Blogarchiv
Raumfahrt - White House issues new cybersecurity policy for space systems

7.09.2020

cyper

WASHINGTON — The National Space Council issued new cybersecurity principles to help defend America’s space systems Sept. 4. According to the White House, Space Policy Directive-5, or SPD-5, will foster practices within the government and commercial space operations to protect space systems from cyberthreats.

 

“From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life. President [Donald] Trump’s directive ensures the U.S. Government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats,” Deputy Assistant to the President and Executive Secretary of the National Space Council Scott Pac said in a statement.

“Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure.”

As a continuation of the National Security Strategy and National Cyber Strategy, the policy is intended to ensure freedom of action in space and maintain American leadership in the domain, the Trump administration said.

“Cyber security does not stop at America’s terrestrial borders,” added national security advisor Robert O’Brien. “The Administration is committed to protecting the American people from all cyber related threats to critical infrastructure, public health and safety, and our economic and national security — including American space systems and capabilities.”

 

 

SPD-5 lays out the following cybersecurity principles for space systems:

  • Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering.
  • Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to protect against unauthorized access; reduce vulnerabilities of command, control and telemetry systems; protect against communications jamming and spoofing; protect ground systems from cyberthreats; promote adoption of appropriate cybersecurity hygiene practices; and manage supply chain risks.
  • Space system cybersecurity requirements and regulations should leverage widely adopted best practices and norms of behavior.
  • Space system owners and operators should collaborate to promote the development of best practices and mitigation approaches.
  • Space system operators should make appropriate risk trades when implementing cybersecurity requirements specific to their system.

Quelle: c4isrnet.com

+++

Fearing Satellite Hacks and Hijacks, White House Issues Space-Security Directive to Industry

Manufacturers need to build in better defenses and even ways to regain control of hijacked spacecraft, directive says.

860x394

Satellite makers and operators should harden their spacecraft against hackers and hijackers, and collaborate to make sure everyone is on the same page, according to a White House policy directive released Friday. 

The new Space Policy-Directive 5 urges manufacturers to design their hardware and software so that operators can monitor and adapt to “activities that could manipulate, deny, degrade, disrupt, destroy, surveil, or eavesdrop on space system operations.” They should also have 

plans and tools in place to recapture control of satellites that get jammed, spoofed, hacked, or hijacked. 

The directive urges satellite makers and operators to also better manage the security of ground stations and address “supply chain risks that affect cybersecurity of space systems.” It calls on satellite makers to better collaborate and “share threat, warning, and incident information within the space industry.”

The national security community has become increasingly focused on threats to U.S. satellites over the last several years, as Chinese space activity has grown, Russia has taken some provocative maneuvers in space, such as the recent test of a space-based projectile, and India tested an anti-satelliterocket. A 2019 Defense Intelligence Agency report said that China and Russia are “developing jamming and cyberspace capabilities, directed energy weapons, on-orbit capabilities, and ground-based anti-satellite missiles that can achieve a range of reversible to nonreversible effects.” 

But the threat of malicious cyber activity against space communications, whether targeted at satellites or the ground software and hardware, is among the most severe threats. In March, the Center for Strategic International Studies, or CSIS, documented growing cyber and physical threats to U.S. and allied satellites. “Cyberattacks can be used to monitor data traffic patterns (i.e., which users are communicating), to monitor the data itself, or to insert false or corrupted data in the system,” the CSIS report said. 

The White House announcement is a step forward, said one of the report’s authors, Todd Harrison, director of defense budget analysis and senior fellow in the International Security Program at CSIS. “While many commercial firms already do the things outlined” in the directive, Harrison said, “it is good governance to put these things down in policy and it sets the right example for other nations to follow. Part of being a leader in space is leading by example when it comes to best practices in commercial space operations. It is also important for national security because the military relies on many commercial space systems to augment its own capabilities in areas like communications and imagery.”

Brian Weeden, technical advisor for the Secure World Foundation, said that the memo was expected and was the result of a process that had been going on for some time. “Cybersecurity has been a low-key but growing issue in the space world, as we've shown in our annual Global Counterspace Capabilitiesreport. Satellite operators (both governments and companies) are very reluctant to talk openly about any attacks they've experienced, but satellites are essentially computers in space connected to more computers on the ground and as such are vulnerable to many of the same cyber attacks we see in other sectors. “

Weeden described the new directive as “good” and “about what you would expect” from a presidential directive. “The policy directive relies mainly on industry best practices and standards to address those challenges, which is the norm across the cyber world. But we've seen in a lot of other areas that those practices and standards aren't nearly enough to prevent massive hacks and disruptions, so I fear we'll need to go a lot further than just voluntary recommendations.”

Quelle: Defense One

1844 Views
Raumfahrt+Astronomie-Blog von CENAP 0