The law firm of choice for internationally focused companies

+263 242 744 677

admin@tsazim.com

4 Gunhill Avenue,

Harare, Zimbabwe

Officials call for unified cyber standards for space systems – Breaking Defense

Posted on by TSA Press

Crews
at
US
Space
Command’s
National
Space
Defense
Center
provide
threat-focused
space
domain
awareness.
(US
Space
Force
photo
by
Kathryn
Damon)


WASHINGTON

As
information
sharing
between
allies
and
partners
becomes
increasingly
important
in
the
space
domain,
the
US
needs
to
create
a
uniform
set
of
cybersecurity
standards
for
its
space
systems,
government
officials
said
Tuesday. 


Right
now
there
are
several
entities
and
agencies
who
have
or
are
working
on
their
own
set
of
cybersecurity
standards
for
space
systems.
These
include
the

National
Institute
of
Standards
and
Technology,

the
Cybersecurity
and
Infrastructure
Security
Agency,
OASIS
and
commercial
providers.
Additionally,
a


Biden-era
executive
order
mandated
practices
that
would
protect
commercial
satellite
systems
against
cyber
attacks.


But
if
all
of
these
standards
are
siloed,
it
will
be
more
difficult
to
share
them
with
international
allies
and
they
won’t
be
useful
in
protecting
space
systems
against
adversarial
threats,
Lauryn
Williams,
former

chief
of
staff
in
the
Office
of
the
Assistant
Secretary
of
Defense
for
Industrial
Base
Policy,
said
during
a
Washington
Business
Space
Roundtable
discussion
Tuesday. 


Williams
said
that a
meeting
with
Japanese
officials
during
her
stint
in
the
Office
of
the
National
Cyber
Director
prior
to
her
most
recent
post
was
her
catalyst
for
wanting
to
develop
a
clear
set
of
cyber
standards
for
space
systems.


“The
Japanese
government
turned
to
me
as
the
kind
of
cyber
person
sitting
at
the
table,
and
they
said,
very
straightforwardly,
‘What
is
your
cybersecurity
policy?
What
is
your
cybersecurity
standard?’
We
could
not
answer
that
question.
I
cannot
answer
that
question,”
she
said. 


“We
need
to
be
able
to
answer
that
question,
so
that
we
can
lead
because
that
was
the
indication
that
I
got,
was
that
the
Japanese
were
looking
to
us
to
be
able
to
say,
‘Here
it
is.’
So
that
they
and
many
of
our
other
international
partners
could
take
and
build
on
it,”
she
added.
“I
hope
that
we’ve
got
a
piece
of
that
answer
now,
not
the
entirety
of
it,
but
the
world
really
is
looking
to
us
on
this.” 


Erin

Miller,
executive
director
of
the
Space
Information
Sharing
and
Analysis
Center
(Space
ISAC),
echoed
Williams’
need
for
a
cohesive
set
of
cyber
standards.
She
noted
that
ideally
one
agency
would
be
in
charge
of
setting
these
standards;
for
example,
the

Department
of
Homeland
Security.
This,
however,
could
be
tricky
since
the
federal
government
tends
to
fall
behind
commercial
industry
in
terms
of
understanding
cyber
threats
to
space
systems.


“There’s
a
lot
of
[standards]
that
are
available
that
we
can
look
at.
We
actually
formed
a
task
force
in
Space
ISAC
to
look
at
all
of
these
different
standards
and
see
if
we
can
get
a
comprehensive
view
of
how
to
address
risks
for
space
systems,”
Miller
told
Breaking
Defense
on
the
sidelines
of
the
event.
“But
the
challenge
is
that
the
commercial
sector
can
do
that,
and
organically
we
can
come
to
a
conclusion
on
how
we’re
all
going
to
manage
sector
risk,
but
it’s
still
a
commercial
sector
that’s
driving
it.
We
need
a
complement
from
the
federal
government
side
to
drive
overall
sector
risk.” 


Both
Williams
and
Miller
made
clear
that
such
a
set
of
uniformed
cybersecurity
standards
would benefit
international
cooperation.
Miller
also
used
the
opportunity
to
make
her
argument
that
space
systems
should
be
considered
critical
infrastructure. 


With
this,
she
explained
that
another
benefit
to
having
the
DHS
in
particular
take
on
the
responsibility
of
creating
space
cyber
standards
would
be
allowing
space
systems
to
be
considered
critical
infrastructure,
something
the
space
community
has
been
advocating
for
for
several
years.
But
the
federal
government
maintains
these
systems
do
not
qualify
as
critical
infrastructure.


“Human
lives
depend
on
the
security
of
space
systems,
and
it’s
not
just
humans
in
the
US.
That’s
another
challenge,
is
that
DHS
has
primarily
been
responsible
for
critical
infrastructure
that
humans
in
the
US
rely
on,
and
so
risk
management
is
based
on
US
lives,
but
this
is
a
global
conversation,”
Miller
told
Breaking
Defense.
“People
across
the
whole
world
are
dependent
upon
the
space
systems,
and
we
have
a
lot
of
international
sales
and
trade
and
commerce
that’s
associated
with
our
space
systems
and
the
use
of
them
in
countries
around
the
world.
So
it’s
dynamic.” 


Though
Miller
said
the
DHS
could
be
responsible
for
making
the
uniformed
set
of
standards,
she 
acknowledged
that
there
is
more
than
one
agency
capable
of
tracking
critical
infrastructure,
so
the
DHS
wouldn’t
necessarily
have
to
be
the
agency
responsible
for
creating
the
standards.


“Space
ISAC
has
heavily
advocated
that
we
have
a
designation
of
space
systems
as
a
critical
infrastructure
sector,
and
that’s
where
DHS’s
role
is
that
they
have
a
responsibility
for
critical
infrastructure
sectors,
and
they
also
share
that
responsibility
with
other
agencies.
So
that’s
why
this
conversation
of
which
agency
is
responsible
is
so
challenging,”
she
said.