Space Systems Initiative
Space is one of the fastest-growing markets of the global economy. The rapid expansion of the space services market and the competitive advantage gained from being a first mover, increases the potential for lax security. It takes a holistic approach to assess risks associated with the space systems enterprise and understand the impacts to all critical infrastructure and National Critical Functions (NCFs), including terrestrial infrastructure as well as on-orbit vehicles that conduct operations in the space environment.
CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.
Projections suggest the space economy will more than triple in size in the next decade with an expected value of $1.4 trillion by 2030. As more satellites and satellite systems occupy the near-Earth space domain and as terrestrial systems increasingly rely on space technology, increasing cyber, kinetic, and energy threats to space systems put national security and economies at risk. On September 4, 2020, the Space Policy Directive-5 Cybersecurity Principles for Space Systems (SPD-5), the Nation’s first comprehensive cybersecurity policy for space systems, was signed:
“Space systems enable key functions such as global communications; positioning, navigation and timing; scientific observation; exploration; weather monitoring; and multiple vital national defense applications. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy a satellite. It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation's critical infrastructure.”
Although SPD-5 remains in effect, it is unclear how many private sector entities will adopt the concepts put forth in the policy. Research indicates that some of the systems currently in orbit were designed with little or no security. However, cyber threats to space enterprise elements cross the spectrum from cyber criminals to advanced persistent threats from nation-states. Nation-states also threaten space vehicles and systems with advanced energy and kinetic weaponry.
Like any system, the space systems enterprise requires evaluation of risk at all levels of its life cycle. From manufacture to final disposition at end-of-life, commercial and government space activities continue to be regulated by multiple government organizations with the regulatory environment evolving as both the military and commercial space landscape continues to grow. The space system enterprise is striving for public-private information sharing around identified vulnerabilities, threat information, space weather, and space intelligence.
DHS Space Policy
Space-based systems play a critical role in securing the homeland security enterprise as Department of Homeland Security (DHS) components and partners rely heavily on space systems to provide information and communications necessary for mission success. The DHS Space Policy (signed April 14, 2022), guides component efforts internally and across the homeland security enterprise.
DHS will assume a leading role in three primary areas: promotion of cybersecurity of space systems, homeland security mission assurance planning and execution, and contingency planning to respond to and recover from potential impacts to the homeland resulting from a denied or degraded space environment.
Engaging with Partners and Stakeholders
Over four dozen Federal agencies and organizations participate in one or more aspects of space operations or activities, but not all collaborate or coordinate. The list of information sharing organizations includes, but is not limited to:
Organization or Group
Critical Infrastructure Partnership Advisory Council Space Systems Enterprise Critical Infrastructure Working Group (SSCIWG)
The Working Group consists of both government and industry members whose primary goal is developing sound strategies and well-informed risk management processes for space systems and for critical infrastructure operators who rely on space systems. The Working Group operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, and serves as the primary mechanism for DHS to collaborate and coordinate on strategies and policies to increase or enhance space system security and resiliency to the wide array of threats faced daily.
Space Weather Prediction Center (SWPC)
A laboratory and service center of the U.S. National Weather Service (NWS), part of the National Oceanic and Atmospheric Administration (NOAA). SWPC continually monitors and forecasts Earth's space environment, providing solar-terrestrial information. SWPC is the official source of space weather alerts and warnings for the United States.
Space Information Sharing and Analysis Center (ISAC)
The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the space sector with respect to this information.
National Defense Information Sharing and Analysis Center (ISAC)
The ISAC for the Defense Industrial Base, offering defense sector companies, their suppliers, and related interests a community and forum for sharing cyber and physical security threat indicators, best practices and mitigation strategies. The National Defense ISAC serves as the national defense sector’s principal focal point for all hazards to the sector.
The following resources are some of CISA's tools and products that focus heavily on the security and resilience of Positioning, Navigation, and Timing (PNT) technologies and satellites. Space defense activities within CISA and outside the PNT realm is a nascent initiative.