The bipartisan proposal directs CISA to provide commercial satellite owners and operators with more resources and recommendations to improve their cyber protections.
A bipartisan pair of senators reintroduced legislation on Wednesday that would require the Cybersecurity and Infrastructure Security Agency to provide commercial satellite owners and operators with streamlined information and resources to help them better defend against cyberattacks to their systems.
The bill, from Sens. Gary Peters, D-Mich.—the chair of the Senate Homeland Security and Governmental Affairs Committee—and John Cornyn, R-Texas, seeks to bolster the digital security of commercial satellites by providing more robust strategies and recommendations for safeguarding critical operations from outside threats.
In a press release, the senators said the bill, known as the Satellite Cybersecurity Act, would require CISA “to consolidate voluntary satellite cybersecurity recommendations—including guidance specifically for small businesses—to help companies understand how to best secure their systems.” The agency would also be required to develop “a publicly available, online resource” that provides commercial satellite owners and operators with streamlined access to “satellite-specific cybersecurity resources and recommendations to secure their networks.”
“We’ve already seen the impacts of attacks on satellite systems by our adversaries abroad, and the potential effects on our lives and livelihoods could be catastrophic if American systems were similarly attacked,” Peters said in a statement. “This bipartisan bill will ensure that commercial satellite owners and operators have the tools and resources they need to strengthen their cybersecurity defenses.”
U.S. officials have warned in recent years of the growing cyber threat that hostile nation states pose to the operations of key commercial and government satellites. Prior to Moscow’s full-scale invasion of Ukraine in February 2022, Russian hackers were reportedly responsible for a cyberattack that disabled a satellite broadband service used by the Ukrainian military as part of an effort to disrupt their communications networks.
The Chinese government is also reportedly developing cyber capabilities that would enable it to “deny, exploit or hijack” the satellites of adversarial nations, according to a CIA-marked document that was among the trove of classified materials allegedly posted online by 21-year-old Massachusetts Air National Guardsman Jack Teixeira.
To help promote a whole-of-government approach to enhancing the cyber protections of commercial satellites, the bill would direct the National Cyber Director and the National Space Council to develop a strategy for increasing governmentwide coordination to address cyber threats to commercial satellite systems. And the legislation would also require the Government Accountability Office to “perform a study on how the federal government supports commercial satellite industry cybersecurity,” a step that the bill’s backers said would “ensure a better understanding of how network vulnerabilities in commercial satellites could impact critical infrastructure.”
The senators noted in their announcement that electric grids, water networks and other critical infrastructure services rely on commercial satellites to operate. Cornyn said in a statement that “nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests.”
Given the importance of uninterrupted satellite operations for an array of key societal services, some industry officials and experts have called for the federal government to label space assets and other orbital systems as critical infrastructure.
In a report released last month, CSC 2.0—the successor organization to the congressionally-mandated Cyberspace Solarium Commission—said that “designating space systems as a U.S. critical infrastructure sector would close current gaps and signal both at home and abroad that space security and resilience is a top priority.”
Cornyn and Peters previously introduced the Satellite Cybersecurity Act in January 2022. Although the Senate Homeland Security and Governmental Affairs Committee, under the leadership of Peters, advanced the legislation last June, it did not receive a vote in the full Senate before the conclusion of the 117th Congress.