How the Spacecraft Cybersecurity Act can protect NASA from cyberattacks

Nasa’s missions are some of the most technologically advanced and critically important endeavours. From the Mars Rover explorations to the Artemis missions to the Moon, the space agency’s projects push the boundaries of science and technology. However, these missions are also prime targets for cyber-attacks.

In a bold move to counter the escalating threat of these attacks, US congressmen Maxwell Alejandro Frost and Don Beyer have proposed the Spacecraft Cybersecurity Act. If passed, the legislation would mandate the US space agency Nasa to overhaul the way it procures and builds its spacecraft.

It would have to incorporate rigorous cybersecurity measures from the very start of the design and development process in an effort to protect them against attack.

Securing these sensitive missions against potentially catastrophic failures, becomes even more urgent amid rising geopolitical tensions.

A recent Government Accountability Office (GAO) report exposed alarming vulnerabilities in Nasa’s current cybersecurity practices. The report highlighted that while the space agency has cybersecurity requirements for spacecraft once they are operational, it lacks mandatory guidelines for embedding such protections in the design of spacecraft during acquisition and development.

A successful breach could have devastating consequences, including mission failure, data theft and national security risks. For example, a compromised communication system could render a spacecraft uncontrollable, ending its mission prematurely. Nasa missions also generate vast amounts of valuable scientific data.

The theft of this sensitive information would potentially give adversaries access to advanced research and technology. The stakes are high: the loss of control over a spacecraft could lead to collisions or other catastrophic failures, jeopardising not just the mission but other assets in space. Attacks could even affect spacecraft carrying humans, such as Nasa’s Orion capsule that’s designed to take astronauts to the Moon.

Globally, the importance of cybersecurity in space operations is increasingly being recognised. The European Union has launched cybersecurity initiatives such as the EU Space Program and the IRIS² project that boosts satellite-based connectivity.

France’s Law on Space Operations and the UK’s Space Industry Act 2018 both include cybersecurity provisions. The much-awaited EU Space Law is also widely expected to incorporate protections against cyber-attacks. These efforts underscore the necessity of international cooperation and standardisation in addressing cyber-attacks in space.

If the US Spacecraft Cybersecurity Act does pass – and timings aren’t confirmed as it was only introduced to the House of Representatives on July 9 this year – its unique focus on spacecraft will allow for the development of precise, effective cybersecurity measures tailored to specific projects. The proposed act requires Nasa to update its acquisition policies within 270 days, ensuring timely and effective integration of these essential protections from the initial stages of spacecraft development.

However, Nasa has also faced criticism for its delayed response to cybersecurity threats. Despite being aware of these issues since 2019, the agency cited a lack of time for not implementing necessary changes.

One significant challenge is the burden on smaller operators and contractors. The legislation must provide support and guidance to help these companies comply with cybersecurity requirements without stifling innovation. This support could include financial incentives, technical assistance, and a phased implementation approach to allow smaller companies time to adapt to new standards.

Continuous monitoring of spacecraft systems and periodic updates to address emerging threats may all be vital components of the act. The dynamic nature of the threats will require a proactive approach to cybersecurity. If the US act is passed, Nasa is likely to be tasked with implementing regular reviews and updates of its cybersecurity policies and protocols.

The US Spacecraft Cybersecurity Act represents a pivotal step in securing space missions against cyberthreats. While the cybersecurity frameworks in France and the UK are still in their early stages and untested, they underscore the increasing recognition of a need for robust cybersecurity measures for space operations.

Swift implementation and uniform standards may protect Nasa’s missions and set a global benchmark for spacecraft cybersecurity, enhancing the security of space exploration for all.