UTC
01
An operator documenting a role-specific procedure with three role-perspective monitors visible behind the workstation
MISSION TWO FOCUS
Mission Two
FOCUS.
“When the pressure hits, you do not rise to the occasion. You fall to the clarity of your role.”

You came out of Mission One with your roles set. In Mission Two you sharpen your role: the platform interfaces you use, what you are authorized to do alone, and the points where you hand off to another role.

MISSION TWO · MOD 07
00/00
UTC
02
Learn / Apply / Build / Simulate · the LABS framework, mapped to KSAT

OBJECTIVES

Mission Two of five. Six objectives, in the order you build them. Each marker below also tags the work that builds toward it.

Marker LABS KSAT Statement
L1(L)EARNKnowledgeKnow what defines a role’s focus: the interfaces it drives, what it does alone, what it co-signs, and what it escalates.
L2(L)EARNKnowledgeKnow the five lines every role holds: identity, interfaces, solo authority, collaborative actions, and mission-lead-approved actions.
A1(A)PPLYSkillMap each commanded action on the platform to one role and one authority level: solo, collaborative, or escalated.
A2(A)PPLYSkillName the handoffs between roles, who co-signs what, and who must approve before execution.
B1(B)UILDAbilityMake a role’s focus complete: every action it can take is accounted for, with no action left unassigned.
S1(S)IMULATETaskOperate your role from a clear focus on the platform, and work the scored in-platform objective for that role.
MISSION TWO · MOD 07
00/00
UTC
00
Mission Roadmap · your path through this mission, start to finish

MISSION ROADMAP

Start here01Mission brief
02Sharpen role focus
03Operate your role
04Front-line transfer
Finish05Debrief & exam
follow the path left to right · each step builds on the one before
MISSION TWO · MOD 07
00/00
UTC
02
Build on Mission One · what each role focuses on

WHAT YOU FOCUS ON

You came out of Mission One with your roles set. Mission Two sharpens each role’s focus: what you own, what you do alone, and where you hand off. Here is what each role owns.

▷ MISSION LEAD

Focus: what you direct and approve.

  • · The objective and escalation thresholds
  • · What you decide alone
  • · What you delegate to ops
  • · The handoffs and go / no-go you call
A mission lead standing at a supervisory console directing the team, with overview screens behind
▷ SATELLITE OPERATIONS

Focus: the bus you fly.

  • · The consoles and panels you drive
  • · Actions you take alone
  • · Actions you co-sign with payload ops
  • · What you escalate to the mission lead
A satellite operator at a console watching cyan spacecraft-orbit and bus-health displays
▷ PAYLOAD OPERATIONS

Focus: the payload you work.

  • · Tasking, capture, and downlink
  • · Actions you take alone
  • · Actions you co-sign with satellite ops
  • · What you escalate to the mission lead
A payload operator at a console watching green earth-observation imagery and downlink displays
FOCUS · Your role breaks into five clear lines: who you are, the interfaces you drive, what you do alone, what you co-sign, and what you escalate. Hold those lines and you never wonder whose call it is.
MISSION TWO · MOD 07
00/00
UTC
03
In the platform · scored · operational skill validation

YOUR ROLE-SPECIFIC OBJECTIVE & QUESTIONS

Now that you hold a role, the platform tests it. Inside the Zendir operator platform you work a mission objective and answer ten fixed questions about your own role. The platform scores your answers, so this is operational skill validation, not a quiz. The final objective and questions are confirmed with Zendir.

▷ MISSION OBJECTIVE · IN-PLATFORM

Operate your assigned role across repeated ground-station passes, running your one-page playbook against nominal Earth-observation tasking.

SCENARIO · ZENDIR
Orbit: MEO, circular · ~2,622 km · 26° inclination
Ground stations: Cape Town, Singapore, Honolulu, Santiago
Tasking: Earth observation over the Strait of Malacca and Hawaii
▷ TEN FIXED QUESTIONS · SCORED IN-PLATFORM
MISSION LEAD
Q1. What should the Mission Lead confirm at the start of each ground-station pass?
Q2. Which action should the Mission Lead approve personally rather than delegate?
Q3. What should the Mission Lead review immediately after a pass ends?
SATELLITE OPERATIONS
Q4. What is the correct first action at pass acquisition?
Q5. Which conditions should cause Satellite Operators to notify the Mission Lead?
Q6. What should Satellite Operations do when the contact window is about to end?
PAYLOAD OPERATIONS
Q7. How many yellow vessels are in the Strait of Malacca?
Q8. How many green vessels are around Hawaii?
Q9. What must Payload Operations verify before releasing a captured product?
Q10. Which findings should cause Payload Operations to hold a downlinked product as suspect?

NOTE · Fixed questions, answered and scored in the Zendir platform as operational skill validation.

MISSION LEAD
Answer for what you direct and approve.
SATELLITE OPS
Answer for the bus you fly.
PAYLOAD OPS
Answer for the payload you work.
MISSION TWO · MOD 07
00/00
UTC
04
From the floor to the front lines · take it back to your organization

FROM THE FLOOR TO THE FRONT LINES

This work is not meant to stay on the operations floor. Take your role playbooks back to your organization and start the work there. They are how you bring Security Operations, Satellite Operations, and Satellite Design and Engineering onto the same page.

▷ TAKE IT BACK

Walk your playbooks off the operations floor and into your own operations. Start this work with your team when you get back.

DOWNLOAD · Fill each playbook with your team, then download it as a PDF or a DOC to take to your work center.
MISSION TWO · MOD 07
00/00
END
OBSERVE MISSION THREE MODULE 08
Mission Two complete · Mission Three next

OBSERVE.

Mission Three puts your playbooks under live conditions for the first time: a nominal-ops briefing to the mission leader.

CARRY FORWARD
Your three role playbooks, each built on the incident-response plan from Mission One.
IN MISSION THREE
Briefing format for the mission leader, role by role, on live telemetry.
END
MISSION TWO · MOD 07
00/00
'; var blob=new Blob(['',html],{type:'application/msword'}); var url=URL.createObjectURL(blob); var a=document.createElement('a'); a.href=url; a.download=name+'.doc'; document.body.appendChild(a); a.click(); document.body.removeChild(a); setTimeout(function(){URL.revokeObjectURL(url);},1000); }); }); })();
REFERENCE LIBRARY

Standards, Policies & Sources

The instruments this course aligns to. Each element links to its primary source.

U.S. National Security Space Policy

CNSS Policy No. 12 (CNSSP-12)Information-assurance policy for national security space systems. CNSS Instruction 1200 (CNSSI 1200), Aug 2025Implementing requirements: on-board intrusion detection, hardware root-of-trust, patch management. DoDI 8581.01Information-assurance policy for space systems used by the DoD. Space Policy Directive 5 (SPD-5), 2020First comprehensive U.S. cybersecurity principles for space systems.

Executive Orders

EO 14144 (Jan 16, 2025)Strengthening and Promoting Innovation in the Nation’s Cybersecurity. EO 14306 (Jun 6, 2025)Sustaining select efforts, amending EO 13694 and EO 14144.

NIST Standards & FISMA

NIST SP 800-53 Rev. 5Security and privacy controls; IR-3 incident-response testing. NIST SP 800-37 Rev. 2Risk Management Framework; continuous monitoring and annual control assessment. NIST IR 8270Introduction to Cybersecurity for Commercial Satellite Operations. NIST IR 8401Satellite Ground Segment cybersecurity framework profile. NIST IR 8441Cybersecurity Framework Profile for Hybrid Satellite Networks. NIST SP 800-160 Vol. 2 Rev. 1Cyber resiliency goals: Anticipate, Withstand, Recover, Adapt. FISMAFederal Information Security Modernization Act; annual program review obligation.

Threat Frameworks (analytic layer)

MITRE ATT&CKAdversary tactics and techniques knowledge base. MITRE CAPECCommon Attack Pattern Enumeration and Classification; dictionary of attack patterns that exploit known weaknesses. MITRE D3FENDKnowledge graph of defensive countermeasures and techniques, mapped to ATT&CK (NSA-funded, maintained by MITRE). SPARTASpace Attack Research and Tactic Analysis (The Aerospace Corporation). ESA Space ShieldEuropean Space Agency space-system threat framework.

EU & Global

NIS2 Directive (EU 2022/2555)Risk management and 24h/72h incident reporting; space sector in scope. EU Space Act (proposal, 25 Jun 2025)Space-specific resilience and cybersecurity obligations; extraterritorial scope. ENISA Space Threat LandscapeEuropean threat landscape and recommendations for space operators. Cyber Resilience Act (CRA)Connected hardware/software requirements; applies from December 2027.

Open-Source Vocabulary & Tooling

METEORSTORM MISP taxonomyThe course vocabulary, live and open source in the MISP taxonomy repository. MISP / CIRCLComputer Incident Response Center Luxembourg, maintainers of MISP. RootAPublic-domain open detection language (YAML) used in Module 04 to write portable signatures. (github.com/UncoderIO/Roota) Uncoder.IOOpen-source IDE and translation engine that ports RootA rules across SIEM, EDR, and XDR formats. SpaceCOP & Indicators of BehaviorDHS S&T + Aerospace Corp. on-board intrusion-detection prototype. CROO (Cyber Resilience On-Orbit)Proof Labs on-board IDS for the Space Force.

Community & Reporting

Space ISACSpace Information Sharing and Analysis Center. Air & Space Forces MagazineWaterman, “New Cybersecurity Rules for Pentagon’s Commercial Satellite Vendors,” Nov 19, 2025. Via Satellite“DHS Wants Satellite Volunteers to Test New Cyber Tools,” Nov 17, 2025. Defense Daily“New National Space Cybersecurity Policy Emphasizes Intrusion Detection,” Nov 18, 2025. Mayer Brown legal analysis“Securing the Final Frontier,” Dec 11, 2025 (US and EU regulatory map).