Cybersecurity Framework for Space Systems in India - An Analysis of the CERT-In Guidelines 2026
Introduction
In recent years, India has seen tremendous growth in its space industry. The satellite infrastructure of India now provides key services to a variety of sectors, including communication, navigation, broadcasting, disaster management and national security operations. Satellite communications globally will connect remote communities, aid in the delivery of Digital Governance and support India's strategic military capabilities. Given the expanding space ecosystem in India with the involvement of the public sector, private sector and research institutions, the security of satellite communications is becoming increasingly important.
At the same time, as satellite communication technologies become more pervasive, the risk of cyber threats targeting space systems increases. Cyberattacks against satellites, ground terminals or communication networks may critically impact, disrupt, damage, and/or destroy essential services, and expose sensitive information. To mitigate these risks, CERT-In (Computer Emergency Response Team), in collaboration with the SatCom Industry Association of India released a Cyber Security Framework and Guidelines for Space Platforms/Systems, including Satellite Communication, in 2026. This framework aims to establish and enhance cybersecurity measures throughout India's space ecosystem, while guiding how to better prepare for and respond to the growing volume of cyber threat activity targeting Space Systems.
Overview of the CERT-In Space Cybersecurity Framework
CERT-In introduced a dedicated cybersecurity framework for space systems in February 2026. Developed in collaboration with industry stakeholders, the framework provides guidelines to strengthen the security of satellite communication infrastructure across India. Although the guidelines are advisory in nature, they are designed to promote best practices and encourage organisations to adopt robust cybersecurity measures.
The framework targets a wide range of stakeholders involved in satellite communication operations. These include government agencies, satellite operators, ground station operators, equipment manufacturers, technology vendors, and emerging space startups. By outlining cybersecurity principles, technical controls, and governance mechanisms, the framework aims to create a coordinated approach to protecting space assets.
Another key objective of the guidelines is to foster collaboration between the public and private sectors. As India’s space industry expands and private participation increases, maintaining a secure and resilient ecosystem becomes essential. The framework, therefore, emphasises risk management, incident reporting, and continuous monitoring to strengthen the overall cybersecurity posture of the space sector.
Key Components of Satellite Communication Systems
Satellite communication systems are made up of multiple interconnected devices that can be used to deliver communication services. The cybersecurity framework groups these elements into three categories: the space segment, the ground segment, and the user segment.
The space segment is everything related to the satellite itself, including the satellite's onboard systems. This includes the satellite's communication payload, telemetry systems, antennas, power systems, and software that controls its operation. Because satellites operate in remote parts of space with very little opportunity for maintenance, securing these systems is critical in order to guard against unauthorized access to or control of these systems.
The ground segment comprises the terrestrial infrastructure responsible for controlling the satellite's operations. It consists of satellite mission control centres, ground stations, network gateways and data processing facilities. The ground stations send commands to the satellites and receive telemetry data from the satellites, which makes the ground station a very important physical interface point between the satellite asset located in outer space and a terrestrial network.
The user segment contains any device terminal being used by either an individual or an organisation that is accessing a satellite service. Examples of user devices are satellite phones, VSAT terminals, modems, and IoT devices connected to satellite networks. Since these devices connect directly to the communication networks, vulnerabilities in user equipment could also represent a significant threat to the cybersecurity of satellite communications.
Major Cyber Threats to Space Infrastructure
The space systems that support the delivery of satellite communications are being increasingly targeted with multiple types of cyber threats. A major category includes cyber-attacks on communication links between satellites and ground stations. Cyber criminals can attempt to jam the satellite’s communication link, intercept communication signals, or re-transmit previously sent communication signals in order to disrupt the operation of the affected satellites.
Attacks on the systems that control the satellite are serious threats to satellite operations. Cybercriminals and hostile actors can perform command injection attacks where commands are sent to a satellite, and the satellite responds through some undesired action. If cybercriminals are able to gain access to the telemetry or command channels, they can potentially disrupt the operation of the satellite or alter the telemetry data being received from the satellite.
The ground infrastructure that supports satellite communications is still a major target for cybercriminals. Mission control networks and data centres are susceptible to malware, ransomware, phishing, and insider threats. Attackers will frequently target ground stations because they provide a connection point to terrestrial networks and can exploit vulnerabilities from the ground station’s IT systems into the satellite control systems. The combination of these threats illustrates the need for an overall security strategy that encompasses all parts of the satellite communications ecosystem.
Key Security Principles and Measures
A comprehensive overview of multiple principles designed to increase the security of satellite communications is provided in the CERT-In Framework on Cybersecurity for Satellite Communications. The first of these principles, security by design, refers to ensuring that all cybersecurity controls associated with a system are implemented at the time of the system's initial design and development, not afterwards; therefore, security controls should be incorporated throughout the entire lifecycle of a satellite system.
The second principle, which is known as Defense-in-Depth, consists of implementing many different layers or tiers of security controls to protect a system against cyber threats or attacks. An example of the different categories of security controls includes physical security, network security, and access control, among others. By combining security controls across multiple categories, an organisation may be able to reduce the chance that one single vulnerability will result in the loss of the entire system.
The third principle in the Framework, Zero Trust Architecture (ZTA): Users and/or devices located within a network should not be able to rely on implicit trust. Therefore, every request for access to the network will be verified and continuously monitored for potential threats.
The previous two principles stated that secure satellite communications should be conducted using strong encryption and authentication methods, as well as secure communications methods, and that an enterprise monitoring system would be put into place to help detect anomalies or suspicious behaviour.
Conclusion
India is taking an important step toward protecting its expanding space ecosystem by creating a cybersecurity framework to safeguard cyberspace systems from cyber threats. The CERT-In guidelines offer a structured means of reducing the likelihood of cyber threats impacting satellite communication infrastructure through secure system design, continuous monitoring of systems and creating consistent partnerships among organisations. As well as providing evidence that both government and private sector organisations share a collective responsibility for the protection of space assets, both sectors participate in a collaborative effort.
India will need to implement rigorous cybersecurity measures as it expands its space infrastructure in order to ensure the continued availability of critical space infrastructure and ultimately develop its existing commercial satellite business operations with the highest level of safety and security.
References
- https://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW02&refcode=CISG-2026-01
- https://www.pib.gov.in/PressReleasePage.aspx?PRID=2233122®=3&lang=1
Related Blogs
Executive Summary:
A recent claim going around on social media that a child created sand sculptures of cricket legend Mahendra Singh Dhoni, has been proven false by the CyberPeace Research Team. The team discovered that the images were actually produced using an AI tool. Evident from the unusual details like extra fingers and unnatural characteristics in the sculptures, the Research Team discerned the likelihood of artificial creation. This suspicion was further substantiated by AI detection tools. This incident underscores the need to fact-check information before posting, as misinformation can quickly go viral on social media. It is advised everyone to carefully assess content to stop the spread of false information.
Claims:
The claim is that the photographs published on social media show sand sculptures of cricketer Mahendra Singh Dhoni made by a child.
Fact Check:
Upon receiving the posts, we carefully examined the images. The collage of 4 pictures has many anomalies which are the clear sign of AI generated images.
In the first image the left hand of the sand sculpture has 6 fingers and in the word INDIA, ‘A’ is not properly aligned i.e not in the same line as other letters. In the second image, the finger of the boy is missing and the sand sculpture has 4 fingers in its front foot and has 3 legs. In the third image the slipper of the boy is not visible whereas some part of the slipper is visible, and in the fourth image the hand of the boy is not looking like a hand. These are some of the major discrepancies clearly visible in the images.
We then checked using an AI Image detection tool named ‘Hive’ image detection, Hive detected the image as 100.0% AI generated.
We then checked it in another AI image detection named ContentAtScale AI image detection, and it found to be 98% AI generated.
From this we concluded that the Image is AI generated and has no connection with the claim made in the viral social media posts. We have also previously debunked AI Generated artwork of sand sculpture of Indian Cricketer Virat Kohli which had the same types of anomalies as those seen in this case.
Conclusion:
Taking into consideration the distortions spotted in the images and the result of AI detection tools, it can be concluded that the claim of the pictures representing the child's sand sculptures of cricketer Mahendra Singh Dhoni is false. The pictures are created with Artificial Intelligence. It is important to check and authenticate the content before posting it to social media websites.
- Claim: The frame of pictures shared on social media contains child's sand sculptures of cricket player Mahendra Singh Dhoni.
- Claimed on: X (formerly known as Twitter), Instagram, Facebook, YouTube
- Fact Check: Fake & Misleading
Introduction:
The Indian Ministry of Communications has come up with a feature known as "Quick SMS Header Information" to provide citizens with more control over their messaging services. This feature would help users access crucial information about the sender through text message, therefore making the details readily available at their fingertips.
The Quick SMS Header service is the key to providing users with the feature to ensure that they are receiving messages from the correct source. Users can instantly learn all the necessary data about the sender of a certain SMS. This data is invaluable for making the distinction between real messages and suspicious spam or phishing, so the user can have a higher level of defense against online threats and scam activities.
Importance of Checking the Header:
1. Authenticity Verification: SMS header data represents another way to confirm the sender. This feature keeps the end user from wrongly assuming that the SMS is from a trusted source or an unknown sender. Hence, the end user is able to make a choice about the authenticity of the message.
2. Mitigating Spam and Phishing: The rise of SMS and phishing scams has created some significant hurdles for users in the process of differentiating between real and fake messages. Through the Quick SMS Header Information service, people will be able to look up any suspicious messages in order to be able to take appropriate steps to prevent links that lead to malicious websites or requests for personal information.
3. Enhancing User Security: The SMS header information plays an important role in ensuring that the user is secure and has no privacy issues. The checking of the message headers will help us limit the possibilities of bad activities and reduce the chances of being a victim of cybercriminals.
4. Empowering Consumer Awareness: This feature is designed to encourage the people involved to take responsibility for the security of their devices and establish a safer and more dependable digital platform.
Benefits:
- Enhanced Transparency: By giving access to the header information to the users, it is transparency that is promoted within the telecommunications ecosystem.
- Empowered Decision-Making: Now that users have information about the SMS header, they can make informed decisions regarding their communications and privacy.
- Efficient Resolution of Concerns: The Quick SMS Header Information serves the purpose of providing the needed resolution by telling us the message’s origin in cases where users come across any suspicious messages.
- User-Friendly Interface: With its easy and clear process, this feature caters to users of all technical proficiency levels, ensuring accessibility for all.
Working:
1. Compose Your SMS: Write a message with the header you wish to find the information about. For example, if you want to know details about a header labeled "SBIINB," your SMS should be in the format "DETAILS OF SBIINB." Note, all letters are in capital only.
2. Send it to 1909: Once your message is ready, send it to: 1909. Please note, this may charge you depending upon your current plan.
3. Receive Response: The response to your SMS will be sent to you by the concerned telecommunication service provider or directly by 1909, a few seconds after you have sent your message. This response will have the data associated with the header above.
Another method to find SMS header information:
TRAI (Telecom Regulatory Authority of India) has made a tool on the webpage (https://smsheader.trai.gov.in/) to check for the SMS header associated with the message.
TRAI has also mandated header registration for messages pertaining to transactional or promotional purposes. This has helped people identify the SMS header by simply looking into the database as made by TRAI.
Steps:
1. Go to https://smsheader.trai.gov.in/. The page looks like as shown below:
2. Enter your Email, Name and complete the captcha under the Download/View Header Details and click on continue
3. Enter the OTP received on your email with the captcha and click on continue
4. Now enter your SMS header in the format of AA-AAAA, where “AA” is your prefix and “AAAA” is your header name. For example, we have taken “AX-HDFCBK” as our sample header, so “AX” is our prefix and “HDFCBK” is our header name.
5. As soon as we press enter, the site returns the query with the information of the header, as shown below
Conclusion:
The importance of checking SMS headers is something that simply cannot be overemphasized. This is the principal procedure for identifying incoming messages as authentic, and on that basis, the users are able to make informed choices about the messages they receive. It also contributes to the rise of user safety and privacy.
The development of more transparent controls and a stronger decision-making process will make it easier for users to handle their digital lives. The Quick SMS Header Information service is easy and convenient to use, as its interface is simple and understandable for users of all technical levels.
In addition to this, TRAI's attempt to make available an online tool for the maintenance of a comprehensive database of SMS headers strengthens its position towards ensuring security for its users in the telecommunications sector.
.webp)
Introduction
Social media platforms have begun to shape the public understanding of history in today’s digital landscape. You may have encountered videos, images, and posts that claim to reveal an untold story about our past. For example, you might have seen a post on your feed that has a painted or black and white image of a princess and labelled as "the most beautiful princess of Rajasthan who fought countless wars but has been erased from history.” Such emotionally charged narratives spread quickly, without any academic scrutiny or citation. Unfortunately, the originator believes it to be true.
Such unverified content may look harmless. But it profoundly contributes to the systematic distortion of historical information. Such misinformation reoccurs on feeds and becomes embedded in popular memory. It misguides the public discourse and undermines the scholarly research on the relevant topic. Sometimes, it also contributes to communal outrage and social tensions. It is time to recognise that protecting the integrity of our cultural and historical narratives is not only an academic concern but a legal and institutional responsibility. This is where the role of the Ministry of Culture becomes critical.
Pseudohistorical News Information in India
Fake news and misinformation are frequently disseminated via images, pictures, and videos on various messaging applications, which is referred to as “WhatsApp University” in a derogatory way. WhatsApp has become India’s favourite method of communication, while users have to stay very conscious about what they are consuming from forwarded messages. Academic historians strive to understand the past in its context to differentiate it from the present, whereas pseudo-historians try to manipulate history to satisfy their political agendas. Unfortunately, this wave of pseudo-history is expanding rapidly, with platforms like 'WhatsApp University' playing a significant role in amplifying its spread. This has led to an increase in fake historical news and paid journalism. Unlike pseudo-history, academic history is created by professional historians in academic contexts, adhering to strict disciplinary guidelines, including peer review and expert examination of justifications, assertions, and publications.
How to Identify Pseudo-Historic Misinformation
1. Lack of Credible Sources: There is a lack of reliable primary and secondary sources. Instead, pseudohistorical works depend on hearsay and unreliable eyewitness accounts.
2. Selective Use of Evidence: Misinformative posts portray only those facts that support their argument and minimise the facts which is contradictory to their assertions.
3. Incorporation of Conspiracy Theories: They often include conspiracy theories, which postulate secret groups, repressed knowledge. They might mention that evil powers influenced the historical events. Such hypotheses frequently lack any supporting data.
4. Extravagant Claims: Pseudo-historic tales sometimes present unbelievable assertions about historic persons or events.
5. Lack of Peer Review: Such work is generally never published on authentic academic platforms. You would not find them on platforms like LinkedIn, but on platforms like Instagram and Facebook, as they do not pitch for academic publications. Authentic historical research is examined by subject-matter authorities.
6. Neglect of Established Historiographical Methods: Such posts lack knowledge of a recognised methodology and procedures, like the critical study of sources.
7. Ideologically Driven Narratives: Political, communal, ideological, and personal opinions are prioritised in such posts. The author has a prior goal, instead of finding the truth.
8. Exploitation of Gaps in the Historical Record: Pseudo-historians often use missing or unclear parts of history to suggest that regular historians are hiding important secrets. They make the story sound more mysterious than it is.
9. Rejection of Scholarly Consensus: Pseudo-historians often reject the views of experts and historians, choosing instead to believe and promote their strange ideas.
10. Emphasis on Sensationalism: Pseudo-historical works may put more emphasis on sensationalism than academic rigour to pique public interest rather than offer a fair and thorough account of the history.
Legal and Institutional Responsibility
Public opinion is the heart of democracy. It should not be affected by any misinformation or disinformation. Vested interests cannot be allowed to sabotage this public opinion. Specifically, when it concerns academia, it cannot be shared unverified without any fact-checking. Such unverified claims can be called out, and action can be taken only if the authorities take over the charge. In India, the Indian Council of Historical Research (ICHR) regulates the historical academia. As per the official website, their stated aim is to “take all such measures as may be found necessary from time to time to promote historical research and its utilisation in the country,”. However, it is now essential to modernise the functioning of the ICHR to meet the demands of the digital era. Concerned authorities can run campaigns and awareness programmes to question the validity and research of such misinformative posts. Just as there are fact-checking mechanisms for news, there must also be an institutional push to fact-check and regulate historical content online. The following measures can be taken by authorities to strike down such misinformation online:
- Launch a nationwide awareness campaign about historical misinformation.
- Work with scholars, historians, and digital platforms to promote verified content.
- Encourage social media platforms to introduce fact-check labels for historical posts.
- Consider legal frameworks that penalise the deliberate spread of false historical narratives.
History is part of our national heritage, and preserving its accuracy is a matter of public interest. Misinformation and pseudo-history are a combination that misleads the public and weakens the foundation of shared cultural identity. In this digital era, false narratives spread rapidly, and it is important to promote critical thinking, encourage responsible academic work, and ensure that the public has access to accurate and well-researched historical information. Protecting the integrity of history is not just the work of historians — it is a collective responsibility that serves the future of our democracy.
References:
- https://kuey.net/index.php/kuey/article/view/4091
- https://www.drishtiias.com/daily-news-editorials/social-media-and-the-menace-of-false-information
