US
President
Joe
Biden
delivers
a
prime-time address
to
the
nation
in
the
Oval
Office
of
the
White
House
in
Washington,
DC,
US,
on
Thursday,
Oct.
19,
2023.
Photographer:
Jonathan
Ernst/Reuters/Bloomberg
via
Getty
Images
WASHINGTON
—
In
a
final
push
to
lay
a
strong
cybersecurity
foundation
for
the
incoming
administration,
President
Joe
Biden
approved
an
executive
order
early
today
that
addresses
lessons
learned
in
the
cyber
realm
over
the
past
four
years,
distinctly
calling
for
practices
that
would
protect
commercial
satellite
systems
against
cyber
attacks.
“The
goal
is
to
better
understand
how
to
better
protect
and
secure
these
systems
and
stay
ahead
of
new
threats,”
Anne
Neuberger,
outgoing
deputy
national
security
advisor
for
cybersecurity
and
emerging
tech,
told
reporters
in
a
call
prior
to
the
order’s
release.
The
executive
order
mandates
the
development
of
new
cyber
contract
requirements
for
“agency-procured”
space
systems,
which
include
the
protection
of
command
and
control
space
systems
and
the
use
of
“secure
hardware
and
software
development
practices.”
“Russia’s
attack
of
Ukraine’s
commercially
provided
military
satellite
communications
systems
the
evening
before
it
invaded
Ukraine
demonstrated
the
devastating
impacts
disruption
of
space
infrastructure
can
bring,”
a
fact
sheet
on
the
executive
order
sent
to
reporters
read.
“Cybersecurity
threats
to
space
systems
have
risen
dramatically,
threatening
global
critical
infrastructure
and
communications.”
Additionally,
Biden’s
order
calls
for
the
National
Cyber
Director
to
perform
inventory
on
space
ground
systems
and
give
recommendations
to
improve
cyber
defenses,
adding
that
the
disruption
of
such
systems
“can
bring
global
commerce
to
a
halt
and
seriously
impact
national
security.”
The
mandates
published
today
have
long
been
seen
as
necessary
by
the
cybersecurity
and
space
communities.
For
example,
just
last
month
the
head
of
the
Space
Force’s
Space
Development
Agency
Derek
Tournear
said
that
one
of
his
biggest
worries
is
ensuring
cybersecurity
across
interconnected
mesh
networks
made
up
of
large
numbers
of
small
satellites
—
such
as
the
agency’s
planned
data
transfer
layer
and
the
increasing
numbers
of
commercial
internet
mega-constellations
in
low
Earth
orbit.
Last
spring,
the
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
published
a
white
paper
listing
several
recommendations
for
space
commercial
systems,
contending
that
there
is
an
increased
threat
to
such
systems
as
space
becomes
more
integrated
into
daily
life.
The
report
added
that
if
there
are
not
appropriate
cybersecurity
precautions
in
place,
“adversaries
can
access
vulnerabilities
within
connected
space
systems
to
degrade
our
critical
infrastructure
and
place
our
nation
at
risk.”
Some
recommendations
that
CISA
made
included:
protecting
payloads
using
network
segregation
and
segmentation
principles;
limiting
privileges
and
securely
authenticating
users
to
reduce
exposure
to
malware;
ensuring
that
appropriate
protections
and
controls
are
implemented
in
the
design,
operation
and
maintenance
of
ground
segments;
and
design
systems
with
“multiple
layers”
of
defense,
which
include
technical
capabilities
such
as
an
Intrusion
Detection
System.
In
the
event
that
a
commercial
space
system
belonging
to
the
federal
government
does
undergo
a
cyber
attack,
the
executive
order
calls
for
“centralized
visibility,”
meaning
that
CISA
has
the
ability
to
conduct
searches
on
all
federal
networks
to
ensure
the
attacker
is
not
living
on
any
other
systems.
“If
we
find
one
particular
technique
that
a
foreign
government
has
used
to
hack
one
particular
federal
agency,
this
now
tasks
CISA
and
gives
CISA
centralized
visibility
to
hunt
across
all
agency
systems
to
ensure
we’re
defending
against
this
attack
broadly,”
Neuberger
said
Wednesday.
Theresa
Hitchens
contributed
to
this
report.