Commercial Augmentation Considerations

The United States Space Force (USSF) is working to establish a program to call up commercial space companies to provide critical services in times of need. This program in work, called Commercial Augmentation Space Reserves, or CASR1, could be of great assistance as a force multiplier if conflict erupted with another world power and the US’ national assets were to some extent compromised. This approach was used recently when the US utilized commercial airlines to help evacuate from Afghanistan.

While the funding proposal for the program is in the works for 2025, the USSF must consider the readiness of these companies for wartime use. While evacuating civilians from Afghanistan, the US had made it abundantly clear to the Taliban that we would not tolerate “any attack… or disruption of operations at the airport.”2  However, I am pressed to come up with a use case for CASR without already being in a real conflict with another world power. In this said conflict, the commercial sector won’t have a free pass to operate as normal, and will instead be seen as a new arm of the military.

While supplementing on-orbit operations through CASR, I wouldn’t expect every commercial company to have a playbook on defeating another world power; however, I would expect them to have an intentional cyber infrastructure. Under CASR, the USSF and its satellites, ground stations, launch facilities, and even satellite links may be connected to these commercial assets in more ways than ever before. The USSF must ensure anyone they partner with in this effort is well protected from cyber-attacks, or an intrusion into these commercial systems could be used as a back door to enter, spoof, degrade, or destroy our nation’s critical space systems from the inside.

Space Policy Directive-5 (SPD-5), Cybersecurity Principles for Space Systems, was signed in 2020 with the intent of placing an increased focus on cybersecurity. It emphasizes the harmful effects of malicious cyber activities on US constellations and ground stations. However, as written, SPD-5 asks U.S. government agencies to “work with, but not enforce the guidelines on, commercial operators.”3 I would ask the USSF to take it a step deeper and only partner with commercial organizations who embody these cybersecurity best practices.