CSC Report on Critical Infrastructure

The Cyberspace Solarium Commission (CSC) released a report in April 2023 regarding the vulnerability of the United States through an attack on space assets enabled by a lack of protection, specifying that space is not currently listed as a critical infrastructure. The Cybersecurity & Infrastructure Security Agency (CISA) defines critical infrastructure as “sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

Sixteen critical infrastructures already exist, and two of them are already related to space in some regard: Communications Sector protects satellite wireless transmission systems and Information Technology Sector protects IT systems and the internet, both of which have a space component. Though cybersecurity is implied in both of these critical infrastructures, it does not cover all aspects of cybersecurity for space. Echoing recent directives such as Executive Order 14028, the nation’s values must become organized and focused by “harmonizing regulations to reduce the burden of compliance” and creating a national strategy for maintaining and augmenting on-orbit systems. Creating a critical infrastructure dedicated to space will ensure a coherent approach to enabling cybersecurity and protecting space systems, including ground, link, and space segments, and will aid in assuring access to remaining space essentials, such as GPS.