The space industry now has its own information sharing and analysis center. But what does an ISAC actually do, and why does the United States need one dedicated to space?
There are about two dozen ISACs within the United States. These nonprofit organizations essentially act as an industry go-between, sharing knowledge about cybersecurity and other threats.
“ISACs are member-driven organizations that gather, analyze and disseminate cyberthreat information among themselves and with the government,” explained Jaisha Wray, cybersecurity director of the National Security Council, Nov. 7 at the CyberSat19 conference. “Because these ISACs are sector-focused and member-driven, they can select the specific cyberthreat information and perform analysis on what is particularly relevant to the industry in which the members operate.”
But until this year there was no ISAC dedicated to space.
“ISACs represent what is known as critical infrastructure to the country, and space was not recognized as critical infrastructure,” said Frank Backes, a senior vice president at Kratos. “We know space is critical infrastructure, but it wasn’t recognized formally by [the Department of Homeland Security] as critical infrastructure.”
However, that all changed 18 months ago. Following conversations between Kratos, the Trump administration and the Science and Technology Partnership Forum, a Space ISAC was formed, first announced in April. And Nov. 7, after months of workshops and the addition of new members, the new group held its first board meeting.
Just an hour before that first board meeting at CyberSat19, Backes and other members of the board sat down to explain what makes the new organization unique.
Part of what makes the Space ISAC unique, explained Backes, is the variety of companies and types of services within the space industry, all of whom he wants participating in the new organization.
“There are launch providers, and we want launch providers to be part of the organization. There are space vehicle manufacturing companies that we want to be members in the ISAC. There are space communications companies that we want to (be members),” said Backes.
The Space ISAC even has board members that aren’t involved with manufacturing space vehicles or operating large constellations of satellites.
“We don’t do satellites. We’re not going to build Mars rovers. But what we do deal with data and information,” said Chris Bogdan, who leads Booz Allen Hamilton’s aerospace business and represents the company on the Space ISACs board. “We think this is a great opportunity for us to be able to bring some of that expertise in — in how you protect data and how you move data around and the threats that go along with that — to the ISAC, and both educate folks and ourselves get educated on what the art and the science of space is, especially in the commercial industry today. So it’s kind of a win-win for Booz Allen.”
Another unique aspect to the space industry is the role commercial companies play in providing space-based services, especially satellite communications. The Space ISAC will ensure that these commercial companies get the cybersecurity information they need to protect their systems and national security space as a whole.
“The difference we see in this Space ISAC from [the Defense ISAC] is we’re bringing in the commercial companies,” said Clark VanBuskirk, vice president for advanced program development for Lockheed Martin Space, who joined the board Nov. 7. “Especially with the volume of those commercial companies being at times smaller, they are not going to have the resources that Lockheed may have to put in place, like our information defense framework that we have in place to cover our own network. So this way, we can help keep ourselves tied together for those activities.”
“I’m hearing an awful lot of DoD saying, ‘We want to leverage the commercial space industry for a lot of what we do, whether it’s to back up the capabilities that we have to actually using their satellites as an onboarding place for some of the stuff we want to do,'” said Bogdan. “If commercial space is going to play some role in the military and intel side of space, well, then it’s probably good for the commercial space side to understand the vulnerabilities that DoD is already seeing in our space architectures.”
Additionally, national security space is an international industry. The supply chain for any space vehicle or payload likely spans multiple continents, and appropriate cybersecurity needs to follow that supply chain. Additionally, there are international companies that play a large role in national security space.
“We’re definitely incorporating both commercial and international companies into the organization,” added Backes, pointing out that one international company, SES, had already joined the board. “SES is an important player, but we’re also reaching out and talking to OneWeb and other players as well, and now that we’re having our first board meeting today, literally, our goal is then to discuss how we’re going to open membership up to the rest of the space community.”
Moving forward, the Space ISAC will serve as the primary communications channel for space threats and best cybersecurity practices for industry.