The United States now has a cybersecurity policy for its space systems.
President Donald Trump today (Sept. 4) signed Space Policy Directive-5 (SPD-5), establishing a set of principles designed to protect the nation’s valuable space assets from a burgeoning variety of cyber threats.
“From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life,” Scott Pace, deputy assistant to the president and executive secretary of the National Space Council, said in a statement today.
“President Trump’s directive ensures the U.S. government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats,” Pace said. “Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure.”
Related: Presidential visions for space exploration: From Ike to Trump
That framework essentially stipulates that cybersecurity measures be incorporated into all stages of space-system development and operations, a senior administration official said during an SPD-5 telecon with reporters today.
Protective software is a big part of this picture, of course. But there are other important elements as well, such as vetting everyone who touches the command lines for a spacecraft, monitoring ground-based networks for intrusion and ensuring that telemetry links between a satellite and the ground are encrypted.
“There’s a whole range of things that you need to look at, kind of end-to-end,” the official said. “The amount of time and effort you put into them depends on what kind of risks you think you’re facing and what the consequences are if something goes bad.”
A national-security satellite, for example, “obviously is going to get much more time and attention” than a university cubesat project, the official added.
SPD-5 also recognizes the large and growing role played by the private sector, directing U.S. government agencies to work with commercial space companies “to further define best practices, establish cybersecurity informed norms and promote improved cybersecurity behaviors throughout the nation’s industrial base for space systems,” according to an SPD-5 fact sheet released by the White House.
U.S. officials, including Vice President Mike Pence, have recently stressed that the nation’s long-held space dominance is being challenged like never before, chiefly by Russia and China.
The signing of SPD-5 meshes with that narrative. However, the directive is not a response to any particular threat or event but rather represents a maturation of the Trump administration’s overall cybersecurity efforts over the past few years, the official stressed. And neither China nor Russia is mentioned in SPD-5, which you can read in full here.
As its name suggests, SPD-5 is the fifth space policy directive signed by President Trump. SPD-1 officially put the nation on a crewed course back to the moon, SPD-2 eased regulations on commercial spaceflight companies, SPD-3 dealt with space-traffic management and SPD-4 directed the Department of Defense to create the U.S. Space Force.