How SPD-5 is paving the way for satellite and space systems cybersecurity


Last month, Access Intelligence convened its 40th annual SATELLITE conference at the Gaylord National Convention Center in National Harbor, MD. SATELLITE is universally recognized as the world’s most critical and inclusive social gathering of space and satellite thought leaders. Executives, engineers, government officials, and commercial customers convene at SATELLITE to bridge the digital divide, increase access to space, and collaborate on policy.

On Wednesday, September 8, SATELLITE held the “Satellite Cybersecurity” session, where SES Space and Defense’s Vice President of Corporate Development, Todd Gossett, moderated a panel discussion that included:

• Rebecca Cowen-Hirsch, Senior Vice President, Government Strategy & Policy U.S. Government Business Unit, Inmarsat, Inc.
• Dianne Poster, Senior Advisor, National Institute of Standards and Technology
• Jared Reece, Program Analyst, COMSATCOM Solutions Branch, U.S. Space Force

Today’s warfighters rely on space like they’ve never had before. Through advancements in satellite technology, the infrastructure of the U.S. military is now provided with critical warfighting capabilities that were not available in the past. But with each new advancement over the past few decades, these capabilities are now integrated so deeply into critical warfighting functions, it’s incumbent upon satellite providers, and the agencies that procure them, to ensure that those capabilities are available, when and where those warfighters need them.

One of the greatest and ever-growing threats to providing these capabilities to the military is today’s cyber threat landscape. As the attacks from nation-state hackers and other malicious actors become increasingly sophisticated, the potential for mission-critical IT capabilities or applications to be comprised or denied has risen. When capabilities and functions provided by satellites are interrupted, warfighters can lose communication and situational awareness, military operations can fail, and in worst case scenarios, American lives could be lost.

According to Gossett, “Both industry and government have taken a hard look at this over the past several years. And we are taking actions collectively to address this landscape that we’re now deployed in.”

Reece pointed out that, “With the transition away from strictly MILSATCOM to bringing in more commercial SATCOM, this is becoming a more impactful topic to the warfighter.” Though the innovation from industry is imperative for the success of today’s military, commercial systems and equipment must go through thorough evaluations and inspection to ensure that they have best-of-breed cybersecurity posture.

To combat these risks and threats, federal government agencies, the military, and industry are coming together to ensure that space systems, and the satellites they run on, have gone through rigorous cybersecurity evaluation and testing in order to prevent cybersecurity attacks.

Within the last few years, the White House, the National Institute of Standards and Technology (NIST), the U.S. Space Force, and other federal agencies, have released directives and guidance specifically focusing on bolstering the cybersecurity posture requirements of current space systems and satellites, while simultaneously doing the same for new systems that are being brought into the market.

As space systems innovate and evolve in the future, cybersecurity threats will undoubtedly keep pace in their sophistication and boldness. It is imperative that new systems brought in from the commercial market have the highest level of cybersecurity possible. When these criteria are met, the federal government and military can rest assured knowing they are deploying space systems and satellites that were designed with the utmost innovation and security in mind.

One of these cybersecurity directives is the Space Policy Directive – 5 (SPD-5), which was released by the White House last year. SPD-5 serves as the nation’s first comprehensive cybersecurity policy for space systems. SPD-5 establishes key cybersecurity principles to guide and serve as the foundation for America’s approach to the cyber protection of space systems.

According to the directive, “It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the nation’s critical infrastructure.”

Reece praised the directive by saying, “I was actually really excited to see this come out, because one of the things that our office has been doing for years is that integration that SPD-5 is asking for.”

Cowen-Hirsch echoed Reece’s sentiment by adding, “I think what SPD-5 has done is really elevate the focus of space as well.” She acknowledged that there have been many directives about systems cybersecurity, but she explained, “These have been largely focused on information systems, but not necessarily space. So that intersection between space and cyberspace and the threat vectors that we’re seeing, and the reality that the satellite is yet another node on those networks, is very significant.”

On the NIST side of the conversation, Poster explained, “At NIST, we do take SPD-5 as sort of a fundamental core basis of policy development for where we’re focusing cybersecurity efforts for not only satellites, but space systems.”

Not only does SPD-5 lay the groundwork for satellite cybersecurity policy, but it also underscores the importance of fostering “practices within U.S. government and commercial space operations that protect space assets and their supporting infrastructure from cyber threats.”

Luckily, many COMSATCOM providers are already meeting – or exceeding – the cybersecurity guidance in SPD-5. For example, SES is already ahead of the curve when it comes to implementing the recommendations in SPD-5. Gossett highlighted the fact that SES’s highly anticipated medium Earth orbit (MEO) satellite constellation, O3b mPOWER, is fully compliant with SPD-5. Gossett said, “We’ve spent significant time and effort trying to build in cybersecurity from a lifecycle approach into our latest satellite system, mPOWER…This is something that we bake in.”

The introduction of SPD-5 could ultimately provide two positives for the U.S. government and military. The creation of the guidance has established a baseline of security for commercial satellite services and solutions that can assuage any existing governmental concerns or fears about the security of satellite solutions. Seeing that a satellite service or solution meets the recommendations in the guidance ensures that the vendor puts a high priority on security and mission assurance.

This peace of mind is what will drive the second benefit – opening the door for government and military organizations to benefit from the innovation and cost-savings that comes from utilizing commercial satellite services. It’s widely acknowledged across the government that commercial industry is now the leader in space innovation. By eliminating a barrier that may have kept some government and military organizations from eschewing COMSATCOM services for purpose-built satellites, SPD-5 is making that innovation available for these organizations at a fraction of the capital expense.

Share the Post: