NSC Makes Cyber Security For Space Industry ‘Top Priority’ « Breaking Defense
WASHINGTON: The Trump Administration is helping the space industry create a new public-private partnership to share information regarding cyber threats among US government, private sector operators and international partners, say officials involved.
This includes help from the National Security Council, Air Force Space Command, the Missile Defense Agency, and NASA to share analysis of, warnings of, and potential responses to cybersecurity threats to satellites and ground stations.
In particular, the National Security Council-led Space Cybersecurity Interagency Working Group has made supporting the new Space Information and Analysis Sharing Center (Space-ISAC) a “top priority” as it fleshes out its membership and operational plans, Jaisha Wray, NSC director for international cyber policy, said here today.
The hope, she said, is that the Space-ISAC can serve as a safe environment for satellite operators to share information about cyber intrusions they might not want made public, as well as the ways they have worked to mitigate any damage and patch security holes.
Concern about cybersecurity in space has been growing, both within the space industry and DoD. Satellites can be hacked, spoofed or even fed erroneous information that would cause them to move in a way that could denigrate functionality, according to experts. That concern is growing as DoD and industry move more and more data to the cloud.
Supporting the Space-ISAC is one of the NSC Cyber Security Directorate’s key initiatives to implement the September 2018 National Cyber Security Strategy, she told an audience at the Secure World Foundation today.
The creation of the Space-ISAC was announced at the 2019 Space Symposium in April. It is headquartered in Colorado Springs at the National Cybersecurity Center. ISACs are public-private, sector-specific partnerships first created back in the 1990s for industry and government to work together to mitigate threats to critical infrastructure.
Erin Miller, Space-ISAC vice president of operations, told Breaking D today that the group would have its first board meeting on Nov. 7 to establish a budget, committees, and other aspects of how it will function on a day-to-day basis. It also has begun having public workshops for the space community to provide information about perceived threats to space infrastructure, and what that they would like to see the group address. Those meetings will run through 2020, she said.
The group includes six founding companies, she said, including Kratos Defense and Security Solutions, Booz Allen Hamilton, and Mitre Corporation. The goal is to have 14 founding members to serve as the Space-ISAC Board of Directors, including two universities and one university-affiliated research center, Miller said.
The first international member, Luxembourg-bases SES S.A., just joined. According to a joint Space-ISAC, SES press release today, “SES will bring its cyber security perspective and experience as a leading satellite-based communications service provider and will spearhead the promotion of Space-ISAC in Europe.”
The status of the new Space-ISAC is a bit unusual, in that ISACs are created as public-private partnerships to help protect specific “critical infrastructure” sectors as defined by the US government. However, space is not yet officially deemed part of the nation’s “critical infrastructure” by the Department of Homeland Defense, despite the fact that it is being supported by Air Force Space Command, the Missile Defense Agency, NASA and the NSC.
Miller said current founding members are openly lobbying for space to be designated as critical infrastructure, as first reported by colleague Shaun Waterman. She said that the group is hopeful, in that “things are trending in that direction.”
Space-ISAC is self-funded, with founding members paying $75,000 annually to sit on the governing board. There will be a sliding fee based on membership privileges, with the lowest being $10,000.
One expert said the large fee structure might make it difficult for the smallest, and arguably most vulnerable, satellite operators to benefit from participation. “That is a lot of money,” he said, even for larger firms to shell out.