Opportunities and Risks in NGA’s Commercial NEI Program

An article recently published by SpaceNews highlights a Request For Information (RFI) submitted by the National Geospatial-Intelligence Agency (NGA) in June of 2024, seeking input on commercial non-Earth imaging (NEI) systems. NEI is a capability that allows satellites orbiting in space to image other objects in space—whether those objects are debris or other spacecraft. NEI can assist in identifying satellite anomalies by providing a structural view of the object, enhance space situational awareness, and facilitate the functional identification of objects in space. Historically, NEI has primarily been restricted to U.S. Government-owned and operated systems due to their ability to identify and collect data on sensitive satellites. However, recent lifting of licensing restrictions related to NOAA Tier 3 satellites has opened the NEI space to commercial companies wishing to participate in NEI collections. With the increasing number of objects and adversarial satellites being placed in orbit, the NGA is looking to complement its data sources with commercial, unclassified data from some of these companies. 

This RFI specifies requirements for image resolution, quality, and format, but notably omits any requirements for securing the data or the satellites performing the imaging. This omission potentially allows poor cybersecurity practices to persist in satellites that are becoming increasingly integral to the NGA’s Space Domain Awareness (SDA) mission. The lack of cybersecurity requirements imposed in this RFI could lead to an increase in notable high-impact hacking incidents that are intended to degrade the U.S.’ ability to operate in space. Additionally, the RFI does not impose up-front restrictions on which systems can or cannot be imaged. This could enable U.S. commercial companies to conduct unclassified NEI of classified Space Force systems in orbit. Although the images collected through the RFI are unclassified, foreign adversaries who gain access to the data through hacking of unsecured systems could obtain high-quality imagery of U.S. systems of interest. They might also be able to access the satellites themselves to learn about the systems being used, improving their own SDA systems by understanding the tactics and technology U.S. companies use for NEI. This could also help adversaries better impede collection on their own sensitive systems by understanding what U.S. companies, and therefore the NGA, are focused on.

As commercial space systems advance in their collection capabilities, it is crucial for government agencies like the NGA to augment and expand their capabilities with commercial data to keep up with adversaries. However, it is even more critical for them to establish clear and specific regulations regarding how commercial providers secure their systems and data. A failure to secure these systems leaves them open to exploitation by the very actors we intend to monitor.

NGA’s RFI: https://sam.gov/opp/13268b01be074d5cbea53ea37d0c356a/view