<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:628436512;
mso-list-template-ids:2007560754;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1633096117;
mso-list-template-ids:-306395762;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1934121658;
mso-list-template-ids:-623457308;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<div id="divtagdefaultwrapper">
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt">Dear CESG,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">It appears that the Security WG did provide a response to the request for examples of security issues being addressed in Green Books. I think their examples are useful and germane. Please review and see if
you concur.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">If we have consensus on this topic I would then propose including such a change in the next revision of the CCSDS Org & Proc YB, A02.1-Y-4.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Thanks, Peter<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;color:black">
<hr size="0" width="100%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Weiss, Howard [US-US]<br>
<b>Sent:</b> Friday, June 9, 2023 3:15 PM<br>
<b>To:</b> Shames, Peter M (US 312B)<br>
<b>Cc:</b> Weiss, Howard [US-US]<br>
<b>Subject:</b> RE: SEA SecWG request for "security in all docs"</span><span style="font-size:12.0pt;color:black">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p><span style="color:black">Peter,<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">In a non-scientific but informed examination of the existing published Green Books (excluding those produced by the security working group), here are my top X picks that should include security:<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">CCSDS 130.0-G: Overview of Space Communications Protocols (revised April 2023)</span></u><span style="color:black"> – this document references many security documents and mentions security including
SCPS-SP. But there is no detailed treatment of security and it doesn’t even appear in Figure 2-1 “space communications protocols reference model” which depicts layering.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">CCSDS 130.12-G: CCSDS Protocols over DVB-S2
</span></u><span style="color:black">– another protocol document that should at least discuss security and should really incorporate security (but doesn’t). Not even one instance of the word ‘security.’<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:black">CCSDS 140.1-G: Real-Time Weather and Atmospheric Characterization Data – The word ‘security’ doesn’t even appear once in this document which is concerned with the capture and use of real-time weather
data which at least should be aware of data integrity if nothing else. <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">CCSDS 312.0-G: Reference Architecture for Space Information Management</span></u><span style="color:black"> – claims to describe a reference space information management architecture ‘that encompasses
the capture, management, access, and exchange of data…’ But no mention or discussion of security.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">CCSDS 706.1-G: Motion Imagery and Applications</span></u><span style="color:black"> – document alludes to security but only brushes on the topic despite the need for integrated security mechanisms.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">CCSDS 706.2-G: Voice Communications</span></u><span style="color:black"> – acknowledges the need for security and includes section 3.2.3.3 (Security) which says that ‘security for voice links is important’
but little else is discussed.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="color:black">Data Archive Information GBs (e.g., CCSDS 64x series, CCSDS 651.2-G)</span></u><span style="color:black"> – Documents that describe how data should be archived for storage and interchange. There should
be, at a minimum, data integrity mechanisms as well as access controls and maybe even security of data at rest.
<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">I hope this helps to explain the request from the Security Working Group. Would it help to have a WebEx with Klaus Jurgen and Tim (others?)?<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">Regards<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">howie<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p><b><span style="color:black">From:</span></b><span style="color:black"> Shames, Peter M (US 312B) <peter.m.shames@jpl.nasa.gov>
<br>
<b>Sent:</b> Saturday, June 3, 2023 3:21 PM<br>
<b>To:</b> Weiss, Howard [US-US] <Howard.Weiss@parsons.com><br>
<b>Cc:</b> SEA-Sec <sea-sec@mailman.ccsds.org><br>
<b>Subject:</b> [EXTERNAL] SEA SecWG request for "security in all docs"<o:p></o:p></span></p>
</div>
</div>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">Howie,<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">Ask and yea shall receive (just maybe not what was hoped for).<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">In the recent CESG and CMC meetings I brought your request forward. The response from the CESG was lukewarm, and they were concerned with the impact on work flow.<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">I pointed out that all WGs were required to produce a Security section for all Blue and Magenta Books, and that little added study or other effort should be needed to add a paragraph about this to a Green Book. Orange Books are
already covered, and Yellow Book test reports for Blue Books are already covered.<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black">The CMC’s response was this:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l0 level1 lfo2"><b><i><span style="color:#FC1233">=> Request to Security WG for a few examples of GB material</span></i></b>
<o:p></o:p></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="color:black;mso-list:l0 level2 lfo2"><b><i><span style="color:#FC1233">Include examples in Resolution to CESG & CMC</span></i></b><o:p></o:p></li></ul>
</ul>
<p><span style="color:black">They want you to pick a “few” candidate Green Books, analyze what you think would belong in such a GB as the “paragraph of security material”, and then provide these back to the CESG and CMC for review. I suspect that you can do
this easily, so please do so.<o:p></o:p></span></p>
<p><span style="color:black">The other question that came up, from Tim Pham, was just what you meant to do with…<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><i><span style="color:#FC1233">=> "adoption" of Aerospace version of SPARTA (ATT&CK Framework for Space). Will this be a MB or BB, do we need to modify it for our use or just use it as it is?</span></i></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="color:black">The slides were not clear about whether you planned to adopt this, adapt it, cover page it, or just point to it. If it is to become a new SecWG project you will need to add it to the Project list.<o:p></o:p></span></p>
<p><span style="color:black">Thanks, Peter<o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected
by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading,
dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained
herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately,
and the sender will provide you with further instructions.<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>