LOS ANGELES — The U.S. Space Force is offering free, non-attributable cybersecurity supply chain and vulnerability scanning services to both its commercial vendors and to other government agencies, Col. Jennifer Krolikowski, the chief information officer for Space Systems Command (SSC), confirmed Thursday.
Speaking to attendees at the CyberLEO cyber security conference here on Thursday, Col. Krolikowski said that the free service offered, “can do those scans for anyone in the government or commercial sector … so you can see what your supply chain looks like and what [cybersecurity] vulnerabilities you might have.”
SSC, the Space Force component responsible for developing, building, and launching satellite systems, designed the vulnerability scan service to, “assist in evaluating current vendor IT security postures, so that our most talented commercial space innovators are not scared off by infosec compliance layers,” she said.
If the U.S. Department of Defense’s planned (and recently revamped) Cybersecurity Model Maturity Certification program
were currently running, for instance, Krolikowski said, vendors could use the Space Force scans to help them complete that process.
“It’s non-attributable,” she said, meaning subcontractors and others in the vendor supply chains of any company that take SSC up on the offer won’t necessarily know that they are being assessed by the U.S. military as part of the process.
Krolikowski said SSC offers the service in an effort to raise cybersecurity standards across the satellite ecosystem, as the U.S. military relies more and more on commercial providers for the globe spanning connectivity it needs to confront adversaries in the Pacific and European theaters — a world away from the Pentagon.
She added that there hasn’t been much take up of the new program yet, but it’s still very early days. “It’s still a little bit in its infancy. We’ve only had it up for a few months or so. But it’s something that we’re trying to advertise better,” she said. Nonetheless, vendors have already visited to kick the tires on the offer and had given positive feedback, she said.
“We have had some people come in to get a glance at what they have. And they’ve been pleased with [what they’ve learned about] the processes and the results, with the kind of printout they get as to how their systems are working.” she said.
The news comes as DoD is wrestling with a series of compliance initiatives designed to protect the military’s commercial supply chains from cyber compromise. In addition to CMMC, which officials now say they plan to have in place within 18-24 months, the Commercial Satcom Capabilities Office, or CSCO, within Space Force is launching IA-Pre, a program to pre-approve the cybersecurity postures of everything from individual systems all the way to end-to-end management service architectures.