The Trump administration has kept in place Biden-era work on securing space systems through the June 6 executive order on cybersecurity, which takes a line-item approach to modifying several aspects of a Jan. 16 executive order from former President Biden.
Biden’s Jan. 16 EO directed the U.S. Geological Survey, the National Oceanic and Atmospheric Administration and NASA to recommend changes to the Federal Acquisition Regulation on “updates to civil space cybersecurity requirements and relevant contract language.” The Biden EO takes a risk management approach to space systems, highlighting specific elements that should be included as part of the recommendations.
Former Office of the National Cyber Director official Lauryn Williams spoke with Inside Cybersecurity on the June 6 Trump EO.
Williams said, “I was really pleased and excited to see that there is continuity, as I expected leaving my time in the Biden administration, and there’s going to continue to be prioritization of cybersecurity protections for space systems.”
Williams joined ONCD in 2022 as senior advisor for strategy and research and spent time working on space and defense industrial base policy issues at the Pentagon. At ONCD, Williams led a series of technical workshops with the space industry and supported the development of a January 16 report reflecting lessons learned from industry engagements.
She is currently a senior fellow at the Cornell Brooks School Tech Policy Institute and a nonresident fellow at the Carnegie Mellon Institute for Strategy and Technology.
In Trump’s first term, a space policy directive was issued in 2020 promoting secure design principles for space systems.
In addition to its directives on exploring potential FAR updates, the Biden EO tasks ONCD with conducting a study on ground components of space systems to determine whether they should be considered federal information systems.
Following the study, the director of the Office of Management and Budget is directed to “take appropriate steps to help ensure that space ground systems owned, managed, or operated by FCEB agencies comply with relevant cybersecurity requirements issued by OMB,” according to the Biden EO.
Classifying ground-based systems as federal information systems would require them to comply with standards under the Federal Information Security Modernization Act that were established in Federal Information Processing Standard 200 and expanded on in the National Institute of Standards and Technology Special Publication 800-53.
Williams said the question of designating space systems under the “cross-government FISMA cybersecurity requirements” was a “big policy discussion” under Biden.
“If the answer is yes,” Williams said, “then that whole range of FISMA requirements will apply, which would have profound positive impacts for ensuring common cybersecurity requirements across space ground systems.”
On the potential FAR changes and the ground systems study, Williams said, “All of that work should carry on. It was not modified or changed in any way in the new executive order.”
Space as critical infrastructure
Amid these activities, stakeholders are expecting the Trump administration to reconsider whether space systems should become a new critical infrastructure sector.
The Biden administration in National Security Memorandum 22 decided against creating a new critical infrastructure sector and designating a sector risk management agency to have responsibilities for securing space systems.
Trump ordered a new review of critical infrastructure policies in a March 18 executive order, including NSM-22; NSM-16, which focuses on the resilience of U.S. food and agriculture; and two Biden EOs on protecting America’s supply chains.
“There is interest in reopening this question of the current formally designated critical infrastructure sectors,” Williams said. She explained, “The big question that was opened and closed during the Biden administration, and then reopened again by Trump, is whether space systems as a whole should be pulled out and addressed on their own.”
Williams added that the space sector “includes a whole range of sub-functions: communications, transportation and others.”
Designating the space sector as critical infrastructure could create “holistic continuity” for federal and private sector efforts to secure space-based assets against cyber threats, according to Williams.
She added that a “key benefit” of reopening the conversation around the critical infrastructure designation is that it could “facilitate information sharing across the government and across players.” -- Jacob Livesay (jlivesay@iwpnews.com)