US Issues Space Policy Directive-5, The First Cybersecurity Policy for Space Systems

The United States of America has once again proved its long-held space dominance by establishing a cybersecurity policy for its space systems.

US President Donald Trump, on September 4, signed the fifth Space Policy Directive (SPD-5), establishing the nation’s first comprehensive cybersecurity policy for space systems and operations.

The new Directive outlines key cybersecurity principles and practices to guide and serve as the foundation for the country’s approach to the cybersecurity of space systems.

It aims to protect space assets and supporting systems from evolving cyber risks and mitigate the potential for creating harmful space debris resulting from malicious cyberattacks.

“From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life. President Trump’s Directive ensures the US government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats,” said Scott Pace, Executive secretary of the National Space Council.

“Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure,” he added.

SPD-5 directs US government agencies to work with commercial space companies and other private space operators to establish and promote cybersecurity hygiene practices throughout the country’s industrial base for space systems.

The Directive encourages integrating cybersecurity into all phases of space systems’ development to ensure full lifecycle cyber protection for space systems.

Space Policy Directive (SPD-5)

SPD-5 Cybersecurity Principles and Objectives for Space Systems:

  • Risk-based, cybersecurity-informed engineering for developing and operating space systems and related infrastructure
  • Space operators should develop cybersecurity strategies for their space vehicles that include capabilities to retain or recover positive control of space systems
  • Cybersecurity plans to protect space systems against unauthorized access to critical space vehicle functions
  • Effective and validated authentication or encryption measures to secure command, control, and telemetry links
  • Cybersecurity measures to reduce the vulnerabilities of command, control, and telemetry receiver systems
  • Cyber protection against communications jamming and spoofing
  • Cybersecurity best practices for the protection of ground systems, operational technology, and information processing systems
  • Intrusion detection technologies for space system elements including antennas, receivers, information systems, terminals, routers, local and wide area networks, and power supplies
  • Tracking manufactured products for the management of supply chain risks
  • Space system owners and operators should share information regarding cyber threat, warning, and incident, through venues such as Information Sharing and Analysis Centers
  • Adopting cybersecurity practices such as regular patching, restrictions on the utilization of portable media, using antivirus software, and promoting staff awareness and training

“Space systems should be developed to continuously monitor, anticipate, and adapt to mitigate evolving malicious cyber activities that could manipulate, deny, degrade, disrupt, destroy, surveil, or eavesdrop on space system operations,” reads SPD-5 Memorandum.

SPD-5 further strengthens the policies and objectives of the National Security Strategy 2017, National Security Strategy 2018, and National Space Traffic Management Policy.

A Glance at Five Space Policy Directives (SPD) in the US:

  • Space Policy Directive-1: Reinvigorating human space exploration program (2017)
  • Space Policy Directive-2: Streamlining regulations on commercial space activities (2018)
  • Space Policy Directive-3: Space traffic management policy (2018)
  • Space Policy Directive-4: Establishment of US Space Force (2019)
  • Space Policy Directive-5: Cybersecurity principles for space systems (2020)

More Cybersecurity Articles: