Today, the Trump administration released its fifth Space Policy Directive, this one designed to come up with a list of best practices for the space industry on how to protect their spacecraft from cyber threats. The goal is to encourage the government and space industry to create their space vehicles with cybersecurity plans in place, incorporating tools like encryption software and other protections when designing, building, and operating their vehicles.
Senior administration officials, speaking on background, claimed that focusing on cybersecurity in space is key right now, as there are growing threats to space hardware from foreign adversaries. “These threats are diverse and complex, and robust public-private cooperation to enhance the security and resilience of an infrastructure is key to our efforts,” one official said.
When asked what specific types of threats were of concern, the officials wouldn’t talk specifics. “Suffice to say that they do occur, and they occur with concerning regularity, such that this... set of cybersecurity principles was important,” an official said on background. The officials pointed to a recent report from the Defense Department detailing military and security developments within China over the last year. The report outlined China’s growing space program, as well as the country’s efforts to develop weapons like satellite jammers and “offensive cyber capabilities.”
“Suffice to say that they do occur, and they occur with concerning regularity.”
To combat these threats, Space Policy Directive 5 lays out guidelines that companies should try to adhere to as they launch satellites and other vehicles to space. The administration is recommending operators use various types of software to ensure that the data they receive from their spacecraft is encrypted. The directive also encourages companies to use trusted supply chains and oversee the safety of their ground systems — the facilities they use to send signals and retrieve data from their spacecraft. The report also recommends protecting against jamming and spoofing of satellites. “Sometimes the jamming can be fairly crude; other cases, some of the spoofing can be fairly sophisticated if somebody’s trying to get on board,” one official said. “So there’s a whole range of things that you need to look at kind of end-to-end.”
Ultimately, the directive says that government agencies should work with commercial companies to further refine what these best cybersecurity practices should be, especially since many in the space industry already implement these strategies when building and launching vehicles. “I think it’s important to stress that we’re not trying to impose new government-driven top down requirements and standards but are in fact trying to work with and leverage the private sector,” an official said.
SPD-5 is the latest policy directive from the Trump administration designed to shape the US space agenda. Trump’s first directive instructed NASA to send humans back to the Moon, while other directives have focused on coming up with a way to oversee space traffic and streamlining regulations for space licenses.