In September 2018, the Trump administration added space cybersecurity to the National Cyber Strategy.
Of course, adding space cybersecurity to a strategy document doesn’t automatically make those systems secure from cyberthreats. In the year since that document was adopted, the Space Cybersecurity Working Group has been trying to make the administration’s desire that United States space assets are cybersecure a reality.
“The National Security Council, in very close coordination with the National Space Council, as well as the Office of the vice president, decided to form an inner agency group called the Space Cybersecurity Working Group,” explained Jaisha Wray, cybersecurity director of the National Security Council. “The goals of our working group are to identify and coordinate and prioritize U.S. government efforts to manage cybersecurity risks to space systems.”
As the cybersecurity director of the National Security Council, Wray is in charge of developing international cybersecurity partnerships. Previously she served as the acting deputy director of emerging security challenges at the Department of State, where she helped build space and cyber policies. At the CyberSat19 conference Nov. 7, Wray explained how her Space Cybersecurity Working Group was fostering communications between various organizations to enhance cybersecurity in space.
Key to developing effective cybersecurity across the nation’s space systems is communication, be it between space and cyber communities, the U.S. and international partners, or the government and industry, said Wray.
“What we saw was that across departments and agencies in the U.S. government, the space and the cyber people are often located in different offices in different bureaus, and so one of the early successes of our working group is simply just bringing these folks together to try to reduce stovepipes, compare notes and provide updates,” she explained.
Those meetings are ongoing and have been embraced by both communities, said Wray.
The National Cyber Strategy also directed the National Security Council to enhance partnerships between the U.S. government and commercial and other space-faring nations.
“This is particularly important since our efforts in space are becoming increasingly intertwined, both commercially and internationally, and we must ensure that all space systems — not just U.S. government satellites — are protected from cyberthreats,” said Wray. “However, a key challenge is convincing others to spend the extra money and resources necessary to make their satellites more secure when the extent of the threat is not always well known or available in the public domain. So this is why both internationally and with industry we plan to enhance our efforts to raise awareness and share information on cyberthreats and to develop and share best practices and principles to counter these threats.”
On the industry front, the working group is backing the efforts of the newly established Space Information Sharing and Analysis Center (ISAC). ISACs are member-driven groups that work with the government to spread information through industry. The formation of a separate Space ISAC was announced in April, and the group held its first board meeting Nov. 7.
“We were very pleased to see and now support the efforts of the new Space ISAC, which will help gather, analyze and disseminate critical cyberthreat information related to space among the federal commercial and international community,” said Wray.
While the technical side of enhancing space cybersecurity presents its own challenge, it’s clear that a major gap in implementing cybersecurity in space is connecting the various stakeholders, be they commercial companies, various agencies or other countries.
“I’m confident that through the Space Cybersecurity Working Group, we can continue to make progress and working cooperatively to address these threats,” said Wray.