OPINION — Space systems are as vital as electricity to our everyday lives, but their cybersecurity is not similarly prioritized by the federal government. President Joe Biden’s final cybersecurity executive order, issued January 16 — a directive President Donald Trump appears likely to maintain — noted that space systems play a “pivotal role… in global critical infrastructure and communications resilience,” but stopped short of designating space as a critical infrastructure in itself. In so doing, the White House missed yet another opportunity to adequately prioritize the security and resilience of these essential systems.
Space Systems Are Vital to Everyday Life
In addition to satellite communications, other critical infrastructure, including energy, water, and finance, rely on space-based systems. The global positioning system (GPS), for example, provides precise timing of industrial control systems and financial trades. When Moscow disabled the operations of the American satellite company Viasat in February 2022 as Russia launched its full-scale invasion of Ukraine, Kyiv’s military communications were degraded. Thousands of customers across Europe lost internet access, and the operations of thousands of wind turbines in Central Europe were hampered.
A World Economic Forum report from April 2024 projected that the global space economy will triple to $1.8 trillion by 2035. The report contends that this growth will be the result not just of increased reliance on space-based assets for communication and national defense, but also of consumer activities like ride-sharing apps and food delivery. “Space will play an increasingly crucial role in mitigating world challenges, ranging from disaster warning and climate monitoring, to improved humanitarian response and more widespread prosperity,” the report projects.
The intersection of technology, defense, space and intelligence is critical to future U.S. national security.Join The Cipher Brief on June 5th and 6th in Austin, Texas for the NatSecEDGE conference. Find out how to get an invitation to this invite-only event at natsecedge.com
Biden Repeatedly Failed to Designate Space Systems as Critical Infrastructure
Despite the importance of space-based assets owned and operated by private companies, President Biden’s executive order focused only on federal space systems. The order required updated federal contracting language for space systems, to include cybersecurity and an inventory of the ground-based space systems owned or operated by civilian agencies.
Alongside the executive order, the Office of the National Cyber Director issued its own report summarizing the findings from five technical workshops hosted across the country to “understand industry perspectives on space system cybersecurity best practices and identify gaps requiring White House and interagency action.” The report provides a comprehensive summary of industry perspectives but fails to provide any recommendations for White House and interagency action. In short, the report fails to identify solutions for the challenges industry participants laid out.
The executive order and report were one of at least three occasions on which the Biden administration failed to take the logical step to designate space systems as critical infrastructure. In November 2021, the Cybersecurity and Infrastructure Security Agency (CISA) had urged the White House to do so; in a statutorily required study into the federal efforts to secure critical infrastructure, CISA recommended establishing the space sector as a critical infrastructure sector.
When the White House transmitted the report to Congress a year later, the administration committed to “reviewing and revising” current critical infrastructure policy. However, the resulting national security memorandum — known as NSM-22 — made no changes to the decade-old breakdown of critical infrastructure sectors. This failure to act reflected the inability of the consensus-based interagency Federal Senior Leadership Council to make any bold, new recommendations.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
The Trump Administration Can Improve Space Cybersecurity
While the space industry as a whole is leery of a critical infrastructure designation, the cyber risk experts at the Space Information Sharing and Analysis Center (ISAC) have long argued for its necessity. At the moment, “there is no single agency in charge… [no agency] pressing for a national space system cybersecurity and resilience R&D strategy,” explained Sam Visner, chair of the industry-led Space ISAC, last April.
Industry stakeholders tend to be concerned about the designation, out of fear it will come with additional regulations. In reality, designating space as critical infrastructure could create greater regulatory coherence, with a single federal agency serving as the sector risk management agency responsible for not only sharing information with the private sector but also educating other federal agencies about the unique needs and concerns of the industry. The designation would also create an industry-led council chartered specifically to work with federal agencies on security policies that affect space systems.
The first few days and weeks of a new administration are filled with efforts to launch policy reviews of the previous administration. Reassessing the Biden administration’s failure to prioritize space system cybersecurity and designate these systems as critical infrastructure should be at the top of the list.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief