In April 2022, a bipartisan group of congressmen introduced the Satellite Cybersecurity Act. Senators Gary Peters (D-MI) and John Cornyn (R-TX) authored the bill, and Congressman Andrew R. Garbarino (R-NY) joined Congressman Tom Malinowski (D-NJ) to introduce it to the US House of Representatives.
“We depend on satellites for everything from driving to work to defending our country, but our space systems are vulnerable to cyberattacks, and the commercial satellite industry is looking to help protect Americans from this threat,” Rep. Malinowski said in a statement. “Our bill directs the U.S. government’s primary cyber defense agency to provide that assistance.”
The Satellite Cybersecurity Act requires resources and studies
Congressmen created the Satellite Cybersecurity Act in response to recent threats and current processes and measures. Here are the two main components:
Consolidation of resources and best practices. Because different companies own satellites, they have different processes and best practices. The law requires the Cybersecurity and Infrastructure Security Agency (CISA) to create a commercial system cybersecurity clearinghouse within 180 days of the law’s effective date. By creating a public hub and uniform best practices that companies can follow if they choose, the bill aims to create more consistent protocols for all satellites. The resources will also include recommendations for the security of the network used to manage and operate the satellite. In addition, some of the resources will be aimed at small businesses that have different resources and processes than enterprises.
Directs CISA to conduct a study on federal government support for the commercial cybersecurity satellite industry. Within two years of the bill becoming law, CISA must study how the federal government supports commercial satellite systems. The study must also include how the government has addressed the cyber security of critical infrastructure.
“Commercial satellites are an integral part of our infrastructure network and must be protected from cyberattacks by bad actors that would threaten our national security,” Senator Cornyn said in a statement.
Risks from satellite cyber attacks
A satellite attack in February demonstrates the risks and impact of this type of attack. Cybercriminals have placed data-wiping malware called Acid Rain on the KA-SAT satellite. This type of malware erases data from routers and modems, leaving them inoperable. Targeting a satellite that provided broadband services to SATCOM modems, the attack affected thousands of modems in Ukraine and tens of thousands in Europe. As the attack rendered the modems inoperable, the damage spread to over 5,800 wind turbines in Germany.
“It is clear that the government must provide more cyber security support to small businesses and other companies that own and operate commercial satellites before it is too late. This bipartisan legislation will help ensure that these organizations – which are often under-resourced – are able to protect their own networks,” Senator Peters said in a statement.
Cybersecurity Writer
Jennifer Goforth Gregory is a freelance B2B technology content marketing author specializing in cybersecurity. Other areas of focus include B2B, finance, tech…
Comments are closed.