WASHINGTON, D.C. – Bipartisan legislation authored by U.S. Senators Gary Peters (D-MI) and John Cornyn (R-TX) to require the Cybersecurity and Infrastructure Security Agency (CISA) to provide voluntary cybersecurity resources to commercial satellite owners and operators has advanced in the Senate. Commercial satellites provide data and information used for navigation, agriculture, technology development, scientific research, and more. Industrial Control Systems – the technology involved in operating critical infrastructure networks like pipelines, and water and electric utilities – are also heavily reliant on commercial satellites. The senators’ legislation will help ensure these systems – which are critical to our national and economic security – are secure from online attacks. The Senate Homeland Security and Governmental Affairs Committee, where Peters serves as Chair, approved the legislation following recent reports that the Russian government was behind a cyber-attack on an American-based satellite company, which provides broadband services to Europe, in order to disrupt Ukrainian military communications at start of the invasion.
“Foreign adversaries, including the Russian government, and cybercriminals continue to target satellites that provide essential services. If they are able to successfully breach these networks, the consequences for the American people could be catastrophic,” said Senator Peters. “This bipartisan bill will help ensure small businesses and other organizations that own and operate commercial satellites have the necessary resources and information to secure their own networks.”
"Nearly every industry uses commercial satellite networks to provide essential services, but the destruction or disruption of these networks could be used against our national security interests," said Senator Cornyn. "I’m grateful to my colleagues on the Senate Homeland Security and Governmental Affairs Committee for recognizing the importance of satellite cybersecurity, and I look forward to this legislation coming to the Senate floor soon."
Experts have shown increasing concern that commercial satellite hacks could have dire economic and security consequences. The Department of Defense has also raised concerns about this threat and recently sponsored a competition for white hat hackers to attempt breaching an active satellite. In 2014, American officials accused the Chinese government of hacking a National Oceanic and Atmospheric Administration weather satellite. As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service or jam signals to disrupt electric grids, water networks, transportation systems, and other critical infrastructure. The senators’ legislation will ensure the United States is prepared to address these threats as malicious hackers increasingly target commercial satellite systems.
The Satellite Cybersecurity Act will require CISA to consolidate voluntary satellite cybersecurity recommendations to help companies understand how to best secure their systems. Some of these resources will be specific to small businesses who own and operate commercial satellite systems. Additionally, the bill requires CISA to develop a publicly available, online resource to ensure companies can easily access satellite-specific cybersecurity resources and recommendations to secure their networks. The legislation will also require the Government Accountability Office to perform a study on how the federal government supports commercial satellite industry cybersecurity. It will ensure a better understanding of how network vulnerabilities in commercial satellites could impact critical infrastructure.