Space is one of the fastest-growing markets of the global economy. The rapid expansion of the space services market and the competitive advantage gained from being a first mover, increases the potential for lax security. It takes a holistic approach to assess risks associated with the space systems enterprise and understand the impacts to all critical infrastructure and National Critical Functions (NCFs), including terrestrial infrastructure as well as on-orbit vehicles that conduct operations in the space environment.
CISA’s Role
CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.
Overview
Projections suggest the space economy will more than triple in size in the next decade with an expected value of $1.4 trillion by 2030. As more satellites and satellite systems occupy the near-Earth space domain and as terrestrial systems increasingly rely on space technology, increasing cyber, kinetic, and energy threats to space systems put national security and economies at risk. On September 4, 2020, the Space Policy Directive-5 Cybersecurity Principles for Space Systems (SPD-5), the Nation’s first comprehensive cybersecurity policy for space systems, was signed:
“Space systems enable key functions such as global communications; positioning, navigation and timing; scientific observation; exploration; weather monitoring; and multiple vital national defense applications. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy a satellite. It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation's critical infrastructure.”
Although SPD-5 remains in effect, it is unclear how many private sector entities will adopt the concepts put forth in the policy. Research indicates that some of the systems currently in orbit were designed with little or no security. However, cyber threats to space enterprise elements cross the spectrum from cyber criminals to advanced persistent threats from nation-states. Nation-states also threaten space vehicles and systems with advanced energy and kinetic weaponry.
Like any system, the space systems enterprise requires evaluation of risk at all levels of its life cycle. From manufacture to final disposition at end-of-life, commercial and government space activities continue to be regulated by multiple government organizations with the regulatory environment evolving as both the military and commercial space landscape continues to grow. The space system enterprise is striving for public-private information sharing around identified vulnerabilities, threat information, space weather, and space intelligence.
DHS Space Policy
Space-based systems play a critical role in securing the homeland security enterprise as Department of Homeland Security (DHS) components and partners rely heavily on space systems to provide information and communications necessary for mission success. The DHS Space Policy (signed April 14, 2022), guides component efforts internally and across the homeland security enterprise.
DHS will assume a leading role in three primary areas: promotion of cybersecurity of space systems, homeland security mission assurance planning and execution, and contingency planning to respond to and recover from potential impacts to the homeland resulting from a denied or degraded space environment.
Engaging with Partners and Stakeholders
Over four dozen Federal agencies and organizations participate in one or more aspects of space operations or activities, but not all collaborate or coordinate. The list of information sharing organizations includes, but is not limited to:
|
Organization or Group |
Purpose |
|
Critical Infrastructure Partnership Advisory Council Space Systems Enterprise Critical Infrastructure Working Group (SSCIWG) |
The Working Group consists of both government and industry members whose primary goal is developing sound strategies and well-informed risk management processes for space systems and for critical infrastructure operators who rely on space systems. The Working Group operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, and serves as the primary mechanism for DHS to collaborate and coordinate on strategies and policies to increase or enhance space system security and resiliency to the wide array of threats faced daily. |
|
Space Weather Prediction Center (SWPC) |
A laboratory and service center of the U.S. National Weather Service (NWS), part of the National Oceanic and Atmospheric Administration (NOAA). SWPC continually monitors and forecasts Earth's space environment, providing solar-terrestrial information. SWPC is the official source of space weather alerts and warnings for the United States. |
|
Space Information Sharing and Analysis Center (ISAC)
|
The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the space sector with respect to this information. |
|
National Defense Information Sharing and Analysis Center (ISAC)
|
The ISAC for the Defense Industrial Base, offering defense sector companies, their suppliers, and related interests a community and forum for sharing cyber and physical security threat indicators, best practices and mitigation strategies. The National Defense ISAC serves as the national defense sector’s principal focal point for all hazards to the sector. |
Resources
The following resources are some of CISA's tools and products that focus heavily on the security and resilience of Positioning, Navigation, and Timing (PNT) technologies and satellites. Space defense activities within CISA and outside the PNT realm is a nascent initiative.
National Space Policy
EXTERNAL
Sets out the nation’s commitment to leading in the responsible and constructive use of space, promoting a robust commercial space industry, and defending U.S. and allied interests in space.
Space Policy Directive 5
SEP 04, 2020
| EXTERNAL
SPD-5 establishes key cybersecurity principles to guide and serve as the foundation for America’s approach to the cyber protection of space systems.
Space Policy Directive 7
JAN 15, 2021
| EXERCISE
SPD-7 establishes implementation actions and guidance for U.S. space-based positioning, navigation, and timing (PNT) programs and activities for U.S. national and homeland security, civil, commercial, and scientific purposes.
Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations
JAN 06, 2015
| EXTERNAL
This paper is intended as a best practices guide used by those responsible for installing and maintaining time and frequency sources (TFS) in fixed infrastructure locations for Time & Frequency (T&F) operations.
GPS Receiver Allow List Development Guide
NOV 09, 2022
| EXTERNAL
The GPS Allow List Development Guide presents a software assurance approach as a means of addressing potential vulnerabilities and increasing reliability of Global Positioning System (GPS) receivers.
Time Guidance for Network Operators CIOs CISOs
DEC 17, 2020
| PUBLICATION
Resilient PNT Conformance Framework (Version 2.0)
MAY 31, 2022
| EXTERNAL
Provides guidance for defining expected behaviors in resilient PNT equipment, with the goal of facilitating development and adoption of those behaviors through a common framework that enables improved risk management, appropriate mitigations, and decision making by end users.
PNT Integrity Library
EXTERNAL
This library provides users a method to verify the integrity of Global Navigation Satellite System (GNSS)-based PNT sources. It provides a scalable framework for GNSS-based PNT manipulation detection that offers varying levels of protection based on the available data.