WASHINGTON — The National Space Council issued new cybersecurity principles to help defend America’s space systems Sept. 4. According to the White House, Space Policy Directive-5, or SPD-5, will foster practices within the government and commercial space operations to protect space systems from cyberthreats.
“From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life. President [Donald] Trump’s directive ensures the U.S. Government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats,” Deputy Assistant to the President and Executive Secretary of the National Space Council Scott Pac said in a statement.
“Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure.”
As a continuation of the National Security Strategy and National Cyber Strategy, the policy is intended to ensure freedom of action in space and maintain American leadership in the domain, the Trump administration said.
“Cyber security does not stop at America’s terrestrial borders,” added national security advisor Robert O’Brien. “The Administration is committed to protecting the American people from all cyber related threats to critical infrastructure, public health and safety, and our economic and national security — including American space systems and capabilities.”
SPD-5 lays out the following cybersecurity principles for space systems:
- Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering.
- Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to protect against unauthorized access; reduce vulnerabilities of command, control and telemetry systems; protect against communications jamming and spoofing; protect ground systems from cyberthreats; promote adoption of appropriate cybersecurity hygiene practices; and manage supply chain risks.
- Space system cybersecurity requirements and regulations should leverage widely adopted best practices and norms of behavior.
- Space system owners and operators should collaborate to promote the development of best practices and mitigation approaches.
- Space system operators should make appropriate risk trades when implementing cybersecurity requirements specific to their system.
Nathan Strout covers space, unmanned and intelligence systems for C4ISRNET.