YOU'VE BEEN HIRED.
Three mandates govern the cybersecurity work at Kestrel Orbital, and they carry equal weight. In the United States, Executive Order 14144 directs cybersecurity requirements for civil space systems that include protection of command and control: encryption of commands, integrity of commands in transit, verification that an authorized party is the source of each command, and rejection of unauthorized command and control attempts. In Europe, the NIS2 Directive (EU) 2022/2555 designates Space a sector of high criticality and applies to operators of ground-based infrastructure that supports space-based services, the category Kestrel Orbital operates in. The directive requires cryptography and encryption, access control and multi-factor authentication, incident handling, and incident reporting on fixed deadlines: an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month. The third mandate is Kestrel Orbital's own: the organization requires information sharing with the Space Information Sharing and Analysis Center (Space ISAC), membership, a working machine-to-machine connection from its Threat Intel Platform, and the practice of contributing to and consuming from the space community. Your department will drive that effort, Kestrel Orbital's contribution to #spacecollectivedefense.
You have been hired as the change agent to prepare Kestrel Orbital's response. Three departments defend the platform: the Security Operations Center, the Satellite Operations Center, and Satellite Development and Engineering. Each describes the same platform in its own vocabulary, so work handed from one department to another has to be re-explained on arrival, and documentation prepared for one regulator has to be rebuilt for the other. You will establish a new department to close that gap: Space Cybersecurity Operations and Resilience (SCOR). Its mission is one unified view of the platform shared by all three departments, context and enrichment together: one shared way to locate every part of the platform, and one shared way to record what analysis attaches to it. SCOR will carry that mission on one machine-readable cyber resilience framework, METEORSTORM, and its five functions: decompose the platform, model the threats against it, engineer converged detection, prepare incident response, and manage the adversary, and through them it will evolve the organization toward resilient cyber operations. The third mandate will be yours to deliver directly: SCOR will establish the Space ISAC channel and keep intelligence moving both ways between the organization and the space community.
The organization's response to all three mandates will draw on the deliverables those five functions produce. The decomposition will document the command path under protection, and the threat model will record the risk basis regulators expect to see. Converged detection engineering and incident response preparation will support the organization's ability to detect, report, and recover within the required deadlines, and adversary management will work to keep the protections effective over time. Over the ten days ahead you will produce each artifact and assemble the evidence behind the response.
The schedule is ten days. Day Zero is orientation. Days one through five, you will apply the METEORSTORM cyber resilience framework, one function per day. Days six through ten, you will work missions in the Satellite Operations Center.
Before day one, you sit through orientation: how the team thinks, why space is no longer a sanctuary, and the shared language that holds the rest of the work together.
▶METEORSTORM OverviewYour first five days on the job. One function each day, in order, applying the METEORSTORM cyber resilience framework end to end on the platform. Each function's deliverable supports the organization's work to meet Executive Order 14144 and the NIS2 Directive.
Before the organization puts you on the floor, it verifies your command of the framework. Forty questions, drawn at random across the five functions you just applied. Score 80% or better to pass. Your results include a topic breakdown and a question-by-question review showing exactly what to revisit.
Your next five days. You work in the Satellite Operations Center, one scored mission each day, from standing up the team to running a full incident response. The missions exercise the organization's ability to detect, report, and recover as Executive Order 14144 requires, within the deadlines the NIS2 Directive sets.
Before it signs you off, the organization verifies that your work on the floor holds under examination. Forty questions, drawn at random across your five missions. Score 80% or better to pass. Your results include a topic breakdown and a question-by-question review showing exactly what to revisit.