WASHINGTON — One of the final space-related acts of the outgoing Biden administration is an executive order that directs cybersecurity reviews of ground systems and contract requirements for civil space systems.
The provisions are part of a broader executive order on cybersecurity released by the White House Jan. 16. The order covers issues ranging from improving sanctions of cyber attackers to the use of artificial intelligence and “post-quantum cryptography” to improve security.
That order includes provisions regarding cybersecurity of space systems. “Cybersecurity threats to space systems have risen dramatically, threatening global critical infrastructure and communications,” the White House stated in a fact sheet about the order. “Their disruption can bring global commerce to a halt and seriously impact national security.”
One portion of the order calls for a review of ground systems used by civilian government agencies. It calls on the National Cyber Director to review those ground systems and provide recommendations to “improve the cyber defenses and oversight” of them. That report is due to the Office of Management and Budget (OMB) 120 days after the order went into effect.
Ninety days after receipt of the report, OMB “shall take appropriate steps” to ensure those ground systems comply with relevant cybersecurity requirements, the order states.
A second space-related provision of the executive order calls for a review of contracting requirements for civil government space systems. It requires NASA, the Department of Commerce and the Department of the Interior to review the Federal Acquisition Regulations (FAR) in the next 180 days and recommend updates to them regarding cybersecurity.
“The recommended cybersecurity requirements and contract language shall use a risk-based, tiered approach for all new civil space systems,” the order states. “Such requirements shall be designed to apply at minimum to the civil space systems’ on-orbit segments and link segments.”
The areas to be reviewed involve protecting command and control of space systems, ways to detect and respond to “anomalous network or system activity” and use of secure software and hardware development practices.
The order requires the Federal Acquisition Regulatory Council, which oversees the FAR, to act within 180 days of receiving those recommendations, making changes to the regulations “appropriate and consistent with applicable law.”
The order build upon previous efforts to study and strengthen cybersecurity of space systems. That includes Space Policy Directive 5 by the first Trump administration in 2020 that outlined best practices for improving the cybersecurity of space systems. A March 2023 national cybersecurity strategy by the White House also addressed “enhancing the security and resilience of U.S. space systems,” in part by formally implementing best practices from the 2020 directive.
The executive order is the final action on space policy by the outgoing Biden administration. It largely implemented policies established by previous administrations on space issues and pushed, unsuccessfully, for creating a “mission authorization” regime for providing oversight of emerging commercial space activities.
The administration also brought in additional federal agencies to the National Space Council, although some in the space industry criticized the council for not appearing to be as active as in the first Trump administration. It is unclear, though, if the second Trump administration will continue the council.
