UTC
01
Mission operations team preparing at their consoles before the shift begins
MISSION ONE ORIENT · ASSIGN · OPERATE
Mission One
ORIENT, ASSIGN,
OPERATE.
“Before you fly anything, your team needs to know who runs what.”

This is Mission One. You and your team take a single satellite from cold briefing to working as one: decide who runs what and agree how you’d escalate before anything flies. Your scored work is in the platform: one mission objective and four questions. Writing your first incident-response plan is optional and highly recommended: it is yours to take into the real world, a starting point for turning what you practiced here into real impact at your own organization.

MISSION ONE · MOD 06
00/00
UTC
02
Learn / Apply / Build / Simulate · the LABS framework, mapped to KSAT

OBJECTIVES

Mission One of five. Six objectives, in the order you build them. Each marker below also tags the work that builds toward it.

Marker LABS KSAT Statement
L1(L)EARNKnowledgeKnow the three roles on a mission team (mission lead, satellite operations, payload operations), what each one owns, and how they report and escalate.
L2(L)EARNKnowledgeKnow what an incident-response plan frames: team identity, named roles, Space-ISAC participation, the escalation path, and communications channels.
A1(A)PPLYSkillAssign the three roles within a team by fit, and hold them across the missions ahead.
A2(A)PPLYSkillTrace an escalation from a sixty-second triage call up to the mission leader, naming who acts at each step.
B1(B)UILDAbilityStand up a team identity end-to-end: named roles, a committed Space-ISAC decision, and a first escalation path with no gaps.
S1(S)IMULATETaskOperate the ground-station, satellite-operations, and payload-operations consoles at the orientation level, and work the scored in-platform objective.
MISSION ONE · MOD 06
00/00
UTC
00
Mission Roadmap · your path through this mission, start to finish

MISSION ROADMAP

Start here01Mission brief
02Assign the three roles
03Operate the consoles
04Front-line transfer
Finish05Debrief & exam
follow the path left to right · each step builds on the one before
MISSION ONE · MOD 06
00/00
UTC
02
Orient to your mission · what you command, who runs it

THREE ROLES, ONE SATELLITE

You and your team command one satellite end to end: your own bus, three ground-station consoles, a satellite-operations console and a payload-operations console, all reading one live telemetry feed. One of you directs; two operate.

▷ MISSION LEAD

You direct. You do not work a console.

  • · Own the objective for the window
  • · Set escalation thresholds
  • · Maintain the incident-response plan
  • · Call go / no-go on commanded actions
  • · Report up to the mission leader
A mission lead standing at a supervisory console directing the team, with overview screens behind
▷ SATELLITE OPERATIONS

You fly the bus.

  • · Power, thermal, attitude
  • · Communications link state
  • · Manoeuvres and station-keeping
  • · Anomaly detection on the bus
  • · Report state to the mission lead
A satellite operator at a console watching cyan spacecraft-orbit and bus-health displays
▷ PAYLOAD OPERATIONS

You work the payload.

  • · Task the payload for the window
  • · Monitor capture quality
  • · Schedule downlinks
  • · Anomaly detection on the payload
  • · Report product to the mission lead
A payload operator at a console watching green earth-observation imagery and downlink displays
TEAM SHAPE · Run as a team of three (one role each) or solo, covering all three roles yourself. Whichever you pick, you hold these roles for every mission ahead. No swaps.
MISSION ONE · MOD 06
00/00
UTC
03
In the platform · scored · operational skill validation

YOUR MISSION OBJECTIVE & QUESTIONS

Inside the Zendir operator platform you work one mission objective and answer ten fixed questions. The platform scores your answers, so this is operational skill validation, not a quiz. The final objective and questions are confirmed with Zendir.

▷ MISSION OBJECTIVE · IN-PLATFORM

Operate a single Microsat end to end, orient your team, assign the three roles, and stand up your first incident-response plan.

SCENARIO · ZENDIR
Orbit: LEO, circular · ~722 km · 40° inclination
Ground stations: London, Dubai, Singapore
Tasking: Orientation and nominal operations
▷ TEN FIXED QUESTIONS · SCORED IN-PLATFORM
SATELLITE OPERATIONS
Q1. Where can you find and plot the spacecraft's GPS position data?
Q2. Which ground station had the best signal-to-noise ratio for communication?
Q3. What is the cadence (in seconds) at which the spacecraft pings the ground station?
Q4. What is the semi-major axis (km) of your spacecraft's orbit?
PAYLOAD OPERATIONS
Q5. What is the highest wattage of power that each solar panel can contribute?
Q6. Which guidance pointing mode maximizes solar panel power generation?
Q7. What is the nominal battery capacity of the spacecraft?
MISSION LEAD
Q8. Who has authority to declare 'go' for payload operations after comms checkout?
Q9. Who is responsible for commanding and verifying the sun-pointing maneuver?
Q10. If downlink quality is insufficient for payload tasking, who should Satellite Operations notify first?

NOTE · Fixed questions, answered and scored in the Zendir platform as operational skill validation.

LEARN
Know the three roles and the plan you jointly maintain.
APPLY
Assign roles by fit and start a plan from blank.
BUILD
State who holds which role and your escalation path.
SIMULATE
Operate the ground, satellite, and payload consoles.
MISSION ONE · MOD 06
00/00
UTC
04
From the floor to the front lines · take it back to your organization

FROM THE FLOOR TO THE FRONT LINES

This work is not meant to stay on the operations floor. Take your incident-response plan back to your organization and start the work there. It is how you bring Security Operations, Satellite Operations, and Satellite Design and Engineering onto the same page.

▷ TAKE IT BACK

Walk your incident-response plan off the operations floor and into your own operations. Start this work with your team when you get back.

DOWNLOAD · Fill the template with your team, then download it as a PDF or a DOC to take to your work center.
MISSION ONE · MOD 06
00/00
UTC
END
FOCUS MISSION TWO MODULE 07
Mission One complete · Mission Two next

FOCUS.

Mission One is done the moment your roles are set and your plan reads v0.1. In Mission Two you turn each role into its own playbook: the tools, interfaces, and authorizations you hold alone, and the points where you hand off to the others.

CARRY FORWARD
The three roles you agreed, and the incident-response plan framework your Mission Two playbooks build on.
IN MISSION TWO
Three role playbooks. The collaboration matrix that names who hands off what, when, to whom.
END
MISSION ONE · MOD 06
00/00
'; var blob=new Blob(['\ufeff',html],{type:'application/msword'}); var url=URL.createObjectURL(blob); var a=document.createElement('a'); a.href=url; a.download='Incident-Response-Plan-v0.1.doc'; document.body.appendChild(a); a.click(); document.body.removeChild(a); setTimeout(function(){URL.revokeObjectURL(url);},1000); }); })();
REFERENCE LIBRARY

Standards, Policies & Sources

The instruments this course aligns to. Each element links to its primary source.

U.S. National Security Space Policy

CNSS Policy No. 12 (CNSSP-12)Information-assurance policy for national security space systems. CNSS Instruction 1200 (CNSSI 1200), Aug 2025Implementing requirements: on-board intrusion detection, hardware root-of-trust, patch management. DoDI 8581.01Information-assurance policy for space systems used by the DoD. Space Policy Directive 5 (SPD-5), 2020First comprehensive U.S. cybersecurity principles for space systems.

Executive Orders

EO 14144 (Jan 16, 2025)Strengthening and Promoting Innovation in the Nation’s Cybersecurity. EO 14306 (Jun 6, 2025)Sustaining select efforts, amending EO 13694 and EO 14144.

NIST Standards & FISMA

NIST SP 800-53 Rev. 5Security and privacy controls; IR-3 incident-response testing. NIST SP 800-37 Rev. 2Risk Management Framework; continuous monitoring and annual control assessment. NIST IR 8270Introduction to Cybersecurity for Commercial Satellite Operations. NIST IR 8401Satellite Ground Segment cybersecurity framework profile. NIST IR 8441Cybersecurity Framework Profile for Hybrid Satellite Networks. NIST SP 800-160 Vol. 2 Rev. 1Cyber resiliency goals: Anticipate, Withstand, Recover, Adapt. FISMAFederal Information Security Modernization Act; annual program review obligation.

Threat Frameworks (analytic layer)

MITRE ATT&CKAdversary tactics and techniques knowledge base. MITRE CAPECCommon Attack Pattern Enumeration and Classification; dictionary of attack patterns that exploit known weaknesses. MITRE D3FENDKnowledge graph of defensive countermeasures and techniques, mapped to ATT&CK (NSA-funded, maintained by MITRE). SPARTASpace Attack Research and Tactic Analysis (The Aerospace Corporation). ESA Space ShieldEuropean Space Agency space-system threat framework.

EU & Global

NIS2 Directive (EU 2022/2555)Risk management and 24h/72h incident reporting; space sector in scope. EU Space Act (proposal, 25 Jun 2025)Space-specific resilience and cybersecurity obligations; extraterritorial scope. ENISA Space Threat LandscapeEuropean threat landscape and recommendations for space operators. Cyber Resilience Act (CRA)Connected hardware/software requirements; applies from December 2027.

Open-Source Vocabulary & Tooling

METEORSTORM MISP taxonomyThe course vocabulary, live and open source in the MISP taxonomy repository. MISP / CIRCLComputer Incident Response Center Luxembourg, maintainers of MISP. RootAPublic-domain open detection language (YAML) used in Module 04 to write portable signatures. (github.com/UncoderIO/Roota) Uncoder.IOOpen-source IDE and translation engine that ports RootA rules across SIEM, EDR, and XDR formats. SpaceCOP & Indicators of BehaviorDHS S&T + Aerospace Corp. on-board intrusion-detection prototype. CROO (Cyber Resilience On-Orbit)Proof Labs on-board IDS for the Space Force.

Community & Reporting

Space ISACSpace Information Sharing and Analysis Center. Air & Space Forces MagazineWaterman, “New Cybersecurity Rules for Pentagon’s Commercial Satellite Vendors,” Nov 19, 2025. Via Satellite“DHS Wants Satellite Volunteers to Test New Cyber Tools,” Nov 17, 2025. Defense Daily“New National Space Cybersecurity Policy Emphasizes Intrusion Detection,” Nov 18, 2025. Mayer Brown legal analysis“Securing the Final Frontier,” Dec 11, 2025 (US and EU regulatory map).