SATIS: Space Automated Threat Intelligence Sharing


Already a member?
Access the SATIS community workspace here

Advancing a space-specific extension of the STIX framework to enhance the sharing, contextualization, and operationalization of threat information across the space sector.

The SATIS TC aims to equip space organizations with an enhanced toolset that can be used to improve the detection, prevention, and response to cyber threats specific to space. This involves modifying our approaches to address the unique threats faced by satellites, ground stations, and other space infrastructure, with a deeper understanding of adversaries’ tactics, techniques, and procedures (TTPs) as well as their underlying goals and objectives.

Read More

Traditional CTI remains vital to the global cyber defense community, but as cyber technology converges with space platforms, there is a growing need for a space-specific CTI extension as part of the STIX standard.

The international space community has come together to develop a CTI approach for machine-to-machine sharing of signals-based attacks as part of the journey to manage organizational as well as communal threat reduction.

The work done in this TC will enhance the bi-directional sharing of threat-related information via machine-to-machine transport methods, including TAXII.


TC Chair:
Erin Miller, Space ISAC, erin@spaceisac.org

Staff Contact:
Kelly Cullinane, kelly.cullinane@oasis-open.org

– Carnegie Mellon University
– Cyware
– MITRE
– National Security Agency (NSA)
– Northrop Grumman
– Peraton
– Space ISAC
– University of Oslo
– U.S. Cybersecurity and Infrastructure Security Agency
(CISA)

Frequently Asked Questions

What is the main objective of the SATIS TC?

The SATIS TC aims to establish a global standard for automated, machine-to-machine threat intelligence sharing tailored to the space sector. Its goal is to facilitate the secure exchange of data on space-specific threats, enabling operators to better predict, prevent, and respond to cybersecurity and operational threats.

Why is SATIS needed?

A specific standard for space sector threat intelligence is essential because the space domain faces unique, multifaceted risks that go beyond traditional cybersecurity concerns. Satellites, launch systems, and ground stations are vulnerable not only to cyberattacks but also to physical, environmental, and systemic threats that are inherent to the space environment. Each of these assets has distinct threat profiles that require tailored strategies for mitigation.

The SATIS TC is working to develop a comprehensive, all-hazards framework that encompasses the cyber threats and physical risks that impact space systems. This unified standard will provide space operators with the tools and guidelines they need to address a wide range of potential threats, from cyberattacks to space debris, radiation exposure, and geopolitical risks.

By advancing an interoperable and holistic approach to threat intelligence, the SATIS TC aims to create a resilient, adaptive framework that will enable the space sector to proactively anticipate, mitigate, and respond to the complex and evolving threat landscape. This standard is crucial for ensuring the security and operational continuity of space assets, which are increasingly vital to global communications, navigation, defense, and scientific exploration.

What are the benefits of joining SATIS?

· Help shape the future of space cybersecurity by developing a critical standard.
· Improve your organization’s ability to detect and respond to space-related threats.
· Gain insights into the latest threats and vulnerabilities facing space assets.
· Network with other experts in the field and share best practices.
· Increase your organization’s visibility in the space cybersecurity community.

Who should participate?

The SATIS TC is open to stakeholders across the space sector, including space industry producers, regulators, operators, and representatives from Space Operations Centers, Network Operations Centers, and Security Operations Centers. These participants bring valuable expertise and perspectives that are crucial for developing and implementing effective space-specific threat intelligence standards.

OASIS encourages participation across the global space community and welcomes interested organizations to join and contribute to the development of a standard that will help shape the future of space threat intelligence sharing. Organizations can participate by becoming OASIS members.

What challenges will SATIS address in threat intelligence sharing?

The space sector faces unique challenges, such as a lack of standardized frameworks for cyber threat detection and response across different operational environments (e.g., Space Operations Centers, NOCs, SOCs). These challenges are exacerbated by factors like electronic warfare, geopolitical conflicts, and space weather. SATIS will help by developing a standardized framework for information sharing, allowing operators to ingest data more efficiently, correlate threats across segments, and expedite courses of action to secure their entire attack surface.

SATIS will address several key challenges:
·  Integrating intelligence from a wide range of sources to provide a cohesive and actionable picture of potential threats.

·  Addressing both cyber and physical threats, which are crucial for the diverse and high-stakes environment of space operations.

·  Customizing established frameworks like STIX and TAXII to suit the unique needs of space-based assets and activities, ensuring the language and data structures are relevant to the sector.

·  Enabling interoperability and seamless data sharing across different systems, tools, and regions to support a global, coordinated response to threats. Threat data needs to be understandable and actionable across various organizations, regardless of the systems or tools they use.

·  Developing a clear framework for space-specific indicators of compromise (IoC), which may differ significantly from traditional IT. For example, unusual frequency usage or abnormal power consumption on a satellite might signal a potential threat.

·  Providing clear guidelines on the types and sensitivity of information to be shared, along with the conditions under which sharing is appropriate, to promote both security and confidentiality.

How will SATIS enhance the international space community’s ability to defend against cyber threats?

SATIS will contribute to a holistic understanding of space threats by standardizing the exchange of critical cyber threat information among trusted partners in the international space community. This approach ensures that all relevant factors—such as electronic warfare, space domain awareness, and satellite movements—are captured and shared, helping to defend against threats in an effective and coordinated manner.

How will Space ISAC’s Watch Center support SATIS?

Space ISAC’s Watch Center provides valuable daily operational insights, identifying critical areas where standardization could improve intelligence accuracy and response times. By sharing these insights, the Watch Center could play a crucial role in guiding SATIS’ efforts to develop a standard that addresses practical needs across the space sector.

What is the significance of bidirectional threat sharing?

Bidirectional sharing enables a two-way exchange of intelligence between sources and subscribers, enhancing collaboration and situational awareness across the sector. This model supports a robust, interconnected threat-sharing ecosystem which SATIS will incorporate into its framework to ensure a continuous, dynamic information flow.

How does SATIS categorize threat intelligence for space operations?

SATIS will use a detailed taxonomy to categorize threat data by operational segments, such as ground stations, user links, and orbital assets, enabling stakeholders to quickly identify and respond to threats relevant to each area of space operations.

How will SATIS adopt existing frameworks like STIX and MITRE ATT&CK?

SATIS will integrate and adapt established threat intelligence frameworks such as STIX, an OASIS Open Standard, and MITRE ATT&CK to include space-specific elements. The initiative will also draw on MITRE’s FiGHT and SPARTA frameworks to incorporate best practices, creating an adapted approach that addresses the unique requirements of space systems.

What is the anticipated timeline for SATIS to advance a standard?

The timeline for full standardization depends on the TC’s input, development cycles, and industry collaboration. The TC is working toward developing the standard as quickly as possible with ongoing stakeholder engagement.

How do I view the mailing list archive?

The SATIS TC’s mailing list archive, used by members to conduct Committee work, is available hereTC membership is required to post to this list. TC members are automatically subscribed.

New Members Welcome


Whether you want to actively contribute in decision-making or just observe progress from the inside, you will need to be an OASIS member.

If your employer is already on our current member list, submit this request form to be added to the TC Roster. If not, find out how to join OASIS.

Non-members may monitor the mailing list archives online, view approved documents, and provide feedback to our comments list. Contact Us for more information.