Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Regulation, Standards and Compliance
Risk & Compliance
Technology & Solutions
Threat Landscape
Verticals
Vulnerabilities

Bill introduced calls upon CISA to develop standards, recommendations to safeguard commercial satellite industry

May 02, 2022
Bill introduced calls upon CISA to develop standards, recommendations to safeguard commercial satellite industry

Lawmakers from the U.S. House of Representatives introduced legislation protecting space systems, especially those that support critical infrastructure, from cyberattacks that threaten American national security and economic prosperity. The need for satellite cybersecurity has gained importance with the emergence of commercial satellites that provide data and information used for navigation, agriculture, technology development, and scientific research. 

The bipartisan legislation titled ‘Satellite Cybersecurity Act’ requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop standards and recommendations that the commercial satellite industry can use to protect its networks. The bill also requires the Government Accountability Office (GAO) to evaluate the effectiveness of government efforts to strengthen cybersecurity for the commercial satellites and to identify vulnerabilities that might place the critical infrastructure at risk.

The bill has been introduced by Representatives Tom Malinowski, a Democrat from New Jersey, and Andrew Garbarino, a Republican from New York. In March, the Senate Homeland Security and Governmental Affairs Committee cleared the Satellite Cybersecurity bill that works towards protecting commercial satellites from cybersecurity threats. In January, the Senate bill was introduced by Senator Gary Peters, a Democrat from Michigan and chairman of the Homeland Security and Governmental Affairs Committee. It called upon the Comptroller General of the U.S. to conduct a study on the actions the federal government has taken to support the cybersecurity of commercial satellite systems. 

These commercial satellites provide the service and data used for agriculture operations, financial transactions, energy production, environmental monitoring, internet connectivity, navigation, trade logistics, scientific research, television and telephone service, and weather forecasting. Industrial Control Systems – machines that enable critical infrastructures like water plants, electric grids, and transportation networks to function properly – are also deeply dependent on commercial satellite information. Representatives Malinowski and Garbarino’s legislation helps protect these essential systems from cyberattacks.

“We depend on satellites for everything from driving to work to defending our country, yet our space systems are vulnerable to cyberattack, and the commercial satellite industry has been asking for help to protect Americans against this threat.” Representative Malinowski said in a media statement. “Our bill directs the U.S. government’s primary cyber-defense agency to provide that help.”

Every day, foreign adversaries and international cybercriminals attempt thousands of cyberattacks against critical infrastructure in the U.S. and around the world, the statement identified. “On the first day Russia began its war of aggression in Ukraine, the Russian military conducted a successful cyberattack against a commercial satellite company, disrupting communication and internet services for the Ukrainian government, military, and tens of thousands of citizens. The hack also temporarily shut down thousands of wind turbines across Europe – systems reliant on internet modems serviced by the same private sector satellite company,” it added. 

“Last month, reports indicated Russia was likely responsible for a cyberattack on a U.S. satellite communications provider that disrupted Ukraine’s military communications during a pivotal time in the war. As is the case with most U.S. critical infrastructure, the majority of satellites in orbit are operated by the private sector,” according to Representative Garbarino. “The Satellite Cybersecurity Act will enable CISA to fulfill its duty as the Sector Risk Management Agency for the Communications Sector and work with private sector owners and operators to mitigate threats to U.S., Ukraine, and other international satellite communication networks.”

“SIA strongly supports these bills and applauds their bipartisan House and Senate sponsors.  This legislation will help protect satellite systems against cyber-related vulnerabilities, risks and attacks,” Tom Stroup, president of the Satellite Industry Association, said. SIA is a U.S.-based trade association providing representation of the leading satellite operators, service providers, manufacturers, launch services providers, and ground equipment suppliers. For more than two decades, SIA has advocated on behalf of the U.S. satellite industry on policy, regulatory, and legislative issues affecting the satellite business.

“Given the reliance of our economy and national security on secure satellite services, evolving potential attacks by criminals, terrorists, and nation-states must perpetually be under consideration,” according to Stroup. “SIA applauds the proposed bipartisan legislation and we encourage lawmakers to swiftly pass the Satellite Cybersecurity Act,” he added.

The legislation also proposes the setting up of a CISA commercial satellite system cybersecurity clearinghouse. “Not later than 180 days after the date of the enactment of the act, the director shall establish a commercial satellite system cybersecurity clearinghouse,” the bill said.  

The clearinghouse shall be publicly available online and contain current, relevant, and publicly available commercial satellite system cybersecurity resources, including recommendations and appropriate materials for reference by entities that develop commercial satellite systems. Additionally, it shall include materials to assist small business concerns with the secure development, operation, and maintenance of commercial satellite systems.

Last month, the National Institute of Standards and Technology (NIST) released a draft document that applies the NIST Cybersecurity Framework to the ground segment of space operations, emphasizing assuring satellite command and control. In March, the CISA and the Federal Bureau of Investigation have called for strengthening the cybersecurity of national and international satellite communication (SATCOM) networks, following concerns of possible threats to these networks. The agencies reveal that successful intrusions could risk SATCOM network providers’ customer environments.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns