Two senators on Wednesday introduced legislation that would require the Cybersecurity and Infrastructure Security Agency (CISA) to provide cybersecurity resources to commercial satellite owners and operators. Sens. Gary Peters (D-Mich.), chairman of the Homeland Security and Governmental Affairs Committee, and John Cornyn (R-Texas) introduced the legislation, called the Satellite Cybersecurity Act.
According to Peters and Cornyn, the legislation will require CISA to develop voluntary satellite cybersecurity recommendations to help companies secure their systems. CISA would also be required to develop a public online resource with satellite-specific cybersecurity resources for companies.
“Hackers have already successfully attacked government satellites and it’s only a matter of time before they begin to more aggressively target commercial satellites. Vulnerabilities in these systems present an opportunity for foreign adversaries and cybercriminals to significantly disrupt American lives and livelihoods,” said Peters. “It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late.”
The legislation will also require the Government Accountability Office (GAO) to perform a study on how the federal government supports commercial satellite industry cybersecurity. This study is aimed at better understanding “how network vulnerabilities in commercial satellites could impact critical infrastructure,” the senators said in a release.
CISA is the federal lead for cybersecurity, and coordinates security services for critical infrastructure sectors. There are 16 industries designated as critical infrastructure to the United States, including financial services and energy. Space is not one of these sectors, but commercial satellite capabilities support many of the critical sectors.
“Commercial satellites are an integral part of our infrastructure network and must be protected from cyber attacks by bad actors that would compromise our national security,” said Cornyn.
While space is not designated an official critical infrastructure, the space and satellite industry and parts of the government have been weighing how to protect these increasingly critical systems. For example, the U.S. Department of Homeland Security is deciding how to incorporate space assets into its efforts to protect the vital national infrastructure. DHS has established a Space Systems Critical Infrastructure Working Group to evaluate how space is treated as a critical infrastructure and what national security risks exist.
In addition, Reps. Ted Lieu (D-Calif.), and Ken Calvert (R-Calif.) have also cosponsored legislation that calls on the executive branch to designate space systems, services, and technology as the 17th critical infrastructure sector. And the Biden administration released the “United States Space Priorities Framework” in December 2021 setting two main priorities — maintaining a robust and responsible U.S. space enterprise and preserving space for current and future generations.
This article was originally published in our sister publication Via Satellite.