NASA has published its first Space Security Best Practices Guide, a 57-page document the agency said would help enhance cybersecurity for future space missions.
Concerns about the dangers hackers pose to satellite networks and other space initiatives have been growing for a number of years.
In August the FBI, the National Counterintelligence and Security Center, and the Air Force Office of Special Investigations warned that foreign intelligence entities were using a range of measures, including hacking campaigns, to infiltrate and subvert the space industry.
NASA said its new best practices guide (BPG) was not just about making its own missions more secure and reliable. It was also intended to enhance cybersecurity for its international partners and the growing space industry.
The global space economy is projected to expand from $469 billion in 2021 to more than $1 trillion by 2030, with the U.S. being the main driver of growth this decade.
The new guide leveraged security controls set out in the National Institute of Standards and Technology’s (NIST’s) Special Publication 800-53, a U.S. federal government standard designed to boost information systems security.
NASA described the BPG as “a translation guide between NIST verbiage and NASA flight project parlance”. Its principles were intended to be achievable by any type of organization – including corporates and universities, undertaking all types of space missions and projects.
“This guide represents a collective effort to establish a set of principles that will enable us to identify and mitigate risks and ensure continued success of our missions, both in Earth’s orbit and beyond,” said Misty Finical, deputy principal advisor for enterprise protection at NASA.
One of the warnings in the BPG was that threat actors could exploit a mission’s ground systems to maliciously interact with the space vehicle. It was therefore important to ensure that only authenticated and authorized personnel, devices, and software could access the space mission systems.
The guide recommended planning for onboard disruptions and cyberattacks affecting inflight systems, along with the possibility of communications jamming and spoofing attempts.
“Communications systems using a shared medium are susceptible to jamming and spoofing, resulting in loss of access (denial of service) and potential loss of data integrity and availability,” it said.
“The prevalence of impacts to communications links in the RF (radio frequency) and optical bands is increasing, as well as potential for targeted spoofing of communications links.”
Fears about the risks faced by space missions and infrastructure were exacerbated in February 2021 when threat actors believed to be aligned with Russia knocked out Ukrainian satellite operations as Moscow invaded its neighbor.
The new BPG was developed as a response to Space Policy Directive 5, a document issued under the Trump administration that outlines a series of cybersecurity principles for protecting the space sector.
NASA said it would collect feedback from the space community to integrate into future versions of the guide.
