Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Technology & Solutions
Threat Landscape
Vulnerabilities

Senate Committee reintroduces bipartisan bill to protect commercial satellites from cybersecurity threats

May 05, 2023
Senate Committee reintroduces bipartisan bill to protect commercial satellites from cybersecurity threats

Members of the U.S. Senate Committee on Homeland Security & Governmental Affairs reintroduced bipartisan legislation that would require the Cybersecurity and Infrastructure Security Agency (CISA) to help protect commercial satellite owners and operators from disruptive cyber-attacks. 

The Satellite Cybersecurity Act will require CISA to consolidate voluntary satellite cybersecurity recommendations – including guidance specifically for small businesses – to help companies understand how to best secure their systems. Additionally, the bill requires CISA to develop a publicly available, online resource to ensure companies can access satellite-specific cybersecurity resources and recommendations to secure their networks. 

The legislation will also require the Government Accountability Office (GAO) to perform a study on how the federal government supports commercial satellite industry cybersecurity. It will ensure a better understanding of how network vulnerabilities in commercial satellites could impact critical infrastructure. Finally, the bill also requires the National Cyber Director and the National Space Council to develop a strategy to increase coordination across the federal government to address cybersecurity threats to these systems.

Critical infrastructure systems involved in operating networks that control pipelines, water, and electric utilities are also heavily reliant on commercial satellites. Furthermore, commercial satellites provide data and information used for navigation, agriculture, technology development, and scientific research.

Senator Gary Peters, a Democrat from Michigan and chairman of the Homeland Security and Governmental Affairs Committee outlined that his legislation would help ensure these systems are secure from cyber-attacks that could significantly impact services that are essential to our national and economic security. Peters introduced similar legislation last Congress that advanced in the Senate.

“We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked,” Senator Peters said in a media statement. “This bipartisan bill will ensure that commercial satellite owners and operators have the tools and resources they need to strengthen their cybersecurity defenses.”

“Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests,” Senator John Cornyn, a Republican from Texas, said. “This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats.”

Experts have shown increasing concern that commercial satellite hacks could have dire economic and security consequences. The Department of Defense has also raised concerns about this threat and recently sponsored a competition for white hat hackers to attempt breaching an active satellite. 

Last year, it was reported that the Russian government was behind a cyber-attack on an American-based satellite company, which provides broadband services to Europe, in order to disrupt Ukrainian military communications at the start of the invasion. As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service, or jam signals to disrupt electric grids, water networks, transportation systems, and other critical infrastructure. Peters’ legislation will ensure the United States is prepared to address these threats as malicious hackers increasingly target commercial satellite systems.

In January, the National Institute of Standards and Technology (NIST) published a cybersecurity framework covering the ground segment of space operations with an emphasis on the command and control of satellite buses and payloads. The initiative will assist operators of the commercial ground segment of the space sector in delivering cybersecurity for their systems and providing a means for stakeholders to assess their cybersecurity posture.

The U.S. Cyberspace Solarium Commission (CSC) 2.0 assessed last month that America’s adversaries recognize the importance of space systems to U.S. national security and economic prosperity and have tested capabilities to destroy them. The threat from Russia and China is growing, with both those authoritarian powers having placed American and partner space systems in their crosshairs, as demonstrated by their testing of anti-satellite (ASAT) capabilities. The U.S. needs a more concerted and coherent approach to risk management and public-private collaboration regarding space systems infrastructure.

Last week, the Aerospace Corporation released v1.3 of its Space Attack Research and Tactic Analysis (SPARTA) framework, providing a general information page, SPARTA navigator, and SPARTA Matrix Updates. The latest version also delivers 14 new countermeasures (CMs) and includes SPARTA Countermeasure Mapper. The SPARTA matrix is the first publicly available cybersecurity threat identification and response matrix dedicated to helping spacecraft developers, owners, and operators outpace space-cyber threats.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base