Engineering Secure Space Systems

Course Overview

SC301 is the advanced capstone of the S3EP program, designed for the engineers and security officers who make consequential decisions in space programs: Systems Development Life Cycle (SDLC) milestone review gates, Risk Management Framework (RMF) authorization packages, cryptographic architecture choices that must remain secure for a satellite's operational life, and ISSO compliance responsibilities under continuous schedule pressure. The course spans the full engineering and governance lifecycle — from RMF authorization through SDLC milestone integration, secure architecture design for ground and space segments, offensive tradecraft analysis, emerging threats from AI and quantum computing, and the professional ethics and leadership obligations that define the ISSE and ISSO roles. .

What You'll Learn

Eight lessons move from governance and engineering foundations through advanced offensive analysis, architecture design, integrated testing, and professional leadership:

• ISSE role and RMF authorization: the seven RMF steps, ATO categories (ATO, IATO, ATC, ATT), multi-stakeholder governance for programs with multiple authorizing officials, and DoD vs. civilian framework differences

• SDLC security integration: security artifacts and risk acceptance decisions at PDR, CDR, TRR, and ORR — including leading technical review meetings and communicating risk clearly to non-technical stakeholders

• Offensive tradecraft and adversary analysis: the space-domain attack lifecycle using SPARTA TTPs — from initial access through ground network phishing and supply chain insertion, to persistent on-orbit implants and effects delivery

• Emerging threats: AI-enabled attacks and adversarial ML against anomaly detection systems; post-quantum cryptography migration planning using NIST PQC standards; hardware implants, open-source software risks, and AI-generated code in the supply chain

• Ground segment secure architecture: defense-in-depth design, zero-trust networking, micro-segmentation, SBOM/HBOM governance, data flow threat modeling, and emulation planning against ground network replicas

• Space segment secure architecture: secure boot and firmware integrity, on-orbit key management without physical access, cryptographic agility for post-quantum algorithm migration, software-defined satellite security, and HIL/digital twin emulation

• Engineering-integrated testing: lifecycle test strategy design, threat-model-to-test-case traceability, V&V, Cyber Resiliency T&E, OT&E, and producing ATO-quality documentation (SAR, POA&M)

• ISSO operations, ethics, and leadership: vulnerability scanning and CVE-driven patch prioritization, DCO execution and SIEM management, continuous monitoring per NIST SP 800-137, professional ethics (responsible disclosure, conflicts of interest, whistleblower obligations), and building security-conscious organizational culture

How Space Cybersecurity Differs from Enterprise Cybersecurity

Operational Technology for Spacecraft

SC301 teaches 'left of launch' security engineering: requirements embedded in design documents, validated at every SDLC milestone, and demonstrated in test evidence before the vehicle leaves the ground, because there are few opportunities to add security after launch. The cryptographic dimension has no enterprise analogue. A server running a deprecated cipher can be updated overnight; a satellite using the same cipher may remain in operational service until 2040, well within the timeline for cryptographically relevant quantum computers. SC301 teaches cryptographic agility as an engineering discipline: designing on-orbit algorithm migration as an authorized software command procedure rather than treating it as a future retrofit.

Special Mission Data Handling for Ground Systems

Applying RMF to a mission operations center means drawing simultaneously on NIST SP 800-53, NIST SP 800-82 for OT-like command and control functions, NISPOM for classified data handling, and ITAR for export control obligations on technical data and software—all for the same system. SC301 teaches the tailoring and overlay process, multi-stakeholder authorization structures, and BOM governance frameworks that satisfy all applicable regulatory requirements across a program's full lifecycle. These are skills that have no analogue in enterprise IT, where a single authorization framework typically applies and the data being protected does not carry physical control authority over orbital assets.

NOTE: This course is often available as part of a course package, where each course is taught in a series. When registering, watch for combined courses availability.