A 7-slide introduction. What METEORSTORM is, what problem it solves, the five functions, and the value points that distinguish it from the frameworks you already use.
A modern commercial satellite operator defends against kinetic, directed-energy, electronic-warfare, cyber-warfare, and environmental hazards simultaneously — often within a single converged campaign. Adversaries coordinate across domains. Defenders, until now, have not had a shared framework to describe what they are defending against.
| Discipline | Reasons in |
|---|---|
| Cyber analyst | MITRE ATT&CK tactics & techniques |
| Space systems engineer | ECSS segments & subsystems |
| Space threat analyst | SPARTA techniques |
| Cloud security analyst | CSA CCM controls |
| NIST risk manager | SP 800-53 control families · SP 800-160 resilience goals |
| AI risk practitioner | NIST AI RMF · MITRE ATLAS · AICM |
Four structural layers describe the platform in a language every discipline can read. One analytic layer is the single layer where external frameworks (ATT&CK, SPARTA, ATLAS, AICM, 800-160, …) attach. Evolution in the peer-framework ecosystem becomes a taxonomy update at the analytic layer — not a re-architecting of the framework.
A resilient cyber operations framework for converged terrestrial, aquatic, aerial, orbital, and deep-space platforms — providing the shared vocabulary, structural data model, and five-function process that lets cybersecurity, sat ops, RF engineering, maritime, and aviation teams collaborate in defense of the platforms they all touch.
| # | Function | Purpose · Output |
|---|---|---|
F1 | Concept of Operations (CONOPS) | Establishes the mission-grounded structural foundation. Enumerates PCE, SEG, SVC, AST. Output: the structural record every later function consumes. |
F2 | Contextualized Threat Modeling | Overlays threat logic onto the CONOPS. Identifies failure concerns and formalizes each as AN-THR attached to the structural elements it affects. Output: a mission-specific threat model. |
F3 | Converged Detection Engineering | Transforms the threat model into operationally actionable detection capabilities. Output: detection signatures (AN-DET) and a resilience baseline. |
F4 | Incident Response Preparedness | Turns the resilience baseline into operational practice. Dashboards, compensating controls, tiered playbooks. Output: resilience measures (AN-RES) and a closed-loop improvement cycle. |
F5 | Adversary Management | Maintains structured adversary profiles synchronized with detection engineering so observation translates into concrete defensive action. |
Cybersecurity, satellite operations, RF engineering, maritime security, and aviation security teams describe the same platform — and the same threat — in compatible terms. No translation step.
Parent-child references mean a detection on an asset is automatically traceable to the service it implements, the segment that hosts it, and the environment it sits in.
ATT&CK, SPARTA, ATLAS, AICM, 800-160 attach at the analytic layer. Evolution in the peer ecosystem becomes a taxonomy update — not a re-architecting of the framework.
The taxonomy-based tagging pattern applies to any platform that supports taxonomy tagging — OpenCTI, ThreatConnect, Anomali, in-house. The structural approach is portable across whatever stack you already use.
Concept of Operations — decompose a platform into the four structural METEORSTORM layers and produce the record every later function attaches to.