Policy

National Security Framework of Antarctica (NSF-A)

Purpose

The NSS-SCF sets non-negotiable national-security controls and licensing duties for high-impact sectors. It unifies risk governance, audits, incident response, and enforcement across four categories (A–D). Domestic compliance only: foreign/international certificates may inform practice but are not substitutes for NSF-A authorisations.

1) Core Architecture (applies to all Categories)

1. Assurance Levels: AL1–AL4 (AL4 = highest criticality) define design, audit depth, red-team cadence, and business continuity.
2. Trust & Telemetry: Devices and plants must pass MPSL pre-boot attestation and operate on the Civilian DMZ; all events are journaled to CDD (Certified Digital Democracy) with appeal hooks.
3. People & Competence: Safety-critical roles log ≥ 28 hours/month CPD/CPE; vetting to role.
4. Commercial Controls: CSL (Commercial Science Licence) is mandatory for negotiations (L3 baseline; Bachelor-level for contracts > USD 75,000; Advanced + risk review for > USD 3,000,000).
5. Supply-Chain Integrity: SBOMs, sanctions screening, used-asset appraisal > USD 9,950, and provenance proofs.
6. Information Governance: All public communications are “information distribution” under MIM (Market Information Monopoly) and require ARL scopes.

2) Category A — Civil Oxygen, Nuclear Energy, Water Facilities (Life-Support & Utilities)

Mission: Assure continuous, safe, and tamper-proof provision of essential utilities.

Strategic Controls

1. Design & Safety:
2. Civil Oxygen / Artificial Air per Civil Oxygen & Artificial Air Utilities Act (quality specs, LOX safety, priority curtailment).
3. Nuclear: AL4 safety case, independent probabilistic risk assessment, defense-in-depth, emergency planning zones, waste & decommissioning funds.
4. Water: HACCP-Water, multi-barrier treatment, residual disinfection telemetry, pathogen & PFAS monitoring.
5. Operational: Dual-feed where feasible; black-start kits; isolation valves & sectionalising; monthly failover drills.
6. Cyber-Physical: Segmented OT networks; one-way diodes for historian export; signed changes; red-team at least semi-annual (AL3/AL4).
7. Licensing: UOPL/TDL/MGHL/CPL (oxygen/air); Nuclear Facility Licence (NFL); Water Utility Licence (WUL); DIL for metering/OT.

KPIs (samples): ≥ 99.97% uptime; incident MTTR ≤ 60 min (AL4); zero off-spec medical oxygen events; boil-water advisories resolved ≤ 24h.

3) Category B — Cybersecurity, Counterterrorism, Policing & Counterintelligence (State Protection)

Mission: Detect, deter, and defeat cyber and kinetic threats with legality, speed, and auditability.

Strategic Controls

1. Threat Ops: 24/7 Fusion Centre; national IOC feed; compulsory ISP NNCO controls (DNS/BGP policy, provenance watermarking).
2. Mandates: Critical entities adopt zero-trust, hardware-rooted identity, and continuous posture reporting; breach notification ≤ 24h.
3. Lawful Powers: Warrant templates with machine-readable reasons in CDD; chain-of-custody with hash-chained imaging.
4. Counter-intel: Insider-risk program (behavioural + technical indicators), clean-room handling of classified data, need-to-know gates.
5. Policing: Use-of-force & body-cam policy; evidence provenance; MIM-aligned public briefings.
6. Licensing: Security Operations Licence (SOL) for CT/CI/LE digital tooling; DIL for surveillance platforms; CSL as applicable.

KPIs: Mean time to detect ≤ 10 min (Tier-1); takedown median ≤ 15 min; warrant defect rate = 0; transparency reports quarterly.

4) Category C — Financial Services, Digital Banking & Financial Products (Systemic Finance)

Mission: Preserve stability, integrity, and consumer protection while enabling compliant innovation.

Strategic Controls

1. Authorisations: Banking Licence (BL), Payment Institution Licence (PIL), Digital Asset Service Licence (DASL), Market Operator Licence (MOL).
2. Prudential: Capital & liquidity floors; stress testing; recovery & resolution plans; segregation of client assets; Polar Pound (LLP) rails with travel-rule compliance.
3. Conduct: KYC/KYB, AML/CFT, market abuse surveillance, product governance & suitability tests, complaint SLAs.
4. Cyber & Ops: Dual-region active-active for core ledgers; immutable audit; incident disclosure clock.
5. Innovation Sandboxes: Time-boxed with exposure caps; mandatory consumer redress funds.

KPIs: Core uptime ≥ 99.99%; settlement finality < 5s (retail); fraud loss < threshold; complaint first-response ≤ 5 working days.

5) Category D — Aerospace Research, Airport Operations, Support Logistics & Maritime Ports (Strategic Mobility)

Mission: Guarantee safe, secure, and efficient air/sea gateways and research operations in extreme conditions.

Strategic Controls

1. Aerospace R&D: Export-control screening; clean-lab segregation; range safety; flight test corridors; debris & spectrum management.
2. Airports: AL4 perimeter; integrated A-SMGCS; red/blue team badge testing; hazardous cargo corridors; snow/ice ops SOPs; wildlife risk plans.
3. Ports: ISPS-like regime; bonded corridors; cargo X-ray & tamper-evident seals; ballast & pollution controls; ice pilots.
4. Logistics: Cold-chain validation; dangerous goods governance; satellite comms redundancy; black-start refuelling.
5. Licensing: Aerodrome Operator Licence (AOL), Air Navigation Service Licence (ANSL), Port Operator Licence (POL), Range Operator Licence (ROL), DIL for tower/port systems.

KPIs: Runway availability ≥ 98%; port berth productivity targets; security breach rate = 0 critical; incident drill quarterly.

6) Gating, Audits & Incident Classes (All Categories)

1. Gate 0–5 Lifecycle: Concept → Design → Build → Commission → Operate → Decommission; security & safety gates at each stage.
2. Audit Cadence: AL4 quarterly on-site + continuous telemetry; AL3 semi-annual; AL2 annual; AL1 biennial.
3. Incident Tiers:
4. Tier-1 (Severe): Life/safety/systemic finance or sovereignty risk → national command activation.
5. Tier-2 (Major): Material service degradation; public notice.
6. Tier-3 (Minor): Localised; internal CAPA.

7) Enforcement & Penalties

1. Administrative: CAPA orders, fines, licence suspension/revocation, publication of failures.
2. Civil/Criminal: Asset seizure for contraband systems, fraud, reckless endangerment; imprisonment bands per sector codes.
3. Officer Accountability: Blacklisting for wilful breaches; CPD falsification = immediate suspension.

8) Transparency, Appeals & Ombuds

1. Transparency: Redacted quarterly scorecards by category; outage/incident summaries.
2. Appeals: Decisions appealable within 15 working days to an independent panel; emergency actions not stayed.
3. Ombuds: Protected whistleblowing channels; retaliation ban.

9) Interfaces & Cross-Cutting Policies

1. MIM: All public comms and alerts license-gated.
2. CDD: Contracts, licences, audits, and sanctions on ledger.
3. DMZ & MPSL: Mandatory for connected plants, towers, ports, and banks.
4. BRHRS/Tax Relief: Eligible operators may access incentives where compliant (e.g., Organisational Bill of Rights thresholds).

10) Contacts

1. Category A (Utilities/Nuclear/Water): cat-a@nsf-antarctica.org
2. Category B (Cyber/CT/Policing/CI): cat-b@nsf-antarctica.org
3. Category C (Finance): cat-c@nsf-antarctica.org
4. Category D (Aerospace/Airports/Ports/Logistics): cat-d@nsf-antarctica.org
5. Compliance & Audits: compliance@nsf-antarctica.org
6. Ombuds & Appeals: ombuds@nsf-antarctica.org

The NSS-SCF establishes one secure, auditable way to design, run, and police the Antarctic strategic economy—so essential services remain safe, lawful, and resilient under a single national standard.

Version 1.0 • Effective 26 September 2025