In April 2022, a bipartisan group of congressmen introduced the Satellite Cybersecurity Act. Senators Gary Peters (D-MI) and John Cornyn (R-TX) authored the bill, and Congressman Andrew R. Garbarino (R-NY) joined with Congressman Tom Malinowski (D-NJ) to introduce the bill to the U.S. House of Representatives.

“We depend on satellites for everything from driving to work to defending our country, yet our space systems are vulnerable to cyberattack, and the commercial satellite industry has been asking for help to protect Americans against this threat,” said Rep. Malinowski in a statement. “Our bill directs the U.S. government’s primary cyber-defense agency to provide that help.”

Satellite cybersecurity act requires resources and study

The congressmen created the Satellite Cybersecurity Act in response to recent threats and current processes and measures. Here are the two main components:

  • Consolidating resources and best practices. Because different companies own the satellites, they have different processes and best practices. The act requires that the Cybersecurity and Infrastructure Security Agency (CISA) create a commercial system cybersecurity clearinghouse within 180 days of the act becoming law. By creating a public hub and uniform best practices that companies can follow if they choose, the act aims to create more consistent protocols for all satellites. The resources will also include recommendations for network security used to manage and operate the satellites. In addition, some of the resources will be geared to small businesses that have different resources and processes than enterprises.
  • Directs CISA to perform a study on federal government support of commercial satellite industry cybersecurity. Within two years of the act becoming law, CISA must study how the federal government supports commercial satellite systems. The study must also include how the government has addressed critical infrastructure cybersecurity.

“Commercial satellites are an integral part of our infrastructure network and must be protected from cyberattacks by bad actors that would compromise our national security,” said Sen. Cornyn in a statement.

Risks of satellite cyberattacks

An attack conducted through a satellite in February shows the risks and impact of this type of attack. Cyber criminals deployed data wiper malware called Acid Rain onto a KA-SAT satellite. This type of malware wipes data from routers and modems, which leave them inoperable. By targeting the satellite that provided broadband service to SATCOM modems, the attack impacted thousands of modems in Ukraine and tens of thousands in Europe. Because the attack rendered the modems inoperable, the damage spilled to over 5,800 wind turbines in Germany.

“It’s clear the government must provide more cybersecurity support to small businesses and other companies that own and operate commercial satellites before it’s too late. This bipartisan bill will help ensure these organizations — who often do not have enough resources — are able to protect their own networks,” said Sen.Peters in a statement.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…