What the U.S. Cybersecurity Strategy for Space Systems Means for the SatCom Industry

The U.S. government advanced two important cybersecurity policy documents this month, both concerning space system environments. The first is the publication of the National Cybersecurity Strategy, which is applicable U.S.-wide, across sectors including both public and private. It highlights the current administration’s commitment “to enhancing the security and resilience of U.S. space systems, including by implementing Space Policy Directive 5, ‘Cybersecurity Principles for Space Systems’.” The Space Policy Directive 5 was published under the previous administration, and directed government agencies and space system owners to develop and implement cybersecurity plans together. However, little progress has been achieved since.

The second piece of policy to come out of the White House this month was a result of the Space Systems Cybersecurity Executive Forum, hosted by the Office of the National Cyber Director and the National Space Council. Three main commitments were made, one of which was to advance the Space Policy Directive 5 through a series of regional workshops to determine how best to move forward in its implementation. The second commitment was to hold a Space Cybersecurity Symposium for public and private stakeholders, and the final commitment was to direct the National Institute of Standards and Technology (NIST) to finalize its report on how to apply the NIST Cybersecurity Framework to commercial space activities.

The policies target all space system stakeholders, from the Satellite Communication (SatCom) industry, to launch, imagery, cloud and data providers, cross-functional defense systems and services, as well as venture capital elements of the industry. The impact will be immediate and will drive spending in cybersecurity across the board. The SatCom industry is likely to be the most affected, as other sectors, such as cloud, data and defense, are  already well ahead in cybersecurity deployment and investments. In contrast, SatCom has operated in relative isolation from other communication segments, operating on the basis of security-through-obscurity (dominated by proprietary technology), rather than through any thorough and comprehensive adoption of end-to-end security. However, with the rapid expansion of the Low Earth Orbit (LEO)-based satellite market, and the eventual integration into the 5G ecosystem, SatCom is gradually being pulled into the global communication ecosystem, whether it wants it or not.

Competing market forces alone won’t drive an industry to adopt cybersecurity if it thinks it can still survive without it. But policy is a different beast, and coupled with standards development and eventual regulation, can push an industry to effect the changes demanded. And it is clear that cybersecurity is a prerogative; obscurity has never been a solid foundation for cybersecurity, and this position becomes ever less tenable as 5G progresses to encompass even SatCom. In due course, the network of networks ideology posited by 6G will bring an end to that, and SatCom will have to adapt regardless.

All successful implementations start with a plan, and require communication and cooperation. The NIST Cybersecurity Framework is the key foundational document that will not only provide the best baseline for the SatCom industry, but will also align the sector with how other sectors are deploying cybersecurity. Participating in the regional workshops and in the eventual symposium will be key for ensuring the rest of the industry understands the potential obstacles and challenges that will face the SatCom industry, as well as providing the forum from which to find collaborative and supporting partners.