10 November 2020

ESTABLISHING SPACE CYBERSECURITY POLICY, STANDARDS, AND RISK MANAGEMENT PRACTICES


Space Policy Directive – 5 (SPD-5) states, “the United States considers unfettered freedom to operate in space vital to advancing the security, economic prosperity, and scientific knowledge of the Nation…Therefore, it is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation’s critical infrastructure.” SPD-5 also defines “Space System” as “a combination of systems, to include ground systems, sensor networks, and one or more space vehicles, that provides a space-based service.”

Space threats are changing at an incredibly rapid pace. Cyber threats pose a significant and complex challenge due to the absence of a warning and speed of an attack by an adversary, the difficulty of attribution, and the complexities associated with carrying out a proportionate response.

Our future space systems, to include the spacecraft (and payloads), must be secured and cyber resilient. It is critical to define robust cybersecurity principles and cyber requirements for space systems. We must evolve from the traditional thinking of not engineering in security into the space segment.

Using threat-informed risk-based system engineering and applying defense-in-depth throughout space systems, particularly on the spacecraft themselves, is imperative.

No comments: