Washington, DC, 7 September 2020. – The White House has issued last week its fifth Space Policy Directive (SPD 5) outlining cybersecurity principles of space systems and operations.
The memorandum signed by US President Donald Trump sets forth key cybersecurity principles for space systems and intends to serve as “the foundation for the United States Government approach to the cyber protection of space systems” by defining best practices, improving cybersecurity behaviors and fostering cooperation between agencies, the commercial space industry and other non-government space operators.
The principles outline the use of “risk-based, cybersecurity-informed engineering” in the development and operation of space systems and supporting infrastructures and the development and implementation of cybersecurity plans incorporating
- the protection against unauthorized access to critical space vehicle functions through appropriate authentication or encryption measures;
- the physical protection measures for space facilities;
- the protection “against communications jamming and spoofing, such as signal strength monitoring programs, secured transmitters and receivers, authentication, or effective, validated, and tested encryption measures designed to provide security against existing and anticipated threats during the entire mission lifetime”; and
- the “(a)doption of appropriate cybersecurity hygiene practices, physical security for automated information systems, and intrusion detection methodologies for system elements such as information systems, antennas, terminals, receivers, routers, associated local and wide area networks, and power supplies”.
The memorandum also suggests an effective supply chain management “through tracking manufactured products; requiring sourcing from trusted suppliers; identifying counterfeit, fraudulent, and malicious equipment; and assessing other available risk mitigation measures” and concludes: “Security measures should be designed to be effective while permitting space system owners and operators to manage appropriate risk tolerances and minimize undue burden.”