Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework

Authors

  • Courtney Fleming Air Force Institute of Technology, Wright-Patterson Air Force Base, USA
  • Mark Reith Air Force Institute of Technology, Wright-Patterson Air Force Base, USA
  • Wayne Henry Air Force Institute of Technology, Wright-Patterson Air Force Base, USA

DOI:

https://doi.org/10.34190/iccws.18.1.1062

Keywords:

space systems, commercial satellites, supply chain, space cybersecurity, commercial-off-the-shelf

Abstract

The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.

Author Biography

Courtney Fleming, Air Force Institute of Technology, Wright-Patterson Air Force Base, USA

Courtney Fleming attends the Air Force Institute of Technology (AFIT), Wright-Patterson AFB, OH studying for her Master’s degree in Cyber Operations. She graduated from Mississippi State University with a Bachelor’s degree in Mathematics in 2018. Her research interests include space cybersecurity, cyber attack tactics, and software vulnerability analysis.

Downloads

Published

2023-02-28