A bipartisan group of lawmakers recently introduced the Space Infrastructure Act, which pursues a advice made by the Cyberspace Solarium Commission 2.0 to designate space because the 17th U.S. critical infrastructure sector. While it’s encouraging to see Congress considering this issue seriously, designating space as a critical infrastructure sector puts form over substance and wouldn’t actually address the danger posed by adversaries like China and Russia or from natural phenomena resembling space weather. This laws would only harm the rapidly evolving space industry and further dilute the limited government resources directed at ensuring the safety and resilience of our nation’s critical infrastructure.
It’s indisputable that the space domain is each increasingly contested by our adversaries and relied upon for business and national security activities. In actual fact, infrastructure applications that utilize services from space are actually nearly ubiquitous, with space systems – resembling satellites and ground stations — providing essential communications and positioning, navigation, and timing.
Despite their importance and prevalence, space systems don’t and mustn’t comprise their very own critical infrastructure sector. To place it simply, there isn’t a critical infrastructure function or service performed in space that doesn’t exist already inside considered one of the 16 extant critical infrastructure sectors, resembling communications, transportation, information technology, and government facilities.
That said, the increased visibility of threats to space systems, especially those posed by cyber operations, should spur Congress to pay closer attention to America’s space infrastructure. Because the Cyberspace Solarium Commission 2.0 rightly made clear, space systems represent a logical collection of assets, systems, or networks, the disruption of which might have debilitating effects on the nation.
Unfortunately, the Commission’s proposed laws, the Space Infrastructure Act, ignores existing policies and frameworks that prioritize and address the risks to space systems: from Presidential Policy Directive-21 (PPD-21) and to Space Policy Directive-5 (SPD-5) and the .
PPD-21 is the foundational executive branch policy for critical infrastructure. It identifies the 16 different critical infrastructure sectors and guides the federal government’s approach to the safety and resilience of those sectors. It goals to advertise a more coordinated and holistic approach to managing each physical and cyber threats to critical infrastructure and to supply a process to mitigate risks.
SPD-5 defines space systems and establishes principles for the U.S. government’s approach to the cyber protection of space systems. Along with cybersecurity-informed engineering, SPD-5 highlights the necessity for space system owners and operators to ascertain cybersecurity plans that incorporate capabilities to make sure they’ll retain or recuperate positive control of space vehicles.
Lastly, the National Space Policy establishes the framework for the protection of space systems and countermeasures for any deliberate interference with U.S. space systems. Indeed, the policy even goes thus far as to explicitly include space systems that provide infrastructure services.
On this broad policy basis, the U.S. government has already established a critical infrastructure cross-sector working group for space systems and a space-focused Information Sharing and Evaluation Center (ISAC). This cross-sector working group includes existing sectors relevant to space, including Business Facilities, Communications, Critical Manufacturing, Defense Industrial Base, government Facilities, Information Technology, and Transportation Systems.
Those calling for space systems to be designated because the 17th critical infrastructure sector are hoping that the designation will compel a growing private industry of satellite operators to raised protect their networks and stimulate policy, laws, and stakeholder attention, leading to more resources to secure space systems.
But these views are misguided about what such a designation would enable. As an alternative of placing a better prioritization on space systems and opening the door for brand spanking new pots of federal funding, the designation would only serve to further dilute policy prioritization and resources. Making a 17th sector doesn’t guarantee Congress will appropriate more funds or that DHS will prioritize infrastructure any in a different way from the way it operates today – making all the things a priority simply means nothing is a priority. Indeed, the designation would effectively silo support for space systems, thus hindering the essential coordination and interplay that typically takes place between domains to realize effective results.
A greater approach
From a resilience perspective, the USA could be higher served by ensuring the performance and delivery of the products, services, and functions provided by critical infrastructure slightly than attempting to guard the infrastructure itself. Take the critical infrastructure for communications, as an example. Specializing in a singular domain, technology, or location — say, space — of communications capabilities inherently carries more risk since it leads on to the fracturing of our security systems and creates precisely the type of gaps in coverage that our enemies are searching for to take advantage of. Fairly than distinguishing space as its own sector and thus dividing it from communications, a greater solution could be to let the risks to space systems that provide communications capabilities be addressed by the communications sector itself.
Briefly, slightly than adding one other critical infrastructure sector, a greater approach is rooted within the implementation of existing policy, thus minimizing the expansion of our enormous bureaucracy and stopping the addition of one more institutional burden for taxpayers.
Congress could take step one in following this approach by introducing meaningful laws to shore up the safety and resilience of the products, services, and functions critical infrastructure provides. For instance, Congress could compel the Department of Homeland Security (DHS) to reformulate its initial, poor try and shift the paradigm from critical infrastructure sectors to critical functions into something more functional and useful. Congress could also propose laws governing the event and use of a national risk register to discover probably the most significant risks to critical functions, thus enabling DHS to prioritize and update its efforts. This may very well be used to justify appropriations requests and permit DHS to deal with vulnerabilities in collaboration with the private sector.
Lastly, Congress should push DHS to turn out to be greater than an information redistributor for infrastructure security breaches. Their operational role and relationship to the private sector should be clearly defined, and performance objectives and goals should be explicitly identified and assessed for achievement. Congress has, by and huge, already granted DHS the authority to act and provided greater than sufficient funding to enhance the safety and resilience of our nation’s critical infrastructure. The following step is to carry the Cybersecurity and Infrastructure Security Agency accountable by tying funding to specific outcomes and conducting meaningful oversight. In doing so, Congress might help DHS and – and particularly CISA – to get out of their very own way and advance critical infrastructure security and resilience.
In sum, the federal government must determine how you can drive innovation and spur private-sector competition in space. Specifically, Congress should push the private sector to supply recent and extra capabilities that deliver critical goods and perform key services. The private sector, in turn, should try and serve consumers by improving security, resilience, and efficiency — a win for the companies, the taxpayers, and the nation.