Memorandum on Space Policy Directive-5 - Cybersecurity Principles for Space Systems
MEMORANDUM FOR THE VICE PRESIDENT
THE SECRETARY OF STATE
THE SECRETARY OF DEFENSE
THE ATTORNEY GENERAL
THE SECRETARY OF COMMERCE
THE SECRETARY OF TRANSPORTATION
THE SECRETARY OF HOMELAND SECURITY
THE DIRECTOR OF THE OFFICE OF MANAGEMENT AND
BUDGET
THE ASSISTANT TO THE PRESIDENT FOR NATIONAL
SECURITY AFFAIRS
THE DIRECTOR OF NATIONAL INTELLIGENCE
THE DIRECTOR OF THE CENTRAL INTELLIGENCE AGENCY
THE DIRECTOR OF THE NATIONAL SECURITY AGENCY
THE DIRECTOR OF THE NATIONAL RECONNAISSANCE
OFFICE
THE ADMINISTRATOR OF THE NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
THE DIRECTOR OF THE OFFICE OF SCIENCE AND
TECHNOLOGY POLICY
THE CHAIRMAN OF THE JOINT CHIEFS OF STAFF
THE CHAIRMAN OF THE FEDERAL COMMUNICATIONS
COMMISSION
SUBJECT: Cybersecurity Principles for Space Systems
Section 1. Background. The United States considers unfettered freedom to operate in space vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. Space systems enable key functions such as global communications; positioning, navigation, and timing; scientific observation; exploration; weather monitoring; and multiple vital national security applications. Therefore, it is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation’s critical infrastructure.
Space systems are reliant on information systems and networks from design conceptualization through launch and flight operations. Further, the transmission of command and control and mission information between space vehicles and ground networks relies on the use of radio-frequency-dependent wireless communication channels. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy satellites.
Examples of malicious cyber activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks. Consequences of such activities could include loss of mission data; decreased lifespan or capability of space systems or constellations; or the loss of positive control of space vehicles, potentially resulting in collisions that can impair systems or generate harmful orbital debris.
The National Security Strategy of December 2017 states that “[t]he United States must maintain our leadership and freedom of action in space.” As the space domain is contested, it is necessary for developers, manufacturers, owners, and operators of space systems to design, build, operate, and manage them so that they are resilient to cyber incidents and radio-frequency spectrum interference.
Space Policy Directive-3 (SPD-3) of June 18, 2018 (National Space Traffic Management Policy), states that “[s]atellite and constellation owners should participate in a pre-launch certification process” that should consider a number of factors, including encryption of satellite command and control links and data protection measures for ground site operations.
The National Cyber Strategy of September 2018 states that my Administration will enhance efforts to protect our space assets and supporting infrastructure from evolving cyber threats, and will work with industry and international partners to strengthen the cyber resilience of existing and future space systems.