The National Cybersecurity Center of Excellence is seeking comments on the initial public draft of the National Institute of Standards and Technology’s cybersecurity framework profile for hybrid satellite networks.

The NIST Interagency Report 8441 will work as a practical tool for organizations involved in the design, acquisition, operation and security of satellite payloads involving HSN, the NCCoE said Tuesday.

Space stakeholders may use the framework to identify data, assets and risks from the CSF that pertain to HSN; use cybersecurity principles and self-assessment to protect HSN; detect cybersecurity-related disturbances of HSN; respond to data anomalies; and resume HSN operations after a cybersecurity incident.

NIST developed the framework in collaboration with subject matter experts including satellite builders, consultants, acquisition authorities, commercial and government operators, academia and other stakeholders.

Interested parties have until July 5 to submit comments on the draft framework.

The CSC 2.0 project, the successor to the Cyberspace Solarium Commission, has released a report offering recommendations to improve collaboration between the public and private sectors in protecting U.S. critical infrastructure and address considerations that require an update to the Presidential Policy Directive 21.

According to the report, PPD-21 created strategic goals for safeguarding critical infrastructure, designated 16 critical infrastructure sectors and assigned a sector-specific agency to each sector.

The report calls for the current administration to rewrite PPD-21 by identifying strategic changes and clarifying the roles and responsibilities of the Cybersecurity and Infrastructure Security Agency as the national risk management agency. It also tasks the administration with facilitating accountability and addressing questions around the organization and designation of critical infrastructure sectors and assigned sector risk management agencies, CSC 2.0 said Wednesday.

According to the document, the White House and Congress should support the PPD-21 rewrite and strengthen the effectiveness of public-private collaboration with several measures.

These include strengthening CISA’s capabilities to carry out its responsibilities as NRMA, resourcing SRMAs for the responsibilities they have and developing a functional capacity to facilitate information sharing across all sectors, as well as organizing public-private collaboration to mitigate systemic and cross-sector risks, identifying a way to support, catalog and protect priority infrastructure and ensuring an effective emergency response.

In April, CSC 2.0 issued a report concluding that space systems should be designated as a U.S. critical infrastructure sector.

The Cybersecurity and Infrastructure Security Agency and the FBI have jointly published recommendations to protect organizations against potential attacks by a group called CL0P Ransomware Gang.

CISA announced Wednesday that its new cybersecurity advisory is meant to warn and guide companies and other institutions after Internet-facing web applications were infected with malware traced from the cybercriminals.

The CL0P Ransomware Gang reportedly exploited a vulnerability in a structured query language in MOVEit, a managed file transfer platform developed by Progress Software. Beginning last month, the group infected web applications that used MOVEit and stole data from their underlying databases.

CISA and FBI urged organizations to conduct an inventory that identifies their authorized and unauthorized devices and software. The agencies also reminded that administrator privileges and access should be limited and granted only when necessary.

Software and applications should always be patched and updated to the latest version, and vulnerability assessments should be performed regularly, according to the advisory. The agencies stressed that firewalls, routers and other network infrastructure devices should be strengthened with security configurations and monitored habitually.