US Issues Cybersecurity Principles for Space Systems

US Issues Cybersecurity Principles for Space Systems

The White House has issued a new set of cybersecurity principles designed to protect its commercial and critical infrastructure investments in space.


The Space Policy Directive-5 details a list of recommended best practices for securing the information systems, networks and “radio-frequency-dependent wireless communication channels” that together power US space systems.


“These systems, networks and channels can be vulnerable to malicious activities that can deny, degrade or disrupt space operations, or even destroy satellites,” the document stated.


“Examples of malicious cyber-activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks.”


It added that such attacks could result in the loss of mission data, damage to space systems and loss of control over space vehicles such as satellites, space stations and launch vehicles, which could lead to collisions that generate dangerous orbital debris.


Amongst the recommended best practice principles was the use of “risk-based, cybersecurity-informed engineering” to develop and operate space systems, with continuous monitoring for malicious activity and of system configurations.


Other elements that will help ensure a good baseline of cybersecurity were: protection against unauthorized access to space vehicle functions, physical protection of command, control, and telemetry receiver systems, measures to counter communications jamming and spoofing, management of supply chain risks and improved collaboration between space system owners.


IT and OT systems on the ground should follow NIST best practices including logical/physical segregation, regular patching, physical security, restrictions on the use of portable media, AV software and staff awareness and training including insider threat mitigation.


In July, the issues cybersecurity principles space systems