Senate committee advances legislation offering federal cybersecurity resources for commercial satellites

The Satellite Cybersecurity Act, authored by U.S. Sens. Gary Peters (D-MI) and John Cornyn (R-TX), advanced out of the Senate Homeland Security and Governmental Affairs Committee last week, raising the possibility of federal resources for cybersecurity on private commercial satellites.

Peters is chair of the committee, which voted the bill through following reports of a Russian government-sponsored cyberattack on an American-based satellite company providing broadband services to Europe. It was believed to be an attempt to interrupt Ukrainian military communications near the start of the Russian invasion of Ukraine in February.

However, Industrial Control Systems often make use of commercial satellites, making them access points to attack pipelines, water and electric utilities, and more.

“Foreign adversaries, including the Russian government, and cybercriminals continue to target satellites that provide essential services,” Peters said. “If they are able to successfully breach these networks, the consequences for the American people could be catastrophic. This bipartisan bill will help ensure small businesses and other organizations that own and operate commercial satellites have the necessary resources and information to secure their own networks.”

In 2014, American officials accused the Chinese government of hacking a National Oceanic and Atmospheric Administration weather satellite. Since then, the growth of commercial satellites has only increased the points of vulnerability for global systems, opening up data and information on navigation, agriculture, technology development, scientific research, and more.

“Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests,” Cornyn said.

Under the bill, CISA would have to consolidate voluntary satellite cybersecurity recommendations to help companies better understand how to secure their systems. The agency would also need to create a public, online resource to grant companies easy access to cybersecurity resources and recommendations, while the Government Accountability Office would have to study how the federal government supports the larger commercial satellite industry’s cybersecurity.

This, the authors hope, would allow greater insight into how the network vulnerabilities of commercial satellites could affect critical infrastructure.