Lawmakers Propose Expanding Cybersecurity Support for Commercial Satellite Companies

Bipartisan Senate legislation would require the Cybersecurity and Infrastructure Security Agency and Government Accountability Office to provide commercial satellite owners and operators with new information and resources to protect their complex systems from digital attacks.

Sens. Gary Peters, D-Mich., and John Cornyn, R-Texas, introduced the Satellite Cybersecurity Act late last week with the intent to support all organizations—and particularly those that frequently don’t have access to all the assets needed to properly defend their networks. 

It was referred to the Homeland Security and Governmental Affairs Committee, which Peters chairs.

“Hackers have already successfully attacked government satellites and it’s only a matter of time before they begin to more aggressively target commercial satellites. Vulnerabilities in these systems present an opportunity for foreign adversaries and cybercriminals to significantly disrupt American lives and livelihoods,” Peters said on Wednesday. “It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late.”

Crucial data and information needed for navigation, technology development, forecast prediction and more are captured by commercial satellites, and these capabilities are also at the heart of the nation’s important industrial control systems involved in operating its infrastructure.

This legislation’s introduction comes as the U.S. grapples with a number of recent cybersecurity incidents impacting its networks. In their announcement, Peters and Cornyn mention that experts have demonstrated growing concerns that commercial satellite hacks could lead to severe consequences in the near future.

“In 2014, American officials accused China of hacking a National Oceanic and Atmospheric Administration weather satellite,” they wrote. “As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service or jam signals to disrupt electric grids, water networks, transportation systems and other critical infrastructure.”

The lawmakers’ 8-page bill, shared with Nextgov on Wednesday, incorporates multiple provisions to help secure industry-run satellites from cyber attacks.

Specifically, it would require CISA to produce voluntary cybersecurity recommendations “designed to assist in the development, maintenance and operation of commercial satellite systems.” Those suggestions would need to include materials addressing risk-based, cybersecurity-informed engineering, protection against unauthorized access to systems and communications jamming and spoofing, supply chain management and more.

CISA would also be tasked with creating and maintaining a publicly available “commercial satellite system cybersecurity clearinghouse” to house all recommendations and resources for interested entities to access in one place.

The legislation additionally directs the U.S. comptroller general, who leads GAO, to develop a report that details how the government assists commercial satellite makers and relies on their systems, the supporting materials crafted in this pursuit and the effectiveness of work to improve these satellites' cybersecurity, among other topics.

"Commercial satellites are an integral part of our infrastructure network and must be protected from cyberattacks by bad actors that would compromise our national security," Cornyn said.