Space

DoD To Update Satellite Cyber Rules For Megaconstellations

Space Force's is to allow for "increased trust in industry" to assess their own systems' cybersecurity needs, "while doing due diligence" in reviewing whether those assessments are reliable, said Jared Reece.

By Theresa Hitchens on September 09, 2021 3:00 pm
NASIC image

SATELLITE 2021: Space Force hopes to soon wrap up a new cybersecurity certification process for commercial communications megaconstellations in Low Earth Orbit (LEO) — while allowing industry as much leeway as possible to come up with innovative solutions, a Space Force official said today.

“Internally with our office, there’s a desire to be more agnostic, so when we go out with acquisitions we really want to let industry be creative in their proposals,” Jared Reece, program analyst at the service’s Commercial Satellite Communications Office (CSCO), told the SATELLITE 2021 conference in Ft. Washington, Md. The goal, he said, is to allow for “increased trust in industry” to assess their own systems’ cybersecurity needs “while doing due diligence” in reviewing whether those assessments are reliable.

CSCO is currently working to finalize an update to its 2019-created Infrastructure Asset Pre-Assessment (IA-Pre) program for commercial communications satellites to cover what are called proliferated LEO constellations. IA-Pre allows commercial satellite communications firms to use third-party audits to show that they have met the relevant cybersecurity standards set by the National Institute of Standards and Technology (NIST).

In doing so, Reece said, CSCO will focus any new requirements narrowly on the differences between these types of networks and the smaller constellations of more traditional comsats that operate in higher orbits. Until recently, most communications satellites were placed primarily in Geostationary Orbits, some 36,000 kilometers above the Earth where a space object seems to hover above a fixed location on the ground.

Computerized networks used to managed large LEO constellations are necessarily different from those used to control GEO sats, he said.

Dianne Poster, a NIST senior analyst, explained that NIST has based its new framework for satellite cybersecurity on Space Policy Directive-5 (SPD-5), published by the Trump administration last September.

SPD-5 was aimed in particular at the LEO megaconstellations, which use 5G to create an Internet of Things in space. It focused in part on what is known as “positive control” of spacecraft and systems — meaning that they have ways to ensure that hackers do not take over their satellites. This is particularly important for those operators who are relying heavily on autonomous operational capabilities, where a person may not be monitoring satellite functions and movements 24/7.

“We do take SPD-5 as sort of a fundamental core basis of policy development for where we’re focusing cybersecurity efforts for not only satellites but space systems,” Poster said. “The cybersecurity framework that NIST has been focused on in its historical research and development efforts as applied to space systems has been a very recent focus, and we recently put out a draft document that’s open for comment on how this cybersecurity framework can be applied to space systems.”

She said that operating in space brings unique challenges to the usual terrestrial cybersecurity concerns, whether dealing with cryptology, identity validation, or processes for testing and validating space system components.

Reece noted that CSCO also is looking at whether it needs to create specific new requirements for imagery and other intelligence, surveillance and reconnaissance satellite networks. But again, he said, the aim would be to look at where technologies between the two types of networks diverge in order to maintain as much consistency in the rules as possible.

“They’re still spacecraft. They’re still data. There are a number of things that apply, so the only thing you really have to look at in depth is the deltas,” he said.

Rebecca Cowen-Hirsch, senior vice president for government strategy and policy at Inmarsat, said she welcomed the more collaborative approach being touted by Space Force as it considers how to expand the use of commercial satellites.

“Nothing pleases me more than to hear a government official sit on a cybersecurity panel say that ‘we need to trust the industry more,'” she said. “Fantastic!”

PHOTOS: AFA 2025

Gallery
Presented by

RTX-logo

PHOTOS: AFA 2025

Space Force Chief of Space Operations Gen. B. Chance Saltzman delivers his keynote address, Sept. 23, 2025. (Jud McCrehin/Air & Space Forces Association)
Jay Raymond (left), former Space Force chief of space operations, and David Thompson, former vice chief of space operations, speak on a panel moderated by Nina Armagno, former Space Force staff director, Sept. 23, 2025. (Jud McCrehin/Air & Space Forces Association)
Griffon Aerospace displays its Valiant vertical takeoff-and-landing drone, designed for field reconnaissance on the go, Sept. 23, 2025. (Aaron Mehta/Breaking Defense)
Trac9 shows its Advanced Deployable Aircraft Mobile System, a portable hangar, Sept. 23, 2025. (Aaron Mehta/Breaking Defense)
A model of Saab-Boeing's T-7 Red Hawk jet trainer, Sept. 23, 2025. (Daniel Woolfolk/Breaking Defense)
A 1/6th-size model of the Hermeus supersonic jet sits below a live feed of the company's production line in Atlanta, Ga., Sept. 23, 2025. (Aaron Mehta/Breaking Defense)
Shield AI's V-BAT vertical takeoff-and-landing drone, sits on display, Sept. 23, 2025. (Daniel Woolfolk/Breaking Defense)
The Air Force Research Laboratory displays a missile designed under its "Angry Tortoise" program, a partnership with Ursa Major, that looks to develop hypersonic missiles that can be deployed en masse for millions of dollars less than more traditional munitions, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
Anduril’s YFQ-44A Fury drone, an entrant in the Collaborative Combat Aircraft drone wingman program, sits on display, Sept. 22, 2025. (Daniel Woolfolk/Breaking Defense)
General Atomics’ YFQ-42A, another CCA entrant, sits on display, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
JetCat shows several small jet engines designed to power munitions or kamikaze drones at a fraction of the cost of larger engines, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
Sierra Nevada Corp.’s Battery Revolving Adaptive Weapons Launcher (BRAWLR), a reconfigurable counter-drone system in use by at least one classified foreign customer, makes its defense trade show debut, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
Air Force Undersecretary Matt Lohmeier visits the Northrop Grumman booth, where the Stand-In Attack Weapon and Hypersonic Cruise Missile are on display, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
The Tactical Combat Training System Increment II connects live aircraft to a simulator in training, allowing remote troops to practice in real-world conditions. (Rachel Cohen/Breaking Defense)

Could you fly Embraer’s C-390? (Daniel Woolfolk/Breaking Defense)

Embraer aims to convince the Air Force that its C-390, shown in miniature on Sept. 24, 2025, could be a boon to the service’s airlift fleet. (Daniel Woolfolk/Breaking Defense)
J.P. Nauseef, president and chief executive officer of JobsOhio speaks during ASC, Sept. 24, 2025. (Jud McCrehin/Air & Space Forces Association)
Attendees traverse the show floor on the final day of the conference, Sept. 24, 2025. (Daniel Woolfolk/Breaking Defense)
Attendees mill about near the main show floor doors at the Gaylord National Resort & Convention Center, Oxon Hill, Md., Sept. 24, 2025. (Daniel Woolfolk/Breaking Defense)
RTX shows off munitions at its booth on the show floor, Sept. 22, 2025. (Rachel Cohen/Breaking Defense)
1/20
Presented by

RTX-logo