SATIS: Space Automated Threat Intelligence Sharing


Already a member?
Access the SATIS community workspace here

Advancing a space-specific extension of the STIX framework to enhance the sharing, contextualization, and operationalization of threat information across the space sector.

The SATIS TC aims to equip space organizations with an enhanced toolset that can be used to improve the detection, prevention, and response to cyber threats specific to space. This involves modifying our approaches to address the unique threats faced by satellites, ground stations, and other space infrastructure, with a deeper understanding of adversaries’ tactics, techniques, and procedures (TTPs) as well as their underlying goals and objectives.

Read More

Traditional CTI remains vital to the global cyber defense community, but as cyber technology converges with space platforms, there is a growing need for a space-specific CTI extension as part of the STIX standard.

The international space community has come together to develop a CTI approach for machine-to-machine sharing of signals-based attacks as part of the journey to manage organizational as well as communal threat reduction.

The work done in this TC will enhance the bi-directional sharing of threat-related information via machine-to-machine transport methods, including TAXII.


TC Chair:
Erin Miller, Space ISAC, erin@spaceisac.org

Staff Contact:
Kelly Cullinane, kelly.cullinane@oasis-open.org

– Carnegie Mellon University
– Cyware
– MITRE
– National Security Agency (NSA)
– Northrop Grumman
– Peraton
– Space ISAC
– University of Oslo
– U.S. Cybersecurity and Infrastructure Security Agency
(CISA)

Frequently Asked Questions

Why is there a need for SATIS?

Traditional cyber threat intelligence (CTI) frameworks do not fully address the unique challenges of the space sector. As cyber-enabled technology converges with space platforms, there is a critical need to develop a space-specific CTI extension that can effectively manage and share threat information. SATIS will focus on evolving the STIX standard to include space-specific threats and enable machine-to-machine sharing of signals-based attacks, enhancing both organizational and communal threat reduction.

Who should participate?

The SATIS TC is open to stakeholders across the space sector, including space industry producers, regulators, operators, and representatives from Space Operations Centers, Network Operations Centers, and Security Operations Centers. These participants bring valuable expertise and perspectives that are crucial for developing and implementing effective space-specific threat intelligence standards.

What challenges does the space sector face in cybersecurity, and how will SATIS provide solutions?

The space sector faces unique challenges, such as a lack of standardized frameworks for cyber threat detection and response across different operational environments (e.g., Space Operations Centers, NOCs, SOCs). These challenges are exacerbated by factors like electronic warfare, geopolitical conflicts, and space weather. SATIS will help by developing a standardized framework for information sharing, allowing operators to ingest data more efficiently, correlate threats across segments, and expedite courses of action to secure their entire attack surface.

How will SATIS enhance the international space community’s ability to defend against cyber threats?

SATIS will contribute to a holistic understanding of space threats by standardizing the exchange of critical cyber threat information among trusted partners in the international space community. This approach ensures that all relevant factors—such as electronic warfare, space domain awareness, and satellite movements—are captured and shared, helping to defend against threats in an effective and coordinated manner.

How do I view the mailing list archive?

The SATIS TC’s mailing list archive, used by members to conduct Committee work, is available hereTC membership is required to post to this list. TC members are automatically subscribed.

New Members Welcome


Whether you want to actively contribute in decision-making or just observe progress from the inside, you will need to be an OASIS member.

If your employer is already on our current member list, submit this request form to be added to the TC Roster. If not, find out how to join OASIS.

Non-members may monitor the mailing list archives online, view approved documents, and provide feedback to our comments list. Contact Us for more information.