Space systems play a critical role in our interconnected world. From enabling global communication and precise navigation to advancing weather forecasting and scientific research, in many instances these systems are the backbone of our technological infrastructure. The growth of satellite solutions for IoT purposes and the recent surge in direct-to-device networks underscores how satellite technology is embedded in the future of communications and connectivity. As these systems become more complex and satellites increasingly support global connectivity for things, the exposure of satellites and related-technology to cybersecurity threats is increasing. These threats can compromise critical functions, disrupt services, and even jeopardise national security, economic stability, and public safety.
NASA’s Space Security Best Practices Guide
Recognising the importance of cybersecurity resilience, NASA has published its first Space Security Best Practices Guide (BPG). The BPG outlines principles and corresponding controls to guide mission security implementation. These principles and controls are designed to be attainable, regardless of the size, scope, or nature of the mission, program, or project—whether it’s international, corporate, or university-led for example.
The principles adopt a risk-based approach that is focused on mitigating vulnerabilities in relation to:
- Space vehicle security, including the space vehicle, space-based hosted payload and space-based infrastructure or architecture; and
- Ground segment security, including the ground infrastructure, laboratory environment and integrated ground architecture.
For example, some of the key principles and controls emphasised in the BPG include, ensuring that essential data flows securely within the architecture, maintaining robust authentication mechanisms and precise authorization controls, and maintaining encryption and monitoring processes.
Global relevance
While the BPG has its origins in the US, its value is likely to extend beyond this. Given the broad scope of the BPG and the intention for the principles and controls to be relevant irrespective of the types and size of the mission, it may be useful for the global space and satellite sector as a whole.
On the industry side, for example, international partners working with NASA can leverage the BPG as a framework for the types of space security measures that NASA is likely to want to see implemented for missions they are involved in or partnered with. Similarly, the global commercial space industry may find this a useful resource for assessing their own existing security measures and identifying gaps where it may be appropriate to supplement their protocols by incorporating BPG-recommended practices.
On the government side, other space regulators may find the BPG a useful benchmark for shaping their own space security guidance and frameworks, including where these might align with or deviate from the US position. We note that the release of the BPG is reflective of the global focus on cyber-resilience, with other countries similarly moving to bolster relevant cybersecurity frameworks. For example:
- The UK has released a new policy framework outlining measures for building resilience for sectors relying on Position, Navigation and Timing satellite information; and
- The European Space Agency has announced its plans to use artificial intelligence to improve the cyber-resilience of its missions and operations.
Moving forward, we anticipate that cyber-resilience will remain a central theme in the space and satellite sector and we expect to see more guidance, frameworks, and collaborative efforts aimed at addressing critical security challenges.
For further information, please contact:
Hayley Blyth, Partner, Bird & Bird
hayley.blyth@twobirds.com