Congressman Babin Hints that Cybersecurity Could be Included in Larger Commercial Space Legislative Package

U.S. Congressman Brian Babin, R-Texas, Chairman of the House Subcommittee on Space, said his group is working on legislation with the U.S. Department of Defense (DOD) to conduct a new cybersecurity defense audit of U.S. government space and defense agencies as part of a larger commercial space enterprise bill. While he could not name the specific legislation, Rep. Babin hinted that the cybersecurity audit could end up being part of the American Space Commerce Free Enterprise Act of 2017, which was introduced this past June by his fellow Congressman Rep. Lamar Smith, R-Texas.

“Our government’s space and meteorological programs at NASA and NOAA have tackled cybersecurity with various measures that have produced mixed results,” Rep. Babin told attendees at Via Satellite’s debut CyberSat Summit in Tyson’s Corner, Virginia. “Over the years, NASA and NOAA have integrated more and more of their Informational Technologies (IT) systems with their Operational Technology (OT) systems, which has created more network security vulnerabilities as systems go online. Despite spending more than $1.4 billion to support IT security, many of these systems still do not meet requirements established by the Federal Information Security Management Act (FISMA). There’s still significant confusion at NASA and NOAA over IT security.”

FISMA is a U.S. federal law passed 15 years ago that made it a requirement for federal agencies to develop, document, and implement an information security and protection program. Rep. Babin cited serious space cybersecurity vulnerabilities discovered by audits the U.S. Inspector General’s office conducted in 2009 and 2012 as an example of the outdated information the government is working with to establish new protocols and programs. “The House Science committee is responsible for keeping on top of gathering this information and we are working with the DOD to stay ahead of the game,” said Rep. Babin.

Congress has taken no action on the American Space Commerce Free Enterprise Act of 2017 since it was introduced June 6 and went through its mark-up process on June 8. A number of commercial space companies and organizations support the bill, including: Panasonic, the Satellite Industry Association, Space Florida, Space Frontier Foundation, The Commercial Spaceflight Federation, and Students for the Exploration and Development of Space. The bill itself contains very little specific language related to network and cybersecurity. However, it does order a newly-created Office of Space Commerce of the Department of Commerce to establish a Private Space Activity Advisory Committee that will analyze the status and recent developments of nongovernmental space activities, and advise on matters relating to U.S. private sector activities in outer space.

Rep. Babin stated his concerns about the government’s inability to sufficiently and confidently respond to evolving cyber threats during his CyberSat Summit keynote, specifically mentioning vulnerabilities and almost routine security breaches of the United States’ meteorological space infrastructure. “It’s not surprising to me that hostile nations target our sensitive space technologies for economic competitive reasons,” said Rep. Babin. “What surprises me are the discrepancies between levels of security and understanding between government space agencies like NASA and NOAA. Our weather systems, in particular, are extremely vulnerable.”

Rep. Babin’s list of available solutions to these issues is not nearly as long as his list of concerns. He, like many U.S. politicians involved with space programs over the last decade, is looking to the private sector for answers. “Our space systems must incorporate protection at every level — from the ground antennas to the software running on satellites in orbit,” he said. “Our committee is more than happy to engage with the satellite industry and hear ideas on how we can sure up our national network security. Obviously, a one-size fits all solution will not be the answer.”

The congressman has been extremely vocal about U.S. cybersecurity issues — even outside of the space industry. After being personally affected by Hurricane Harvey when flooding from the storm trapped him in his Northeast Houston home, he, along with U.S. Reps. Lamar Smith, R-Texas, and Randy Weber, R-Texas, wrote an editorial for the Houston Chronicle that was published Oct. 2 titled, “Electric Grid Resiliency — the Update America Needs.” In the article, the three congressmen stressed the need to address cybersecurity vulnerabilities to the U.S. power grid caused by outages from damages from natural disasters and hurricanes.

“New technology designed to increase resiliency, like the smart meters that help us better understand and respond to outages, can also increase exposure to cybersecurity threats,” the congressmen wrote in the article. “…Because of this, grid resiliency — the ability of system operators to prevent disruptions in power, limit the duration of a power disruption, and quickly repair potential damage — is crucial. We can’t predict when a cyberattack could threaten our power supply. And, as we were reminded last month with the impact of Hurricane Harvey in Texas, we don’t know when the next devastating natural disaster will occur.”

In the private sector, Rep. Babin recently received the support of the Owner-Operator Independent Drivers Association (OOIDA), a trade organization representing the interests of small-business trucking professionals and professional truck drivers, to delay an Electronic Logging Device (ELD) mandate for truck drivers for a period of two years. Rep. Babin and OOIDA have argued that ELD regulations do not address concerns about inadequate cybersecurity certification of ELD devices, especially in remote regions and fact that the mandate would cost stakeholders more than $2 billion.

During his keynote, Rep. Babin stated that funding and coordinating government response efforts to sudden cyber-attacks is complicated due to the fact that responsibility for oversight is spread across several federal agencies, including: the U.S. Department of Homeland Security, the Federal Energy Regulatory Commission, the North American Electric Reliability Corporation, the U.S. Department of Energy (DOE), and the National Institute of Standards and Technology. The congressman added that these agencies are also working on measures that will further improve the process of government agencies sharing information related to cybersecurity threats, which could also be included in the American Space Commerce Free Enterprise Act package.