space missions. It establishes the conceptual framework within which the other CCSDS security standards operate.

Key architectural concepts:

Security layers: Defines security at the space data link layer (SDLS), the space packet layer, and the application layer, allowing missions to apply encryption and authentication at the most appropriate protocol layer.
Trust model: Establishes a trust model for space missions that accounts for the physical separation of ground and space segments, the constrained communication environment (high latency, limited bandwidth, intermittent connectivity), and the long mission lifetimes that may outlast cryptographic algorithm lifespans.
Key management architecture: Defines approaches to key management that account for the challenge of distributing and rotating cryptographic keys to spacecraft — an environment where physical access for re-keying is typically impossible after launch.
Threat model: Documents the threats that CCSDS security standards are designed to address, including unauthorized commanding, telemetry interception, replay attacks, and denial of service through RF interference.

CCSDS 352.0-B-2 — Space Data Link Security (SDLS)

CCSDS 352.0 is a Blue Book (recommended standard) that specifies the protocol for securing CCSDS space data link frames. SDLS is the primary mechanism for encrypting and authenticating satellite communications in missions that use CCSDS protocols.

Protocol structure:

SDLS operates at the data link layer, wrapping CCSDS Transfer Frames (TC, TM, or AOS frames) with a security header and security trailer. The security header contains:

Security Parameter Index (SPI): Identifies the security association (algorithm, key, and parameters) in use.
Initialization Vector (IV) or Sequence Number: Provides the nonce for authenticated encryption, also used for anti-replay protection.

The security trailer contains the Message Authentication Code (MAC) or Integrity Check Value (ICV) when authentication is enabled.

Security services provided:

Service	Description	Mechanism
Confidentiality	Encryption of frame data	AES-GCM, AES-CBC
Authentication	Verification of frame origin and integrity	AES-GCM (AEAD), HMAC-SHA-256
Anti-replay	Prevention of frame replay attacks	Sequence number validation
Authenticated encryption	Combined confidentiality and authentication	AES-GCM (single pass)

Operational considerations:

SDLS supports both encryption-only and authentication-only modes, in addition to authenticated encryption. For telemetry (TM) downlinks where confidentiality may not be required but integrity is critical, authentication-only mode reduces computational overhead on the spacecraft.
Sequence number management is critical — if sequence numbers desynchronize between ground and spacecraft (e.g., due to a missed frame), the security association must be re-established. SDLS provides mechanisms for sequence number synchronization.
SDLS is designed to operate with minimal overhead, adding as few as 6 bytes of security header and 16 bytes of security trailer per frame — an important consideration for bandwidth-constrained deep space links.

CCSDS 355.0-B-2 — Space-Aware Encryption

CCSDS 355.0 specifies the cryptographic algorithms approved for use within CCSDS security protocols. The “space-aware” designation reflects algorithms selected for suitability in the space environment — constrained processors, radiation-hardened hardware, and long mission lifetimes.

Approved algorithms:

Algorithm	Mode	Use Case	Key Sizes	Notes
AES	GCM	Authenticated encryption (primary)	128, 256 bits	Recommended for most missions
AES	CBC	Encryption only (legacy)	128, 256 bits	Being phased out in favor of GCM
AES	CMAC	Authentication only	128, 256 bits	For integrity without confidentiality
ChaCha20-Poly1305	AEAD	Authenticated encryption (alternative)	256 bits	Added in recent revision; software-friendly
HMAC	SHA-256	Authentication	256 bits	For integrity verification

Why ChaCha20-Poly1305? The inclusion of ChaCha20-Poly1305 alongside AES-GCM reflects a practical concern: AES-GCM achieves high performance on processors with hardware AES acceleration (AES-NI), but many space-qualified processors lack this feature. ChaCha20-Poly1305 achieves comparable security with superior performance in pure software implementations, making it attractive for missions using radiation-hardened processors that may be based on older architectures without AES hardware support.

Algorithm agility: CCSDS 355.0 is designed with algorithm agility in mind — the SPI field in SDLS allows missions to negotiate and switch algorithms without protocol changes. This is critical for missions with 15+ year lifetimes that may need to transition to post-quantum algorithms.

3. CISA Space Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) has increasingly recognized space systems as critical infrastructure, particularly given the dependencies of other critical infrastructure sectors on satellite services.

Space Systems as Critical Infrastructure

CISA identifies 16 critical infrastructure sectors, and satellite systems underpin at least 11 of them:

Critical Infrastructure Sector	Satellite Dependency
Communications	Satellite broadband, TV distribution, mobile backhaul
Transportation	GPS navigation, ADS-B relay, maritime tracking
Energy	SCADA communications for remote pipelines, grid timing
Financial Services	GPS timing for transaction timestamps
Emergency Services	First responder communications, disaster imagery
Government Facilities	Secure government communications
Defense Industrial Base	Military SATCOM, ISR
Agriculture	Precision agriculture, crop monitoring
Water and Wastewater	Remote monitoring via satellite SCADA
Healthcare	Telemedicine in remote areas
Information Technology	Internet backbone redundancy, CDN edge

This cross-sector dependency means that a successful cyberattack on satellite systems could cascade across multiple critical infrastructure sectors simultaneously — a scenario that traditional sector-specific risk assessments may not adequately capture.

CISA Advisories and Guidance for Satellite Operators

CISA has published several advisories and guidance documents relevant to satellite operators:

ICS-CERT advisories for VSAT terminal vulnerabilities — CISA has issued advisories for vulnerabilities in Hughes, iDirect, and Newtec VSAT terminal firmware, covering default credentials, command injection, and firmware update integrity issues.
Shields Up guidance — During periods of heightened geopolitical tension, CISA’s Shields Up campaign has specifically called out satellite operators as targets, referencing the Viasat/KA-SAT attack as a precedent.
Cross-sector dependency analysis — CISA has worked with sector-specific agencies (DOT, DOE, Treasury) to map satellite dependencies and develop contingency plans for satellite service disruptions.
Joint advisories with international partners — CISA has partnered with ENISA (EU), NCSC (UK), and ACSC (Australia) on advisories addressing satellite ground infrastructure vulnerabilities.

Practical Recommendations from CISA

CISA recommends that satellite operators:

Register with the Space ISAC to receive threat intelligence relevant to satellite operations.
Implement network segmentation between ground station OT networks and enterprise IT.
Conduct regular vulnerability assessments of ground station equipment, including VSAT terminals and antenna control systems.
Develop incident response plans that account for the unique characteristics of satellite operations (e.g., inability to physically access spacecraft, limited uplink bandwidth for remediation).
Participate in cross-sector exercises that test contingency plans for satellite service disruptions.

4. International Standards

ITU Radio Regulations

The International Telecommunication Union (ITU) Radio Regulations are an international treaty instrument that governs the use of the radio frequency spectrum and satellite orbital positions. While primarily focused on spectrum management rather than cybersecurity, the Radio Regulations have significant security implications:

Frequency coordination: Satellite operators must coordinate their frequency use with the ITU, which creates a public record of allocated frequencies — information that could be used by adversaries for reconnaissance (see the Penetration Testing page for how this data is used in OSINT).
Interference protection: The Radio Regulations provide legal frameworks for addressing intentional interference (jamming), though enforcement depends on national administrations.
Harmful interference provisions: Article 15 of the Radio Regulations prohibits harmful interference, providing a legal basis for addressing RF attacks on satellite systems, although attribution and enforcement across international boundaries remain challenging.
Space operation service (SOS): ITU allocates specific frequency bands for space operations (TT&C), and the Radio Regulations establish protection criteria for these critical links.

ETSI TR 103 908 — Satellite Earth Station Security

The European Telecommunications Standards Institute published TR 103 908 to address cybersecurity for satellite earth station equipment — the ground-based terminals and antennas that end users and operators interact with directly.

Key requirements:

No universal default passwords: Earth station equipment must not ship with universal default credentials. Each unit must have a unique default password or require password creation during initial setup.
Secure firmware updates: Equipment must support authenticated and encrypted firmware update mechanisms, preventing supply chain attacks through compromised firmware.
Vulnerability disclosure: Manufacturers must provide a vulnerability disclosure policy and a mechanism for reporting security issues.
Minimum cryptographic requirements: Communication between earth stations and management platforms must use current cryptographic standards (TLS 1.2+, no deprecated cipher suites).
Data minimization: Earth station equipment should not collect or transmit more user data than necessary for its function.

ETSI TR 103 908 aligns with the broader ETSI EN 303 645 standard for consumer IoT security, recognizing that many modern VSAT terminals and satellite user equipment are effectively IoT devices.

ISO/IEC 27001 Applied to Space Operations

ISO/IEC 27001:2022 provides a certifiable information security management system (ISMS) framework. Several satellite operators and ground station-as-a-service providers have achieved or are pursuing ISO 27001 certification. Applying ISO 27001 to space operations requires extending the standard’s controls with space-specific considerations:

Asset inventory (Annex A.5.9): Must include spacecraft, transponders, frequency allocations, orbital slots, and ground station equipment — not just IT assets.
Supplier relationships (Annex A.5.19-5.22): Space supply chains are uniquely complex, involving specialized component manufacturers, launch providers, and integration contractors. The supply chain risk assessment must account for counterfeit parts, compromised firmware, and ITAR-controlled technology transfer.
Physical security (Annex A.7): Ground stations often operate in remote locations with limited physical security infrastructure. The ISMS must address physical security for unmanned remote ground stations.
Cryptographic controls (Annex A.8.24): Must address space-specific key management challenges, including pre-launch key loading, on-orbit key rotation, and the inability to physically re-key spacecraft.
Business continuity (Annex A.5.29-5.30): Must address satellite-specific continuity scenarios such as loss of a spacecraft, ground station outage, or RF interference events.

UN COPUOS Long-Term Sustainability Guidelines

The United Nations Committee on the Peaceful Uses of Outer Space (COPUOS) adopted 21 guidelines for the long-term sustainability of outer space activities in 2019. Several guidelines have cybersecurity implications:

Guideline B.7: Share information on space objects and events — creates transparency that supports space situational awareness but also provides OSINT data.
Guideline B.8: Design and operation of space objects — includes guidance on protecting spacecraft from environmental hazards, which extends to cyber threats.
Guideline C.4: Ensure the controlled, safe, and predictable reentry of space objects — a compromised spacecraft could fail to perform deorbit maneuvers, contributing to the debris environment.

While non-binding, COPUOS guidelines represent emerging international consensus and often precede more formal regulatory requirements.

5. U.S. Government and Military Standards

SPD-5 — Space Policy Directive 5

Issued on September 4, 2020, Space Policy Directive 5 (SPD-5) — “Cybersecurity Principles for Space Systems” — is the foundational U.S. policy document for space cybersecurity. It establishes five core principles:

Space systems should be developed and operated using risk-based, cybersecurity-informed engineering. Security must be integrated from the earliest design phase, not added as an afterthought.
Space system owners and operators should develop and implement cybersecurity plans that address the full lifecycle and all segments (space, ground, link, user).
Space cybersecurity should address RF interference — both unintentional and intentional, including jamming and spoofing.
Space systems should use effective and validated authentication and encryption for command, control, and telemetry, with particular emphasis on command link protection.
Space systems should leverage best practices including supply chain risk management, physical security, personnel vetting, and information sharing through organizations like the Space ISAC.

Significance: SPD-5 does not prescribe specific technical controls or mandate compliance, but it establishes the policy expectation that all U.S. space system operators — commercial, civil, and military — should implement cybersecurity programs. It is frequently referenced by procurement requirements and has influenced subsequent NIST and CISA guidance.

CNSSP-12 — National Information Assurance Policy for Space Systems

The Committee on National Security Systems Policy No. 12 (CNSSP-12) is the governing cybersecurity policy for U.S. national security space systems. Unlike SPD-5, CNSSP-12 is mandatory for systems processing, storing, or transmitting national security information via space.

Key requirements:

Type 1 encryption: National security space systems must use NSA-approved Type 1 encryption for classified communications. This typically means NSA Suite A or Suite B algorithms implemented in NSA-evaluated hardware.
TEMPEST compliance: Ground stations processing classified data must meet TEMPEST requirements (NSTISSAM TEMPEST/1-92) to prevent electromagnetic emanation exploitation.
Cross-domain solutions: Where national security space systems interface with unclassified or allied systems, NSA-approved cross-domain solutions must be employed.
Supply chain requirements: Components for national security space systems must come from trusted suppliers, often requiring production in trusted foundries under the DMEA Trusted Foundry program.
Personnel security: All individuals with access to national security space systems must hold appropriate security clearances and be subject to continuous evaluation.

CNSSP-12 is not publicly available in its full text, but its requirements flow down through program-specific security documentation (e.g., System Security Plans, Security Assessment Reports).

DoD/USSF CMMC Requirements

The Cybersecurity Maturity Model Certification (CMMC) 2.0 framework applies to all Department of Defense contractors, including those in the space industrial base. For defense space contractors, CMMC has particular significance:

CMMC Level Applicability:

CMMC Level	Controls	Space Contractor Application
Level 1 (Foundational)	17 practices	Contractors handling FCI (Federal Contract Information) only
Level 2 (Advanced)	110 practices (NIST SP 800-171)	Most defense satellite manufacturers and operators
Level 3 (Expert)	110+ practices with enhanced controls	Contractors on highest-priority space programs

Space-specific CMMC considerations:

Controlled Unclassified Information (CUI) in space programs includes orbital parameters, spacecraft specifications, ground station locations, and encryption key material — all of which require CMMC Level 2 or higher protection.
Defense space contractors must protect International Traffic in Arms Regulations (ITAR) technical data, which intersects with CMMC CUI protection requirements.
Supply chain flow-down: Prime contractors (e.g., Lockheed Martin, Northrop Grumman, L3Harris) must ensure their subcontractors and suppliers also meet CMMC requirements, creating a cascade through the space supply chain.

ITAR and Export Control Implications

The International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) have profound implications for satellite cybersecurity:

USML Category XV: Spacecraft systems and associated equipment are on the United States Munitions List (USML) Category XV. This means that sharing satellite technical data — including cybersecurity architectures, encryption implementations, and vulnerability information — with foreign persons requires a State Department export license.
Encryption controls: Space-qualified encryption hardware and certain high-performance cryptographic software are export-controlled. This complicates international collaboration on satellite cybersecurity and can restrict the encryption options available to commercial operators using U.S. technology.
Impact on vulnerability disclosure: ITAR restrictions can impede vulnerability disclosure and information sharing when the vulnerability involves ITAR-controlled technical data. Security researchers must be careful not to inadvertently export controlled technical data when reporting satellite vulnerabilities.
Deemed export rule: Employing foreign nationals (even within the U.S.) on ITAR-controlled satellite programs requires an export license, which can limit the talent pool available for satellite cybersecurity work.

6. Industry Initiatives

Space ISAC

The Space Information Sharing and Analysis Center (Space ISAC) was established in 2019 and is headquartered at Colorado Springs, Colorado — co-located with many military space organizations and defense contractors.

Functions:

Threat intelligence sharing: Space ISAC collects, analyzes, and disseminates cyber threat intelligence specific to the space sector, including indicators of compromise (IOCs) for malware targeting ground stations, reports of RF interference events, and analysis of adversary TTPs targeting satellite operators.
Vulnerability coordination: Coordinates vulnerability disclosure for satellite systems, working with vendors and operators to ensure patches are developed and deployed before public disclosure.
Incident coordination: Provides a coordination mechanism for satellite operators responding to cybersecurity incidents, facilitating information sharing between operators who may be experiencing the same attack campaign.
Watch center: Operates a 24/7 watch center that monitors for threats to the space sector and issues alerts to members.

Membership tiers:

Tier	Access	Members
Tier 1 (Basic)	Public threat briefings, general alerts	Open to all space organizations
Tier 2 (Enhanced)	Detailed threat intelligence, IOCs, vulnerability alerts	Vetted space industry organizations
Tier 3 (Premium)	Classified threat intelligence (requires clearance)	Government and cleared defense contractors

SpaceX Bug Bounty Program

SpaceX operates one of the few public bug bounty programs in the space industry, managed through the Bugcrowd platform. The program covers:

Starlink user terminals (Dishy): Hardware and software vulnerabilities in the consumer terminal.
Starlink router: Vulnerabilities in the Wi-Fi router provided with Starlink service.
Starlink mobile apps: iOS and Android application vulnerabilities.
Web infrastructure: starlink.com and associated web applications.

Notable findings: Security researchers have demonstrated significant vulnerabilities through the program, including voltage fault injection attacks on the Starlink user terminal’s custom System-on-Chip (SoC) that bypassed secure boot, enabling arbitrary code execution. This research, presented at Black Hat 2022 by Lennert Wouters, demonstrated the physical attack surface of mass-produced satellite terminals.

Exclusions: The bug bounty explicitly excludes the satellite constellation itself, ground stations, and RF-based attacks. This boundary reflects the practical and legal constraints of satellite security research.

Aerospace Corporation Frameworks

The Aerospace Corporation, a federally funded research and development center (FFRDC) supporting the U.S. Space Force and National Reconnaissance Office, has developed several cybersecurity frameworks and assessment methodologies for space systems:

Space Attack Research and Tactic Analysis (SPARTA): A framework analogous to MITRE ATT&CK but specifically tailored to space systems. SPARTA catalogs adversarial tactics, techniques, and procedures for attacking space systems across all segments. It is a valuable resource for threat modeling satellite systems (see the Attack Vectors page for TTP details).
Mission assurance frameworks: Aerospace has developed methodologies for assessing the cybersecurity posture of military space programs, integrating cybersecurity assessment into the broader mission assurance process.
Space system resilience assessments: Frameworks for evaluating a space system’s ability to maintain mission capability in the face of cyberattacks, including degraded mode analysis and recovery assessment.

Satellite Operator Security Consortiums

Several industry groups facilitate collaboration on satellite cybersecurity:

Satellite Industry Association (SIA) Cybersecurity Working Group: Brings together commercial satellite operators to develop industry best practices and coordinate advocacy for proportionate regulation.
Global VSAT Forum (GVF) Cybersecurity Initiative: Focuses on cybersecurity standards and training for VSAT operators and service providers.
European Space Agency (ESA) Cybersecurity Office: Coordinates cybersecurity standards and assessments for ESA missions, and has developed the ESA Cybersecurity Framework for Space Systems.
CISA Joint Cyber Defense Collaborative (JCDC) — Space Sub-Group: A public-private partnership that brings together government agencies and space industry to develop joint cyber defense plans.

Practical Guidance: Applying Frameworks

For Commercial Satellite Operators

Start with NIST CSF 2.0 as the overarching risk management framework.
Use NIST IR 8270 to identify satellite-specific threats and map them to CSF functions.
Apply NIST IR 8401 controls to your ground segment.
Implement CCSDS SDLS (352.0) for space link security if using CCSDS protocols.
Join the Space ISAC for threat intelligence relevant to your operations.
Pursue ISO 27001 certification for your ground operations to demonstrate due diligence to customers and insurers.

For Defense Space Contractors

Comply with CMMC 2.0 at the level required by your contracts.
Implement CNSSP-12 requirements if handling national security space systems.
Use NIST SP 800-171/800-53 as the control baseline.
Maintain ITAR compliance for all technical data and cybersecurity documentation.
Leverage SPARTA for threat modeling defense space systems.

For User Terminal Manufacturers

Comply with ETSI TR 103 908 for European market access.
Eliminate default credentials and implement secure provisioning.
Implement secure firmware update mechanisms with code signing.
Establish a vulnerability disclosure program — consider a bug bounty.
Test terminals against the checklists described on the Penetration Testing page.