President Trump Signs Space Policy Directive Establishing America’s First Comprehensive Cybersecurity Policy For Space Systems
From: White House
Posted: Friday, September 4, 2020
Today, President Donald J. Trump issued Space Policy Directive-5 (SPD-5), the Nation’s first comprehensive cybersecurity policy for space systems. SPD-5 establishes key cybersecurity principles to guide and serve as the foundation for America’s approach to the cyber protection of space systems.
Deputy Assistant to the President and Executive Secretary of the National Space Council Scott Pace, Ph.D., said: “From communications to weather monitoring, Americans rely on capabilities provided by space systems in everyday life. President Trump’s directive ensures the U.S. Government promotes practices to protect American space systems and capabilities from cyber vulnerabilities and malicious threats. Through establishing cybersecurity principles for space systems, Space Policy Directive-5 provides a whole-of-government framework to safeguard space assets and critical infrastructure.”
National Security Advisor Robert C. O’Brien said: “Cyber security does not stop at America’s terrestrial borders. The Administration is committed to protecting the American people from all cyber related threats to critical infrastructure, public health and safety, and our economic and national security -- including American space systems and capabilities. I thank the President for his leadership on this critical issue.”
Space systems enable key functions such as global communications; positioning, navigation and timing; scientific observation; exploration; weather monitoring; and multiple vital national defense applications. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy a satellite. It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation's critical infrastructure.
Space Policy Directive-5 fosters practices within U.S. Government and commercial space operations that protect space assets and their supporting infrastructure from cyber threats.
SPD-5 furthers the policies and objectives of theNational Security Strategy, theNational Cyber Strategy, and SPD-3 (National Space Traffic Management Policy) to ensure the Nation maintains its leadership and freedom of action in space. It provides guidance on the protection of space assets and supporting infrastructure from evolving cyber threats and mitigates the potential for the creation of harmful space debris resulting from malicious cyber activities.
SPD-5 recognizes that cybersecurity principles and practices that apply to terrestrial systems also apply to space systems; encourages integrating cybersecurity into all phases of space systems development; and stresses that effective cybersecurity practices stem from cultures of prevention, active defense, risk management, and the sharing of best practices.
SPD-5 directs U.S. Government agencies to work with commercial companies consistent with the principles in the SPD to further define best practices, establish cybersecurity informed norms, and promote improved cybersecurity behaviors throughout the Nation’s industrial base for space systems.
SPD-5 establishes the following cybersecurity principles for space systems:
Space systems and their supporting infrastructure including software, should be developed and operated using risk-based, cybersecurity-informed engineering;
Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to: protect against unauthorized access; reduce vulnerabilities of command, control and telemetry systems; protect against communications jamming and spoofing; protect ground systems from cyber threats; promote adoption of appropriate cybersecurity hygiene practices; and, manage supply chain risks;
Space system cybersecurity requirements and regulations should leverage widely-adopted best practices and norms of behavior;
Space system owners and operators should collaborate to promote the development of best practices and mitigations; and
Space systems operators should make appropriate risk trades when implementing cybersecurity requirements specific to their system.
On June 30, 2017, President Donald J. Trump issuedExecutive Order 13803, reviving the National Space Council “in order to provide a coordinated process for developing and monitoring the implementation of national space policy and strategy.” In addition to Space Policy Directive-5, Trump has signed four previous Space Policy Directives to restore American leadership in areas of civil, commercial, and military space: