Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutives
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
    Contact Us
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. Topics
  3. Risk Management
Share:

Space Systems Initiative

Risk Management

  • 5G Security and Resilience
  • Connected Communities
  • Electromagnetic Pulse and Geomagnetic Disturbance
  • Federal Facility Security
  • National Critical Functions
  • Pipeline Cybersecurity
  • Positioning, Navigation, and Timing
  • Secure Tomorrow Series
  • Space Systems
  • Coronavirus

Space is one of the fastest-growing markets of the global economy. The rapid expansion of the space services market and the competitive advantage gained from being a first mover, increases the potential for lax security. It takes a holistic approach to assess risks associated with the space systems enterprise and understand the impacts to all critical infrastructure and National Critical Functions (NCFs), including terrestrial infrastructure as well as on-orbit vehicles that conduct operations in the space environment.

CISA’s Role

CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.

Overview

Projections suggest the space economy will more than triple in size in the next decade with an expected value of $1.4 trillion by 2030. As more satellites and satellite systems occupy the near-Earth space domain and as terrestrial systems increasingly rely on space technology, increasing cyber, kinetic, and energy threats to space systems put national security and economies at risk. On September 4, 2020, the Space Policy Directive-5 Cybersecurity Principles for Space Systems (SPD-5), the Nation’s first comprehensive cybersecurity policy for space systems, was signed:

“Space systems enable key functions such as global communications; positioning, navigation and timing; scientific observation; exploration; weather monitoring; and multiple vital national defense applications. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy a satellite. It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation's critical infrastructure.” 

Although SPD-5 remains in effect, it is unclear how many private sector entities will adopt the concepts put forth in the policy. Research indicates that some of the systems currently in orbit were designed with little or no security. However, cyber threats to space enterprise elements cross the spectrum from cyber criminals to advanced persistent threats from nation-states. Nation-states also threaten space vehicles and systems with advanced energy and kinetic weaponry.

Like any system, the space systems enterprise requires evaluation of risk at all levels of its life cycle. From manufacture to final disposition at end-of-life, commercial and government space activities continue to be regulated by multiple government organizations with the regulatory environment evolving as both the military and commercial space landscape continues to grow. The space system enterprise is striving for public-private information sharing around identified vulnerabilities, threat information, space weather, and space intelligence.

DHS Space Policy

Space-based systems play a critical role in securing the homeland security enterprise as Department of Homeland Security (DHS) components and partners rely heavily on space systems to provide information and communications necessary for mission success. The DHS Space Policy (signed April 14, 2022), guides component efforts internally and across the homeland security enterprise.

DHS will assume a leading role in three primary areas: promotion of cybersecurity of space systems, homeland security mission assurance planning and execution, and contingency planning to respond to and recover from potential impacts to the homeland resulting from a denied or degraded space environment.

Engaging with Partners and Stakeholders 

Over four dozen Federal agencies and organizations participate in one or more aspects of space operations or activities, but not all collaborate or coordinate. The list of information sharing organizations includes, but is not limited to:

Organization or Group

Purpose

 

Critical Infrastructure Partnership Advisory Council Space Systems Enterprise Critical Infrastructure Working Group (SSCIWG)

The Working Group consists of both government and industry members whose primary goal is developing sound strategies and well-informed risk management processes for space systems and for critical infrastructure operators who rely on space systems. The Working Group operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, and serves as the primary mechanism for DHS to collaborate and coordinate on strategies and policies to increase or enhance space system security and resiliency to the wide array of threats faced daily.

 

Space Weather Prediction Center (SWPC)

A laboratory and service center of the U.S. National Weather Service (NWS), part of the National Oceanic and Atmospheric Administration (NOAA). SWPC continually monitors and forecasts Earth's space environment, providing solar-terrestrial information. SWPC is the official source of space weather alerts and warnings for the United States.

 

Space Information Sharing and Analysis Center (ISAC)

 

The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the space sector with respect to this information.

 

National Defense Information Sharing and Analysis Center (ISAC)

 

The ISAC for the Defense Industrial Base, offering defense sector companies, their suppliers, and related interests a community and forum for sharing cyber and physical security threat indicators, best practices and mitigation strategies. The National Defense ISAC serves as the national defense sector’s principal focal point for all hazards to the sector.

Resources

The following resources are some of CISA's tools and products that focus heavily on the security and resilience of Positioning, Navigation, and Timing (PNT) technologies and satellites. Space defense activities within CISA and outside the PNT realm is a nascent initiative.

View all resources

National Space Policy

EXTERNAL
Sets out the nation’s commitment to leading in the responsible and constructive use of space, promoting a robust commercial space industry, and defending U.S. and allied interests in space.
National Space Policy

Space Policy Directive 5

SEP 04, 2020 | EXTERNAL
SPD-5 establishes key cybersecurity principles to guide and serve as the foundation for America’s approach to the cyber protection of space systems.
Space Policy Directive 5

Space Policy Directive 7

JAN 15, 2021 | EXERCISE
SPD-7 establishes implementation actions and guidance for U.S. space-based positioning, navigation, and timing (PNT) programs and activities for U.S. national and homeland security, civil, commercial, and scientific purposes.
Space Policy Directive 7

Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations

JAN 06, 2015 | EXTERNAL
This paper is intended as a best practices guide used by those responsible for installing and maintaining time and frequency sources (TFS) in fixed infrastructure locations for Time & Frequency (T&F) operations.
Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations

GPS Receiver Allow List Development Guide

NOV 09, 2022 | EXTERNAL
The GPS Allow List Development Guide presents a software assurance approach as a means of addressing potential vulnerabilities and increasing reliability of Global Positioning System (GPS) receivers.
GPS Receiver Allow List Development Guide

Time Guidance for Network Operators CIOs CISOs

DEC 17, 2020 | PUBLICATION
Download File (PDF, 1.74 MB)

Resilient PNT Conformance Framework (Version 2.0)

MAY 31, 2022 | EXTERNAL
Provides guidance for defining expected behaviors in resilient PNT equipment, with the goal of facilitating development and adoption of those behaviors through a common framework that enables improved risk management, appropriate mitigations, and decision making by end users.
Resilient PNT Conformance Framework (Version 2.0)

PNT Integrity Library

EXTERNAL
This library provides users a method to verify the integrity of Global Navigation Satellite System (GNSS)-based PNT sources. It provides a scalable framework for GNSS-based PNT manipulation detection that offers varying levels of protection based on the available data.
PNT Integrity Library
View all resources

Related News

May 13, 2021
Press Release

CISA Launches a Space Systems Critical Infrastructure Working Group

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback