NASA issues guidance on space cybersecurity

NASA has introduced a fundamental innovation for the aerospace sector: a manual of best practices for cybersecurity in space. The goal is to evolve from static security methodologies to a dynamic approach. The document shares NASA flight design language with National Institute for Standards and Technology (NIST) safety controls, specifically the SP 800-53 catalog.

Adaptation and protection for the space sector

According to the Space Agency, the new guidelines will serve to facilitate the adaptation to increasingly integrated and interconnected operational information and technological systems, for both government and private missions. The manual is a response to growing vulnerabilities in the space domain, as demonstrated by the attack suffered by Viasat following Russian operations in February 2022.

Safety principles recommended by NASA

The guidance recommends that organizations continually conduct mission security risk analysis and response to proactively address threats. It highlights the importance of applying domain separation and least privilege principles to mitigate supply chain attacks and other operational vulnerabilities.

Access management and IT security

NASA warns that attackers can exploit ground-based systems to gain unauthorized access and maliciously interact with space vehicles and operations, so ensuring authentication and authorization of personnel and software is crucial. A mediated access mechanism is recommended to prevent unwanted access to critical subsystems of the space segment and to improve security log management.