WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and John Cornyn (R-TX) introduced bipartisan legislation requiring the Cybersecurity and Infrastructure Security Agency (CISA) to provide cybersecurity resources to commercial satellite owners and operators. Commercial satellites provide data and information used for navigation, agriculture, technology development, scientific research, and more. Industrial Control Systems – the technology involved in operating critical infrastructure networks like pipelines, and water and electric utilities – are also heavily reliant on commercial satellites. The senators’ legislation will help ensure these systems – which are critical to our national and economic security – are secure from online attacks.
“Hackers have already successfully attacked government satellites and it’s only a matter of time before they begin to more aggressively target commercial satellites. Vulnerabilities in these systems present an opportunity for foreign adversaries and cybercriminals to significantly disrupt American lives and livelihoods,” said Senator Peters. “It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late. This bipartisan bill will help ensure these organizations – who often do not have enough resources – are able to protect their own networks.”
"Commercial satellites are an integral part of our infrastructure network and must be protected from cyberattacks by bad actors that would compromise our national security," said Senator Cornyn. "This bipartisan piece of legislation directs CISA to publish voluntary cybersecurity best practices for companies that own these satellites and ensure our most critical infrastructure is secure against foreign cyber threats."
Experts have shown increasing concern that commercial satellite hacks could have dire consequences for the American people. The Department of Defense has also raised concerns about this threat and recently sponsored a competition for hackers to attempt breaching an active satellite. In 2014, American officials accused China of hacking a National Oceanic and Atmospheric Administration weather satellite. As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service or jam signals to disrupt electric grids, water networks, transportation systems, and other critical infrastructure. The senators’ legislation will ensure the United States is prepared to address these threats as hackers increasingly target commercial satellite systems.
The Satellite Cybersecurity Act will require CISA to develop voluntary satellite cybersecurity recommendations to help companies understand how to best secure their systems. Some of these resources will be specific to small businesses who own and operate commercial satellite systems. Additionally, the bill requires CISA to develop a publicly available, online resource to ensure companies can easily access satellite-specific cybersecurity resources and recommendations to secure their networks. The legislation will also require the Government Accountability Office to perform a study on how the federal government supports commercial satellite industry cybersecurity. It will also ensure a better understanding of how network vulnerabilities in commercial satellites could impact critical infrastructure.