The Trump Administration announced the first comprehensive cybersecurity policy for systems used in outer space and near space today. Space Policy Directive- 5 (SPD-5) makes clear the lead role the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have in in enhancing the nation’s cyber defenses in space, notably on key systems used for global communications, navigation, weather monitoring, and other critical services.
“From establishing CISA in 2018 to today’s directive to protect American interests on the final frontier, President Trump is empowering the Department of Homeland Security to defend the nation against ever-evolving cyber threats,” said Acting Homeland Security Secretary Chad F. Wolf. “The security of the homeland depends upon the security of our space systems, interests, and freedom of action in space. The policy unveiled today is a critical step in establishing a baseline standard for cybersecurity as America leads in space and cyberspace alike.”
Legacy space systems, networks, and channels may be vulnerable to malicious cyber activities that can deny, degrade, or disrupt space-systems operations or even destroy a satellite with potential cascading effects into critical infrastructure sectors. Building security and resilience into space systems is essential to maximizing their potential and supporting the American people, economy, and homeland security enterprise.
SPD-5 establishes the following key cybersecurity principles of space systems:
- Space systems and their supporting infrastructure including software, should be developed and operated using risk-based, cybersecurity-informed engineering;
- Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to ensure operators or automated control center systems can retain or recover positive control of space vehicles, and verify the integrity, confidentiality, and availability of critical functions and the missions, services, and data they provide;
- Space system cybersecurity requirements and regulations should leverage widely-adopted best practices and norms of behavior;
- Space system owners and operators should collaborate to promote the development of best practices and mitigations to the extent permitted by law and regulation; and,
- Space systems security requirements should be designed to be effective while allowing space operators to manage appropriate risk tolerances and minimize undue burden to civil, commercial, and other non-government space system operators.
“The Department of Homeland Security looks forward to continue to work with its partner agencies to implement these principles to help protect the American people,” Acting Secretary Wolf concluded.
For more information regarding the provisions, please visit: https://www.whitehouse.gov/wp-content/uploads/2020/09/2020SPD5.mem_.pdf