RESTON, Va.— The White House’s Office of the National Cyber Director (ONCD) is taking a particular look at cybersecurity for space systems, and seeking industry collaboration to inform policy in this area, Nicholas Leiserson, assistant national cyber director for Cyber Policy and Programs for ONCD, said here in a keynote address on Monday at CyberSatGov.
ONCD’s job is to advise President Biden on cybersecurity policy development and implementation, and the office led the development of the National Cybersecurity Strategy
, which Biden issued in March.
The office is pushing a number of broad strategic shifts that apply to space cybersecurity, Leiserson said. The first is rebalancing responsibility for cybersecurity from the less capable actors closer to operations, to the government and technology providers taking on more responsibility for cybersecurity.
Another strategic shift is incentivizing investments in long-term cybersecurity. Leiserson said. Today, the government is carrying a lot of technical debt, and critical infrastructure providers are carrying a lot of debt as the result of short-term decision-making on cybersecurity. “We’re all tearing our hair out at the operational level trying to secure it,” Leiserson said of dealing with the technical debt.
For years, the government’s cybersecurity posture has been focused on countering adversaries. ONCD’s goal is to put forward an affirmative vision of cybersecurity, putting the United States policy in the driver’s seat.
“We want to live in a connected future,” Leiserson said. “We want to live in a connected future for clean energy, for healthcare. We want to live there for the amazing things that the space economy is going to bring to us here on Earth. But the only way to get there is by achieving some of the fundamental shifts that are laid out in the strategy.”
ONCD is spending a great deal of time looking at the space industry from a cybersecurity perspective, Leiserson said. According to the Center for Strategic and International Studies (CSIS) 2023 Space Threat Assessment, cyber attacks remain the most frequently deployed counter space weapon by our strategic adversaries.
The office is focused on collaboration with industry to drive policy to make the government a better partner. To that end, the office held an executive forum in March, and then six technical workshops over the following months that drew in 300 participants from 125 companies.
What he found in the technical workshops is there is a highly fragmented landscape of cybersecurity requirements for commercial and government contracting for space systems.
“When we asked different components of the interagency what they were using, we got a laundry list. Sometimes there was overlap, sometimes there wasn’t,” he said. “In industry, it was very much the same, whether it was providing systems to government contractors or on the commercial side.”
Top of mind at ONCD is doing a better job of working with industry to harmonize these different sets of requirements right across the three phases of quality, feature choice, and operations.
Another theme he found is that there’s a disconnect from space cybersecurity experts between the cyber and space parts of their mission. Operators can see cybersecurity as a drag, and something that slows missions down or takes up precious power and bandwidth.
“We need to do a better job as a community to make it clear to everyone that cybersecurity is mission essential,” he said. “When you have confidence in your cybersecurity, you can do things that you wouldn’t otherwise be able to do. That is as much of a cultural thing as a policy thing, but we have to keep that in mind as we build out further space systems national cybersecurity [strategy].”
Also, there is a lack of expertise at the intersection of aerospace and computer engineering and cybersecurity. Cyber experts for space systems are like “unicorns,” Leiserson said.
“This isn’t completely novel to the space system sector,” he said. “But when you look at the trajectory that this part of the economy is on, and there’s already a delta in terms of the expertise we need and the people that we’ve had or trained for this — that’s, that’s quite terrifying. In other areas of operational technology you have deficits but you don’t necessarily see the same growth.”
ONCD is looking at translating the findings from its listening sessions to impact the cybersecurity of space systems on a national scale. The full findings are not publicly available but are available on an inter-agency basis.
“We say that we’re about collaboration, but more importantly, we show that we’re about collaboration,” Leiserson said. “We go out to talk to folks, [hear] their views, and now we’re going to use that to drive policymaking to make the government a better partner.”
This article was first published by Via Satellite