NASIC image
SATELLITE 2021: Space Force hopes to soon wrap up a new cybersecurity certification process for commercial communications megaconstellations in Low Earth Orbit (LEO) — while allowing industry as much leeway as possible to come up with innovative solutions, a Space Force official said today.
“Internally with our office, there’s a desire to be more agnostic, so when we go out with acquisitions we really want to let industry be creative in their proposals,” Jared Reece, program analyst at the service’s Commercial Satellite Communications Office (CSCO), told the SATELLITE 2021 conference in Ft. Washington, Md. The goal, he said, is to allow for “increased trust in industry” to assess their own systems’ cybersecurity needs “while doing due diligence” in reviewing whether those assessments are reliable.
CSCO is currently working to finalize an update to its 2019-created Infrastructure Asset Pre-Assessment (IA-Pre) program for commercial communications satellites to cover what are called proliferated LEO constellations. IA-Pre allows commercial satellite communications firms to use third-party audits to show that they have met the relevant cybersecurity standards set by the National Institute of Standards and Technology (NIST).
In doing so, Reece said, CSCO will focus any new requirements narrowly on the differences between these types of networks and the smaller constellations of more traditional comsats that operate in higher orbits. Until recently, most communications satellites were placed primarily in Geostationary Orbits, some 36,000 kilometers above the Earth where a space object seems to hover above a fixed location on the ground.
Computerized networks used to managed large LEO constellations are necessarily different from those used to control GEO sats, he said.
Dianne Poster, a NIST senior analyst, explained that NIST has based its new framework for satellite cybersecurity on Space Policy Directive-5 (SPD-5), published by the Trump administration last September.
SPD-5 was aimed in particular at the LEO megaconstellations, which use 5G to create an Internet of Things in space. It focused in part on what is known as “positive control” of spacecraft and systems — meaning that they have ways to ensure that hackers do not take over their satellites. This is particularly important for those operators who are relying heavily on autonomous operational capabilities, where a person may not be monitoring satellite functions and movements 24/7.
“We do take SPD-5 as sort of a fundamental core basis of policy development for where we’re focusing cybersecurity efforts for not only satellites but space systems,” Poster said. “The cybersecurity framework that NIST has been focused on in its historical research and development efforts as applied to space systems has been a very recent focus, and we recently put out a draft document that’s open for comment on how this cybersecurity framework can be applied to space systems.”
She said that operating in space brings unique challenges to the usual terrestrial cybersecurity concerns, whether dealing with cryptology, identity validation, or processes for testing and validating space system components.
Reece noted that CSCO also is looking at whether it needs to create specific new requirements for imagery and other intelligence, surveillance and reconnaissance satellite networks. But again, he said, the aim would be to look at where technologies between the two types of networks diverge in order to maintain as much consistency in the rules as possible.
“They’re still spacecraft. They’re still data. There are a number of things that apply, so the only thing you really have to look at in depth is the deltas,” he said.
Rebecca Cowen-Hirsch, senior vice president for government strategy and policy at Inmarsat, said she welcomed the more collaborative approach being touted by Space Force as it considers how to expand the use of commercial satellites.
“Nothing pleases me more than to hear a government official sit on a cybersecurity panel say that ‘we need to trust the industry more,'” she said. “Fantastic!”
