Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance

US Senate advances bipartisan legislation to protect commercial satellites from cybersecurity threats

May 19, 2023
US Senate advances bipartisan legislation to protect commercial satellites from cybersecurity threats

A bipartisan legislative bill that would require the Cybersecurity and Infrastructure Security Agency (CISA) to help protect owners and operators of commercial satellites against disruptive cyberattacks has advanced in the U.S. Senate. The bill was advanced by the Senate Homeland Security and Governmental Affairs Committee and now moves to the full Senate for consideration.

Authored by U.S. Senators Gary Peters, a Democrat from Michigan and chairman of the Homeland Security and Governmental Affairs Committee, and John Cornyn, a Republican from Texas, the ‘Satellite Cybersecurity Act’ will require CISA to consolidate voluntary satellite cybersecurity recommendations – including guidance specifically for small businesses – to help companies understand how to best secure their systems. Additionally, the bill requires CISA to develop a publicly available, online resource to ensure companies can access satellite-specific cybersecurity resources and recommendations to secure their networks. 

The legislation will also require the Government Accountability Office (GAO) to study how the federal government supports commercial satellite industry cybersecurity. It will ensure a better understanding of how network vulnerabilities in commercial satellites could impact critical infrastructure. Finally, the bill also requires the National Cyber Director and the National Space Council to develop a strategy to increase coordination across the federal government to address cybersecurity threats to these systems.

Commercial satellites play a crucial role in the operation of networks that regulate pipelines, water systems, and electric utilities. The senators’ legislation would assist in protecting these systems from cyberattacks that could have a serious negative impact on services that are crucial to the nation’s economic and national security. Furthermore, the legal measure will help guarantee that the U.S. is ready to deal with these threats as malicious hackers target commercial satellite systems more frequently.

“Cybercriminals will stop at nothing to disrupt American lives and livelihoods, and an attack on commercial satellites could have devastating implications. That’s why we must ensure companies that operate commercial satellites have the proper resources to prevent disruptive cyber-attacks,” Senator Peters said in a Wednesday media statement. “My bipartisan bill will help ensure that commercial satellite owners and operators have the necessary tools and resources to protect their networks.”

“Satellite networks play an important role in our national security, and it’s imperative they’re protected from cyber threats and bad actors,” according to Senator Cornyn. “This bill would equip satellite owners and operators with the tools to secure their systems against disruption, and I urge the Senate to pass it soon.”

Experts have shown increasing concern that commercial satellite hacks could have dire economic and security consequences. The Department of Defense has also raised concerns about this threat and recently sponsored a competition for white hat hackers to attempt breaching an active satellite. 

Last year, it was reported that the Russian government was behind a cyber-attack on an American-based satellite company, which provides broadband services to Europe, to disrupt Ukrainian military communications at the start of the invasion. As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service or jam signals to disrupt electric grids, water networks, transportation systems, and other critical infrastructure

​​The U.S. Cyberspace Solarium Commission (CSC) 2.0 assessed last month that America’s adversaries recognize the importance of space systems to U.S. national security and economic prosperity and have tested capabilities to destroy them.

The threat from Russia and China is growing, with both those authoritarian powers having placed American and partner space systems in their crosshairs, as demonstrated by their testing of anti-satellite (ASAT) capabilities. The U.S. needs a more concerted and coherent approach to risk management and public-private collaboration regarding space systems infrastructure, as the current approach to safeguarding space and working with private industry to secure critical systems is insufficient.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation