Introduced by U.S. Sens. Gary Peters (D-MI) and John Cornyn (R-TX) this week, the Satellite Cybersecurity Act proposes new requirements for the Cybersecurity and Infrastructure Agency (CISA) to help commercial satellite owners and operators protect their networks.
“Hackers have already successfully attacked government satellites, and it’s only a matter of time before they begin to more aggressively target commercial satellites,” Peters, Senate chair of the Homeland Security and Governmental Affairs Committee, said.
As such, the Satellite Cybersecurity Act would require CISA to create voluntary satellite cybersecurity recommendations for companies to follow and better secure their systems. It would also develop a publicly accessible, online resource filled with satellite-specific cybersecurity resources and security recommendations. As a follow-up, the Government Accountability Office (GAO) would study how the federal government supports cybersecurity for the commercial satellite industry and identifies network vulnerabilities in commercial satellites.
“Vulnerabilities in these systems present an opportunity for foreign adversaries and cybercriminals to significantly disrupt American lives and livelihoods,” Peters said. “It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late. This bipartisan bill will help ensure these organizations – who often do not have enough resources – are able to protect their own networks.”
Such satellites guarantee access to data used for various services, including navigation, agriculture, research, and, of particular concern to the senators, Industrial Control Systems. The latter refers to the technology used to operate critical infrastructure networks, such as pipelines or utilities. Their compromise could therefore lead to destabilization of a wide swath of the economy.
For example, the experts have warned that the increasingly pervasive nature of commercial satellites means that their disruption could lead to service failures for electric grids, water networks, transportation systems, and more.
“Commercial satellites are an integral part of our infrastructure network and must be protected from cyberattacks by bad actors that would compromise our national security,” Cornyn said. “This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats.”