"
The Trump Administration Can Improve Space Cybersecurity
While the space industry as a whole is leery of a critical infrastructure designation, the cyber risk experts at the Space Information Sharing and Analysis Center (ISAC) have long argued for its necessity. At the moment, “there is no single agency in charge… [no agency] pressing for a national space system cybersecurity and resilience R&D strategy,” explained Sam Visner, chair of the industry-led Space ISAC, last April.
Industry stakeholders tend to be concerned about the designation, out of fear it will come with additional regulations. In reality, designating space as critical infrastructure could create greater regulatory coherence, with a single federal agency serving as the sector risk management agency responsible for not only sharing information with the private sector but also educating other federal agencies about the unique needs and concerns of the industry. The designation would also create an industry-led council chartered specifically to work with federal agencies on security policies that affect space systems.
The first few days and weeks of a new administration are filled with efforts to launch policy reviews of the previous administration. Reassessing the Biden administration’s failure to prioritize space system cybersecurity and designate these systems as critical infrastructure should be at the top of the list. "
NASA has emerged as a leader in best practices to procure trustworthy software and digital products, which the Trump Administration can, and should, embrace and promulgate implementation of these effective NASA procurement practices across government and critical infrastructure operations to improve cybersecurity protections preventing risky software products from being used (click Read More below).
Sec. 2 . Operationalizing Transparency and Security in Third-Party Software Supply Chains. (a) The Federal Government and our Nation's critical infrastructure rely on software providers. Yet insecure software remains a challenge for both providers and users and makes Federal Government and critical infrastructure systems vulnerable to malicious cyber incidents. The Federal Government must continue to adopt secure software acquisition practices and take steps so that software providers use secure software development practices to reduce the number and severity of vulnerabilities in software they produce. - EO 14144
Products that pass the NASA SCRM process should be registered in the list of validated, trustworthy products that Executive Order 14144 recommended to ONCD. Well done NASA.