US Senators Reintroduce Legislation on Commercial Satellite Cybersecurity
Two U.S. Senators have reintroduced legislation to help protect commercial satellite operators from cyber attacks — an issue that has gained in prominence after the hack on Viasat’s KA-SAT network in Ukraine.
U.S. Senators Gary Peters, D-Mich., and John Cornyn, R-Texas, reintroduced the Satellite Cybersecurity Act on Wednesday. The same lawmakers introduced similar legislation last year that advanced in the Senate but was not passed.
The legislation would require the Cybersecurity and Infrastructure Security Agency (CISA) to help protect commercial satellite operators. In particular, CISA would be required to consolidate voluntary satellite cybersecurity recommendations for companies and have a publicly available online resource for satellite-specific cyber resources. The legislation would also require the Government Accountability Office (GAO) to perform a study on how the federal government supports commercial satellite industry cybersecurity to “understand how network vulnerabilities in commercial satellites could impact critical infrastructure.”
The legislation points to the fact that critical infrastructure systems like pipelines, water, and electric utilities, are heavily reliant on commercial satellites. Space assets are not considered a critical infrastructure sector by the U.S. government, an issue that some in the commercial space industry have lobbied for.
“Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests,” said Senator Cornyn. “This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats.”
A press release from Peters and Cornyn about the legislation also alluded to a Russian hack on Viasat’s KA-SAT ground network in Ukraine at the start of Russia’s invasion, as an example that cybersecurity for commercial satellites is of increasing importance to the U.S. government.
After the cyberattack last year, U.S. intelligence officials were so concerned about the threat to other satellite operators that they organized an “unprecedented” briefing for company executives, and some execs were given temporary security clearances to attend.
“We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked,” said Senator Peters. “This bipartisan bill will ensure that commercial satellite owners and operators have the tools and resources they need to strengthen their cybersecurity defenses.”
The bill also requires the National Cyber Director and the National Space Council to develop a strategy to increase coordination across the federal government related to cybersecurity for satellite systems.
President Biden recently released a new National Cybersecurity Strategy calling for expanding regulations to more critical infrastructure sectors, but space is not a critical infrastructure sector.
The U.S. is facing a new era of threats in space including cyber threats, Space Force leader Gen. B. Chance Saltzman said recently at Space Symposium, describing more serious threats in the present environment like anti-satellite weapons, grappling satellites, cyber attacks, and increased debris in space.