U.S. Unveils Cybersecurity Policies for Space Systems

A presidential memorandum made public on Friday by the White House details the cybersecurity principles that should govern space systems.

Space systems, the memorandum points out, are essential to global communications, explorations, navigation, positioning, timing, weather monitoring, national security, and other applications, and should be kept safe from cyberattacks.

These systems rely on information systems and networks for flight operations, data transmission, and more, which makes them susceptible to malicious activities varying from manipulating sensors to sending unauthorized commands, and injecting malicious code to cause data loss, loss of space vehicle control, or shortened system lifespan.

According to the memorandum (SPD-5), space systems should be governed by the same cybersecurity principles and practices that apply to terrestrial systems, although some of these principles are of particular importance to space systems, such as the ability to remotely receive updates and incident response, which should be integrated into space vehicles before launch.

“For this reason, integrating cybersecurity into all phases of development and ensuring full life-cycle cybersecurity are critical for space systems. Effective cybersecurity practices arise out of cultures of prevention, active defense, risk management, and sharing best practices,” the memorandum reads.

Principles detailed in the memorandum demand that space systems are designed in anticipation of cyberattacks, that positive control of a vehicle can be regained when necessary, that critical space vehicle functions are protected against unauthorized access and against jamming and spoofing, and that physical protections reduce vulnerabilities of specific space vehicle systems.

Ground systems, information processing systems, and operational technology should be protected as well, through cybersecurity best practices and hygiene practices, as well as physical security for automated information systems. Keeping a close eye on the supply chain should also diminish risks impacting the cybersecurity of space systems.

“Implementation of these principles, through rules, regulations, and guidance, should enhance space system cybersecurity, including through the consideration and adoption, where appropriate, of cybersecurity best practices and norms of behavior,” the memorandum reads.

Furthermore, the document encourages collaboration between space system owners and operators for promoting the development of best practices. It also states that threat, warning, and incident data should be shared within the space industry.

Related: How the Secure Development Lifecycle Can Help Protect IIoT Deployments

Related: The Fundamentals of Developing Effective DevSecOps

Related: Connected Cars Moving Targets for Hackers