The days of the commercial space industry revolution have dawned upon us. With corporations like SpaceX and Virgin Galactic leading the charge, humanity’s grasp for the stars is getting tighter and tighter with each week that passes. But as the commercialization of space becomes a more conventional concept and nations begin to scheme for the future of such, there is an abundance of questions that have to be answered in preparation for the voyage of humanity into space – a step that will certainly capture the zeitgeist of the 2000s.
As the technology evolves, the threat of cyberattacks evolves along with it. In a domain that is primarily ruled by technology and its cyber-infrastructure, a cyberattack on any form of space system could have massive, widespread repercussions. On 4 September, President Trump issued a new set of cybersecurity protocols to defend the United States’ space systems; Space Policy Directive-5 (“SPD-5”) will foster practices within the government and commercial space operations to ensure the protection of space systems from cyberthreats.
In a statement regarding the issuance and mission of SPD-5, Scott Pace, the deputy assistant to President Trump and executive secretary of the National Space Council, said “Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure.”
The framework of SPD-5 essentially establishes cybersecurity measures that will be incorporated into all stages of space system development and operations. Although protective software is a major influence, SPD-5 stipulates other vital elements, such as the vetting of anyone who touches command lines for a spacecraft, monitoring ground-based networks for intrusion, and ensuring that telemetry links between a satellite and the ground are thoroughly encrypted. Furthermore, SPD-5 lays out the recognition of the crucial role played by the private sector in the development of space systems, directing the U.S. government agencies to work with commercial space companies to further define the best practices, establish cybersecurity informed norms, and promote improved cybersecurity behaviors throughout the nation’s industrial base for space systems.
In recent years, the long-held space dominance of the U.S. has been challenged like never before by nations like Russia and China; the implementation of SPD-5 falls parallel with this narrative. SPD-5 lays out the following cybersecurity principles for space systems:
- Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering.
- Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to protect against unauthorized access; reduce vulnerabilities of command, control, and telemetry systems; protect against communications jamming and spoofing; protect ground systems from cyberthreats; promote adoption of appropriate cybersecurity hygiene practices, and manage supply chain risks.
- Space system cybersecurity requirements and regulations should leverage widely adopted best practices and norms of behavior.
- Space system owners and operators should collaborate to promote the development of best practices and mitigation approaches.
- Space system operators should make appropriate risk trades when implementing cybersecurity requirements specific to their system.
As the name suggests, SPD-5 is the fifth space policy directive signed by President Trump. SPD-1 officially put the nation on a crewed course back to the moon, SPD-2 eased regulations on commercial spaceflight companies, SPD-3 dealt with space-traffic management and SPD-4 directed the Department of Defense to create the U.S. Space Force.
With the space race once again heating up – this time around making momentous developments faster than ever – the shift of the human race to the cosmos has become more articulate in its actuality.