The Spacecraft Cybersecurity Act has been enacted to address cybersecurity risks related to NASA’s spacecraft systems. The act underscores the importance of protecting sensitive technology data, particularly in light of past security concerns, including a 2019 NASA audit highlighting potential threats to space flight systems and previous instances of satellite interference. The act aligns with Space Policy Directive-5, aiming to enhance the protection of space assets against cyber threats.
The legislation mandates that NASA’s acquisition policies and standards for space systems incorporate robust cybersecurity guidelines and controls. These policies must be updated to address evolving cybersecurity threats, ensuring that NASA’s space systems and services are adequately protected. The act requires NASA to develop an implementation plan within 270 days to update these policies, including a process for ongoing reviews and an estimate of required resources.
NASA’s implementation plan will involve input from key figures within the agency, including the Chief Engineer and Chief Information Officer. The plan must outline milestone dates for policy updates, a review process for cybersecurity policies, and resource estimates for these activities. This comprehensive approach aims to strengthen NASA’s cybersecurity posture and safeguard its space missions.
Finally, NASA is required to brief Congress on the implementation plan and how it will inform a broader cybersecurity risk management framework for spacecraft. This briefing is intended to ensure that the plan supports the development of an effective cybersecurity strategy for NASA’s space systems and operations, addressing the end-to-end security needs of its missions.
Reference: