These Guidelines, advisory in nature, are released by Indian Computer Emergency Response Team (CERT-In), under Ministry of Electronics and Information Technology in collaboration with SatCoM Industry Association (SIA-India).
- They complement Indian Space Policy 2023, IN-SPACe norms, and Digital Personal Data Protection Act, 2023.
Key Highlights of the Guidelines
- Segment-wise Controls: Secures four distinct areas, Space Segment (satellite and payload), Ground Segment (mission control and ground stations), User Segment (terminals and devices), and Communication Links (uplink/downlink pathways).
- Incident Reporting: SatCom operators to report cybersecurity breaches or anomalies to CERT-In within 6 hours of noticing it.
- Other Cybersecurity Practices:Regular Auditing; Situational Awareness Practices like Maintaining updated threat intelligence and Hazard and Damage Mitigation (HDM) planning, continuous monitoring through AI and ML assisted analysis, etc.
Cybersecurity Principles for space ecosystem
- Security-by-Design and by-Default: Integrate security considerations from earliest stages of system design, development, and integration.
- Defence-in-Depth: Employ multiple layers of protection across all network, hardware, and software interfaces: space, ground, and user.
- Zero-Trust Architecture (ZTA): Assume no implicit trust between network components or users, even within secured boundaries.
- Secure Communication and Encryption: Enforce end-to-end encryption for telemetry, tracking, command (TT&C), and data payload links.
- Governance, Accountability, and Compliance: Appoint a Chief Satellite Security Officer (CSSO) to oversee cybersecurity governance within organization
- Incident Preparedness and Resilience: Crisis management plan with a detailed Incident Response Procedure (IRP) and Business Continuity Plans (BCP) specific to SatCom.
