“This challenge should not be underestimated, but it is not insurmountable if the case is made strongly, the imperative is clear, and a workable action plan is offered.”
CSC says a critical infrastructure designation would fast-track these efforts by giving space systems a tangible sector risk management agency (with NASA being the recommendation) to lead the charge on cybersecurity matters. The CSC also suggested Congress dole out $15 million annually in funding for the agency.
However, similar to other critical infrastructure sectors, significant private investment and public-private partnership is also needed, the report said. Sue Gordon, former principal deputy director of National Intelligence, said that because the space system threat surface now does extend across the private sector, it’s important to find a balance between cybersecurity measures that don’t slow down industry innovation efforts.
“What’s interesting about this moment is that it’s a very busy space, its benefit has been recognized, technology advantage has really been diminished… the control of it extends beyond government control and so the security of it, which is disproportionately important to free and open societies, has to be shared between the private sector and the U.S.,” said Gordon.
Challenges remain in actually securing a critical infrastructure designation for space systems, and upon interviewing more than 30 industry and government officials the CSC found that opinions also varied on how to best support critical space systems.
“This challenge should not be underestimated, but it is not insurmountable if the case is made strongly, the imperative is clear, and a workable action plan is offered,” according to the report. “No other option holds greater potential for enhancing U.S. resilience and cybersecurity and kick-starting a whole-of-nation effort to support and advance continued U.S. leadership in the space domain — and the multitude of endeavors dependent upon it.”
