Senators Reintroduce Satellite Cybersecurity Legislation

Senators Gary Peters and John Cornyn have reintroduced legislation requring the Department of Homeland Security to help prevent disruptive cyberattacks on commercial satellites. The bill requires DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to consolidate voluntary satellite cybersecurity recommendations to help operators understand how to secure their systems and ensure they have the tools and resources they need for cybersecurity defense.

Peters (D-MI) chairs the Senate Homeland Security and Governmental Affairs Committee. He and Cornyn (R-TX) introduced a similar bill last year. It cleared committee, but there was no further action.

In a press release today, they cited growing concern that cyber attacks on commercial satellites “could have dire economic and security consequences. … As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service, or jam signals to disrupt electric grids, water networks, transportation systems, and other critical infrastructure.”

Satellite cybersecurity has been a concern for many years. The Trump Administration’s Space Policy Directive-5 established five principles for space cybersecurity in September 2020, but the issue came to the fore in February 2022 when Russia invaded Ukraine. Russia is widely blamed for a cyberattack on the ground network for ViaSat’s KA-SAT satellite system at the outset of the invasion.

Peters referenced that in reintroducing the legislation, saying ““We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked.” Cornyn added that “Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests.”

According to the press release, the Satellite Cybersecurity Act (S. 1425) requires CISA to —

• consolidate voluntary satellite cybersecurity recommendations to help companies understand how best to secure their systems, and
• develop a publicly available online resource to allow companies to access satellite-specific cybersecurity resources and recommendations.

It also requires the National Space Council and the National Cyber Director, both part of the Executive Office of the President, to develop a strategy to increase government-wide coordination to address cybersecurity threats to satellites.  Vice President Kamala Harris chairs the National Space Council. Kemba Walder is the Acting National Cyber Director.

Last year’s bill (S. 3511) was reported by voice vote from the Senate HSGA committee (S. Rept 117-122) in March 2022. A companion measure was introduced in the House (H.R. 7629) by Reps. Malinkowski (D-NJ) and Andrew Garbarino (R-NY), but there was no further action.

In response to SPD-5, the National Institute of Standards and Technology (NIST, part of the Department of Commerce) issued an interagency report in December 2022 providing guidance on how to implement its cybersecurity framework to satellite ground segment command and control systems.

George Washington University’s Space Policy Institute and Institute for International Science and Technology Policy held a seminar on space and cybersecurity last week. The video is available.