In early September, the White House issued a memo outlining the critical need to address the cybersecurity of U.S. space assets, a move aimed at safeguarding the systems that facilitate essential global communications and operations. Since then, agencies across the federal government have launched their own efforts to align with the White House strategy and integrate space cybersecurity into existing and emerging frameworks and systems.
The push for cybersecurity in space coincides with the one-year anniversary of U.S. Space Command’s resurrection — and illustrates how the term “space race” is taking on new magnitude. It’s evident in the establishment of U.S. Space Force as the sixth branch of the armed forces; in the buildout of U.S. space leadership, capabilities and functional structure; and in the partnership between government and industry that is accelerating the development and deployment of space capabilities.
Nonetheless, as the United States — including our military, civilian agencies and commercial industry — expands its presence and operations in space, it’s crucial that all stakeholders work collaboratively to assure cybersecurity in this rapid evolution. Just as cybersecurity has become an integrated element of terrestrial goods and services, the same level of resiliency and safeguards must apply in space. This is perhaps especially true for the systems enabling satellite communications.
“Space is becoming congested and contested, and that contested aspect means that we’ve got to focus on cybersecurity in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out,” Lt. Gen. John Thompson, commander of Space Force’s Space and Missile Systems Center, said in October at the California Polytechnic State University’s Space and Cybersecurity Symposium. “It’s a journey, not a destination: That’s cybersecurity. And it’s a constant battle rhythm throughout a weapons system’s life cycle, not just a single event.”
While integrating cybersecurity into space-based systems — from those already in operation to those yet to be built — will be an ongoing exercise, the White House memo outlines key principles to guide the process. For example, the memo recommends that space systems operators should develop or integrate capabilities to protect against unauthorized access; reduce vulnerabilities of command, control and telemetry systems; protect against communications jamming and spoofing; protect ground systems from cyberthreats; promote adoption of appropriate cybersecurity hygiene practices; and manage supply chain risks.
Many of those capabilities will rely on access to fortified, low-latency, high-bandwidth satellite communications. The ability to rapidly disseminate secure data is a boon for SATCOM-based situational awareness and operational precision — and will only become more so amid growing competition. The emerging, next-generation SATCOM technologies of today and tomorrow will catalyze fast-paced interoperability, fortified resilience and seamless connectivity as traditional infrastructures and barriers become obsolete.
At the Department of Defense, early steps toward implementation are underway. Top officials are looking to established strategies to help inform and fast-track their approaches, such as the evolving National Cyber Strategy and the recently finalized zero-trust framework from the National Institute of Standards and Technology.
For the Space Force, its cybersecurity doctrine will likely be underpinned by the formalized Enterprise SATCOM Vision released in February, which emphasizes adaptable, interoperable SATCOM.
“Despite the global, instantaneous reach of our satellite communications systems, which includes both military and commercial capabilities, the current loose federation of SATCOM systems needs to improve in resiliency, robustness, flexibility and manageability,” Maj. Gen. Bill Liquori, now Space Force deputy chief of space operations for strategy, plans, programs, requirements and analysis, said in a statement in February.
As DoD leaders plan the tactical deployment of military cybersecurity in space, most are focusing on Combined Joint All-Domain Command and Control, or CJADC2. The concept links operations across the war-fighting domains — and will rely heavily on resilient, next-gen SATCOM to meet the high expectations around CJADC2′s adoption and execution.
Those expectations perhaps reflect a broader, growing recognition of the criticality of cybersecurity in space, as evidenced by a flurry of discussion and policymaking at the White House, the Department of Homeland Security, NASA and other agencies. At the DoD, it’s a well-known fact, as it is in the industry supporting the evolution of SATCOM and space-based cybersecurity.
With space being the newest war-fighting domain, there remain many unknowns. Because of that and a host of other reasons, it’s arguably more challenging to implement cybersecurity in space than in other well-established domains. Delivering on the promise of CJADC2 will require a paradigm shift that harnesses information sharing in space to advance integrated operations, mission assurance and precise decision-making.
Much of that shift hinges on resilient networks and infrastructure that are as interoperable as they are flexible and secure. Space engagements today and in the future must be underpinned by high-powered computing and communications capabilities that serve as force multipliers. By providing space operators with cutting-edge technologies incubated in an ecosystem of innovation, industry can help the U.S. extend its competitive advantage well into the sixth domain — including by helping to ensure its cybersecurity.
Pete Dowdy is the chief information security officer at Envistacom, where he oversees information security as well as compliance and risk management related to IT and cybersecurity. He retired from the U.S. Navy as a chief warrant officer.