YOU'VE BEEN HIRED.
You have joined Kestrel Orbital to stand up a new department, Space Cybersecurity Operations and Resilience (SCOR), and to drive the organization toward resilient cyber operations. Three mandates make that work non-negotiable, and they carry equal weight. In the United States, Executive Order 14144 directs cybersecurity requirements for civil space systems that include protection of command and control: encryption of commands, integrity of commands in transit, verification that an authorized party is the source of each command, and rejection of unauthorized command and control attempts. In Europe, the NIS2 Directive (EU) 2022/2555 designates Space a sector of high criticality and applies to operators of ground-based infrastructure that supports space-based services, the category Kestrel Orbital operates in. The directive requires cryptography and encryption, access control and multi-factor authentication, incident handling, and incident reporting on fixed deadlines: an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month. The third mandate is Kestrel Orbital's own, set by an executive memorandum from the CEO and CTO: the organization requires information sharing with the Space Information Sharing and Analysis Center (Space ISAC), membership, a working machine-to-machine connection from its Threat Intel Platform, and the practice of contributing to and consuming from the space community. That memorandum scopes what crosses the channel to a defined set of METEORSTORM analytic elements, exchanged machine to machine, redacted and policy-gated. These three set your scope. They are not the security program; the department you build to meet them is. Your department will drive that effort, Kestrel Orbital's contribution to #spacecollectivedefense.
The gap you were hired to close is this: the three departments that defend the platform, the Security Operations Center, the Satellite Operations Center, and Satellite Development and Engineering, each describe the same platform in their own vocabulary, so work handed from one to another has to be re-explained on arrival, and documentation prepared for one regulator has to be rebuilt for the other. SCOR closes that gap with one unified view of the platform shared by all three departments, context and enrichment together: one shared way to locate every part of the platform, and one shared way to record what analysis attaches to it. SCOR carries that mission on one machine-readable cyber resilience framework, METEORSTORM, and its five functions: decompose the platform, model the threats against it, engineer converged detection, prepare incident response, and manage the adversary. The third mandate is yours to deliver directly: within the scope its executive memorandum sets, SCOR establishes the Space ISAC channel and keeps intelligence moving both ways between the organization and the space community.
The organization's response to all three mandates will draw on the deliverables those five functions produce. The decomposition will document the command path under protection, and the threat model will record the risk basis regulators expect to see. Converged detection engineering and incident response preparation will support the organization's ability to detect, report, and recover within the required deadlines, and adversary management will work to keep the protections effective over time. Over the ten days ahead you will produce each artifact and assemble the evidence behind the response.
The schedule is ten days. Day Zero is orientation. Days one through five, you will apply the METEORSTORM cyber resilience framework, one function per day. Days six through ten, you will work missions in the Satellite Operations Center.
Before day one, you sit through orientation: how the team thinks, why space is no longer a sanctuary, and the shared language that holds the rest of the work together.
▶METEORSTORM OverviewYour first five days on the job. One function each day, in order, applying the METEORSTORM cyber resilience framework end to end on the platform. Each function's deliverable supports the organization's work to meet Executive Order 14144 and the NIS2 Directive.
Before the organization puts you on the floor, it verifies your command of the framework. Forty questions, drawn at random across the five functions you just applied. Score 80% or better to pass. Your results include a topic breakdown and a question-by-question review showing exactly what to revisit.
Your next five days. You work in the Satellite Operations Center, one scored mission each day, from standing up the team to running a full incident response. The missions exercise the organization's ability to detect, report, and recover as Executive Order 14144 requires, within the deadlines the NIS2 Directive sets.
Before it signs you off, the organization verifies that your work on the floor holds under examination. Forty questions, drawn at random across your five missions. Score 80% or better to pass. Your results include a topic breakdown and a question-by-question review showing exactly what to revisit.