01
A mission leader receiving a nominal-operations briefing from an operator in front of a status board showing orbital tracks and telemetry waveforms
MISSION THREE OBSERVE
Mission Three
OBSERVE.
“Clean comms on a calm day is the muscle you need on a bad day.”

With your roles and playbooks in hand, the mission leader asks for a status briefing on satellite and payload operations, and you rehearse it on live telemetry. This run carries no incident, so you build the muscle of clean reporting before any incident forces it.

MISSION THREE · MOD 08
00/00
UTC
02
Learn / Apply / Build / Simulate · the LABS framework, mapped to KSAT

OBJECTIVES

Mission Three of five. Six objectives, in the order you build them. Each marker below also tags the work that builds toward it.

Marker LABS KSAT Statement
L1(L)EARNKnowledgeKnow the three things a mission leader needs in a nominal-ops briefing: where the platform is, what it did, and what it is cleared to do next.
L2(L)EARNKnowledgeKnow the briefing flow and the rule of sixty: the mission lead opens and closes, each operator reports in sixty seconds.
A1(A)PPLYSkillReport vehicle state (attitude, power, thermal, link) and payload state (mode, tasking, quality, downlink) in one clean pass.
A2(A)PPLYSkillCall a next-window go or no-go for your role and defend it in one sentence.
B1(B)UILDAbilityDeliver a complete two-minute briefing with no gaps: state, actions, anomalies (even none), and go / no-go.
S1(S)IMULATETaskRehearse and deliver a live nominal-ops briefing on the platform, and work the scored in-platform objective.
MISSION THREE · MOD 08
00/00
UTC
00
Mission Roadmap · your path through this mission, start to finish

MISSION ROADMAP

Start here01Mission brief
02Briefing discipline
03Deliver the briefing
04Front-line transfer
Finish05Debrief & exam
follow the path left to right · each step builds on the one before
MISSION THREE · MOD 08
00/00
UTC
02
Build on Mission Two · what each role observes and reports

WHAT YOU OBSERVE

With your roles set, you now report from each console. A nominal-ops briefing tells the mission leader three things in two minutes: where you are, what you did, and what is next. Here is what each role observes and reports.

▷ MISSION LEAD

Focus: open, run, and close the briefing.

  • · Set the window and who is on
  • · Keep each report to sixty seconds
  • · Call the next-window go / no-go
  • · Take questions, then close
A mission lead standing at a supervisory console directing the team, with overview screens behind
▷ SATELLITE OPERATIONS

Focus: observe and report the bus.

  • · Attitude, power, thermal, link
  • · What you did this window
  • · Anomalies, even none
  • · Vehicle go / no-go for next window
A satellite operator at a console watching cyan spacecraft-orbit and bus-health displays
▷ PAYLOAD OPERATIONS

Focus: observe and report the payload.

  • · Mode, tasking, capture quality, downlink
  • · Product captured this window
  • · Anomalies, even none
  • · Payload go / no-go for next window
A payload operator at a console watching green earth-observation imagery and downlink displays
RULE OF SIXTY · The mission leader wants three things: where the platform is, what it did, and what it is cleared to do next. Each role reports in sixty seconds. This run carries no incident, so you build the muscle before one forces it.
MISSION THREE · MOD 08
00/00
UTC
03
In the platform · scored · operational skill validation

YOUR MISSION OBJECTIVE & QUESTIONS

You rehearse the briefing, then deliver it live. Inside the Zendir operator platform you work a mission objective and answer ten fixed questions. The platform scores your answers, so this is operational skill validation, not a quiz. The final objective and questions are confirmed with Zendir.

▷ MISSION OBJECTIVE · IN-PLATFORM

Produce a clean nominal-operations SITREP from live telemetry for your role and give an explicit go/no-go on the next window.

SCENARIO · ZENDIR
Orbit: MEO, circular · ~3,122 km · 63° inclination
Ground stations: Ankara, Auckland, Bangkok, Santiago
Tasking: Earth observation over the Aegean Sea and the Tasman Sea
▷ TEN FIXED QUESTIONS · SCORED IN-PLATFORM
SATELLITE OPERATIONS
Q1. SITREP source: which interface best establishes link quality for the last pass?
Q2. Which telemetry signatures on the next pass would move your SITREP from GREEN to YELLOW?
Q3. Which comms data points are cyber-relevant (not just maintenance-relevant) for the SITREP?
Q4. SITREP data point: what ping cadence (seconds) confirms nominal command-ack timing?
PAYLOAD OPERATIONS
Q5. Capture result: how many red vessels were imaged in the Aegean Sea?
Q6. Capture result: how many orange vessels were imaged in the Tasman Sea?
Q7. Before the payload SITREP declares a capture 'good', what must be verified?
Q8. Which payload signals are cyber-relevant rather than maintenance-relevant?
MISSION LEAD
Q9. Combining the SatOps and Payload SITREPs, what should the Mission Lead DROP?
Q10. What should the single most important line (BLUF) of the mission SITREP state?

NOTE · Fixed questions, answered and scored in the Zendir platform as operational skill validation.

LIVE DELIVERY · The scored objective and questions are in the platform. The live briefing to the mission leader stays a team exercise: rehearse first, then deliver.
MISSION THREE · MOD 08
00/00
UTC
04
From the floor to the front lines · take it back to your organization

FROM THE FLOOR TO THE FRONT LINES

This work is not meant to stay on the operations floor. Take your briefing sheets back to your organization and start the work there. They are how you bring Security Operations, Satellite Operations, and Satellite Design and Engineering onto the same page.

▷ TAKE IT BACK

Walk your briefing sheets off the operations floor and into your own operations. Start this work with your team when you get back.

DOWNLOAD · Fill each briefing sheet with your team, then download it as a PDF or a DOC to take to your work center.
MISSION THREE · MOD 08
00/00
END
DETECT MISSION FOUR MODULE 09
Mission Three complete · Mission Four next

DETECT.

Mission Four brings the first anomalies. You triage alerts and escalate confirmed incidents to the mission lead.

CARRY FORWARD
Your two briefing sheets, built on the incident-response plan framework and ready to adapt at your organization.
IN MISSION FOUR
Alert versus incident, triage workflow, mission-lead escalation report.
END
MISSION THREE · MOD 08
00/00
'; var blob=new Blob(['',html],{type:'application/msword'}); var url=URL.createObjectURL(blob); var a=document.createElement('a'); a.href=url; a.download=name+'.doc'; document.body.appendChild(a); a.click(); document.body.removeChild(a); setTimeout(function(){URL.revokeObjectURL(url);},1000); }); }); })();
REFERENCE LIBRARY

Standards, Policies & Sources

The instruments this course aligns to. Each element links to its primary source.

U.S. National Security Space Policy

CNSS Policy No. 12 (CNSSP-12)Information-assurance policy for national security space systems. CNSS Instruction 1200 (CNSSI 1200), Aug 2025Implementing requirements: on-board intrusion detection, hardware root-of-trust, patch management. DoDI 8581.01Information-assurance policy for space systems used by the DoD. Space Policy Directive 5 (SPD-5), 2020First comprehensive U.S. cybersecurity principles for space systems.

Executive Orders

EO 14144 (Jan 16, 2025)Strengthening and Promoting Innovation in the Nation’s Cybersecurity. EO 14306 (Jun 6, 2025)Sustaining select efforts, amending EO 13694 and EO 14144.

NIST Standards & FISMA

NIST SP 800-53 Rev. 5Security and privacy controls; IR-3 incident-response testing. NIST SP 800-37 Rev. 2Risk Management Framework; continuous monitoring and annual control assessment. NIST IR 8270Introduction to Cybersecurity for Commercial Satellite Operations. NIST IR 8401Satellite Ground Segment cybersecurity framework profile. NIST IR 8441Cybersecurity Framework Profile for Hybrid Satellite Networks. NIST SP 800-160 Vol. 2 Rev. 1Cyber resiliency goals: Anticipate, Withstand, Recover, Adapt. FISMAFederal Information Security Modernization Act; annual program review obligation.

Threat Frameworks (analytic layer)

MITRE ATT&CKAdversary tactics and techniques knowledge base. MITRE CAPECCommon Attack Pattern Enumeration and Classification; dictionary of attack patterns that exploit known weaknesses. MITRE D3FENDKnowledge graph of defensive countermeasures and techniques, mapped to ATT&CK (NSA-funded, maintained by MITRE). SPARTASpace Attack Research and Tactic Analysis (The Aerospace Corporation). ESA Space ShieldEuropean Space Agency space-system threat framework.

EU & Global

NIS2 Directive (EU 2022/2555)Risk management and 24h/72h incident reporting; space sector in scope. EU Space Act (proposal, 25 Jun 2025)Space-specific resilience and cybersecurity obligations; extraterritorial scope. ENISA Space Threat LandscapeEuropean threat landscape and recommendations for space operators. Cyber Resilience Act (CRA)Connected hardware/software requirements; applies from December 2027.

Open-Source Vocabulary & Tooling

METEORSTORM MISP taxonomyThe course vocabulary, live and open source in the MISP taxonomy repository. MISP / CIRCLComputer Incident Response Center Luxembourg, maintainers of MISP. RootAPublic-domain open detection language (YAML) used in Module 04 to write portable signatures. (github.com/UncoderIO/Roota) Uncoder.IOOpen-source IDE and translation engine that ports RootA rules across SIEM, EDR, and XDR formats. SpaceCOP & Indicators of BehaviorDHS S&T + Aerospace Corp. on-board intrusion-detection prototype. CROO (Cyber Resilience On-Orbit)Proof Labs on-board IDS for the Space Force.

Community & Reporting

Space ISACSpace Information Sharing and Analysis Center. Air & Space Forces MagazineWaterman, “New Cybersecurity Rules for Pentagon’s Commercial Satellite Vendors,” Nov 19, 2025. Via Satellite“DHS Wants Satellite Volunteers to Test New Cyber Tools,” Nov 17, 2025. Defense Daily“New National Space Cybersecurity Policy Emphasizes Intrusion Detection,” Nov 18, 2025. Mayer Brown legal analysis“Securing the Final Frontier,” Dec 11, 2025 (US and EU regulatory map).