Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Threat Landscape
Vulnerabilities

NCCoE rolls out cybersecurity profile for hybrid satellite networks 

November 10, 2022
NCCoE rolls out cybersecurity profile for hybrid satellite networks 

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), recently released a final annotated outline for the cybersecurity framework (CSF) profile for hybrid satellite networks (HSN). The cybersecurity profile intends to identify an approach to assess the cybersecurity posture of HSN that provide services such as satellite-based systems for communications, position, navigation and timing (PNT), remote sensing, weather monitoring, and imaging. 

The HSN systems may interact with other government systems and critical infrastructure to mutually increase their resilience. The profile will consider the cybersecurity of all the interacting systems that form the HSN rather than the traditional approach of a single organization acquiring the entire satellite system that includes the satellite bus, payloads, and ground system. 

The NIST has been working towards developing a consistent approach to assessing the cybersecurity posture of a space system to facilitate a better understanding of the attack surface, incorporate security, and achieve greater resilience for space systems that may be leveraged by critical infrastructure owners and operators, the Department of Defense (DoD), or other government missions.

Last week, the NCCoE published a document focusing on a manufacturing sector problem of responding to and recovering from a data integrity incident. The issue is also relevant and significant to the other industry sectors. It earlier published a draft project description seeking feedback from all stakeholders in the water and wastewater utilities sector. The NCCoE project is working to ensure that its guidance can benefit the broadest audience and is especially interested in hearing from water utilities of all sizes. 

The profile will serve as a practical guide for organizations and stakeholders engaged in the design, acquisition, and operation of satellite buses or payloads involving HSN. Thereby, allowing the non-commercial use of commercial satellites in a manner that is consistent with the sponsor organization’s risk tolerance.

The cybersecurity profile will be structured around the NIST cybersecurity framework and aims to be suitable for applications that involve multiple stakeholders contributing to communications architecture and for other use cases such as hosted payloads. It is suitable for applications that involve multiple stakeholders contributing to communications architecture and for other use cases such as hosted payloads.

Using the HSN profile will help organizations identify systems, assets, data, and risks that pertain to HSN, protect HSN services by adhering to cybersecurity principles and self-assessment, and detect cybersecurity-related disturbances or corruption of HSN services and data. It also delivers response to HSN service or data anomalies in a timely, effective, and resilient manner, and recovers the HSN to proper working order after a cybersecurity incident.

The space sector is transitioning towards an aggregation of independently owned and operated segments that create a space system, rather than the traditional approach where a single entity acquires, operates and controls the space, ground, and user segments. To guide space stakeholders, NIST in partnership with the industry is developing this profile. 

Throughout the cybersecurity profile development process, NIST will engage the public and private sectors on multiple occasions to include a request for information, participation in workshops, and comment and review of the draft Profile. The profile development process is iterative and, in the end, the state promotes the risk-informed use of hybrid satellite networks.

The HSN presents opportunities for organizations to leverage existing space-based capabilities through means such as hosted payloads; however, there is a need to ensure that these systems are secure and that the integration of the components is done in a manner that is acceptable to the participating organizations.

The HSN cybersecurity profile intends to provide a means to assess and communicate an organization’s cybersecurity posture in a consistent and standardized manner. The profile applies to organizations that have already adopted the NIST CSF to help identify, assess, and manage cybersecurity risks. It also concerns enterprises familiar with the CSF and wants to improve their cybersecurity postures and those that are unfamiliar with the CSF but need to implement HSN services in a risk-informed manner through the use of a cybersecurity risk management framework.

The cybersecurity profile will help organizations develop cybersecurity HSN profiles that are appropriate for their respective organization and goals. It intends to help users of HSN prioritize necessary cybersecurity activities based on their objectives, and probably become a tool to help organizations identify areas where standards, practices, and other guidance could help manage the risk of cybersecurity threats to systems that use or provide components to HSN. Additionally, the profile is intended to assist an organization’s risk management effort, and does not prescribe regulations or mandatory practices, nor does it carry any statutory authority. 

The development of a profile by an organization is a multi‐step process, including a risk assessment in which organizations should consider the data, processes, and assets that HSN’s require, establish what processes and assets are dependent recipients of HSN data, and the impact to the organization should a process or asset be lost or degraded. It also analyzes what processes and assets are vulnerable, available safeguards, and techniques that can be used to identify threats of concern. It also looks into the techniques that can be used to respond to threats of concern, and the techniques which can be used to return an HSN to proper working order. 

The HSN cybersecurity profile supports and is informed by cybersecurity risk management processes. Using the profile, organizations can make more informed decisions to select and prioritize cybersecurity activities and expenditures that help identify systems dependent on HSN, identify appropriate HSN sources, detect disturbances and manipulation of HSN services, manage the risk to these systems, and ensure resiliency through diversity. 

For critical infrastructures, HSN sources and distribution networks should be architected with multiple, independent sources, communication paths, and communication mediums. The profile provides a starting point from which organizations can customize, based on business need and risk assessment, to develop appropriate processes to manage cybersecurity risk to their HSN services and data essential for the correct behavior of critical infrastructure applications. 

The NCCoE also lays down some of the capabilities and controls that impact the organization’s ability to manage residual risk in the context of HSN degradation or outage. Cybersecurity policies and procedures will vary under each organization’s tolerance of an HSN loss or degradation. 

Though it does not add value to burden an organization with excessive requirements, there should be a level of consistency within a sector to enable collaborative efforts, such as the sharing of cybersecurity events that impact or otherwise involve HSN. Consistency also facilitates the acceptance or rejection of inherited risk and compatible tools, while the techniques and processes enable coordinated responses. HSN policies and procedures should be reflected in an organization’s continuity of operations plan (COOP).

HSN resiliency requires organizational planning that includes an adequate understanding of the technical capabilities needed to ensure appropriate levels of HSN data confidentiality, availability, and integrity. When considering the technical capabilities as they pertain to HSN resilience, users must consider certain technical challenges that an HSN service may encounter such as propagation delay for geo sync, interference events, radiation, and other space environment-related concerns.

It is beneficial to consider that the analysis of the potential integration of multiple and independent technologies can facilitate the detection of anomalies, and ultimately contribute to a more resilient system in the event of a disruption.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Strategic Decision-Making in Cyber-Physical Risk Assessments and Cyber Ethics.
Strategic Decision-Making in Cyber-Physical Risk Assessments and Cyber Ethics.
Sprinting Toward NIS2 Compliance
Sprinting Toward NIS2 Compliance
CISA partners with private sector after Sisense security breach, as critical infrastructure sector potentially impacted
CISA partners with private sector after Sisense security breach, as critical infrastructure sector potentially impacted
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet's FortiClient EMS
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet’s FortiClient EMS
CISA issues Emergency Directive 24-02 in response to Russian cyber threat targeting Microsoft email accounts
CISA issues Emergency Directive 24-02 in response to Russian cyber threat targeting Microsoft email accounts
European Commission recommends Coordinated Implementation Roadmap for transition to Post-Quantum Cryptography
European Commission recommends Coordinated Implementation Roadmap for transition to Post-Quantum Cryptography
HP details evolution of Raspberry Robin malware, shift in distribution method and threat landscape
HP details evolution of Raspberry Robin malware, shift in distribution method and threat landscape