US issues cybersecurity space policy

The US government has announced what it says is the first comprehensive cybersecurity policy for systems used in outer space and near space. Space Policy Directive-5 (SPD-5) clarifies the role of the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) in enhancing the nation’s cyber defences in space, notably on key systems used for global communications, navigation, weather monitoring and other critical services.

Acting Homeland Security Secretary Chad F Wolf noted that SPD-5 protects American interests on the final frontier. “The security of the homeland depends upon the security of our space systems, interests and freedom of action in space. The policy unveiled today is a critical step in establishing a baseline standard for cybersecurity as America leads in space and cyberspace alike,” Wolf said.

Legacy space systems, networks and channels may be vulnerable to malicious cyber activities that can deny, degrade or disrupt space-systems operations or destroy a satellite, potentially affecting critical infrastructure sectors. Making secure and resilient space systems is crucial to maximise their potential and support the American economy and homeland security enterprise.

SPD-5 establishes five key cybersecurity principles of space systems. It states that space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering. Additionally, space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to ensure operators or automated control centre systems can retain or recover positive control of space vehicles, and verify the integrity, confidentiality and availability of critical functions and the missions, services and data they provide.

Per SPD-5, space system cybersecurity requirements and regulations should leverage widely adopted best practices and norms of behaviour. Space system owners and operators should also collaborate to promote the development of best practices and mitigations, as permitted by law and regulation. It also states that space systems security requires should be designed to be effective while allowing space operators to manage appropriate risk tolerances and reduce undue burden to civil, commercial and other non-government space system operators.

“The Department of Homeland Security looks forward to continue to work with its partner agencies to implement these principles to help protect the American people,” Wolf said.

Image credit: ©stock.adobe.com/au/Paopano