Critical Infrastructure Protection: Commercial Satellite Security Should Be More Fully Addressed

GAO-02-781 August 30, 2002
Highlights Page (PDF)   Full Report (PDF, 51 pages)   Accessible Text   Recommendations (HTML)

Summary

Government and private-sector entities rely on satellites for services such as communication, navigation, remote sensing, imaging, and weather and meteorological support. Disruption of satellite services, whether intentional or not, can have a major adverse economic impact. Techniques to protect satellite systems from unauthorized use and disruption include the use of robust hardware on satellites, physical security and logical access controls at ground stations, and encryption of the signals for tracking and controlling the satellite and of the data being sent to and from satellites. When using commercial satellites, federal agencies reduce risks by securing the data links and ground stations that send and receive data. However, federal agencies do not control the security of the tracking and control links, satellites, or tracking and control ground stations, which are typically the responsibility of the satellite service provider. It is important to the nation's economy and security to protect against attacks on its computer-dependent critical infrastructures (such as telecommunications, energy, and transportation), many of which are privately owned. In light of the nation's growing reliance on commercial satellites to meet military, civil, and private sector requirements, omitting satellites from the nation's approach to protecting critical infrastructure leaves an important aspect of our nation's infrastructures without focused attention.



Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Implemented" or "Not implemented" based on our follow up work.

Director:
Team:
Phone:
No director on record
No team on record
No phone on record


Recommendations for Executive Action


Recommendation: In pursuing the draft policy submitted to the Office of Management and Budget (OMB) for completion and the recommended review of U.S. space policies, the Director of OMB and the Assistant to the President for National Security Affairs should review the scope and enforcement of existing security-related space policy and promote the appropriate revisions of existing policies and the development of new policies to ensure that federal agencies appropriately address the concerns involved with the use of commercial satellites, including the sensitivity of information, security techniques, and enforcement mechanisms.

Agency Affected: Executive Office of the President: Office of Management and Budget

Status: Implemented

Comments: OMB's release of Memorandum M-04-15, "Development of Homeland Security Presidential Directive (HSPD)--7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructure and Key Resources" provides guidance for coordination with the private sector and in particular, collaboration on use of commercial satellites. Furthermore, OMB's Memorandum M-05-16, "Regulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings" sets forth general requirements to initiate a review of telecommunication capabilities in the context of planning for contingencies and continuity of operations (COOP) situations. Further action taken by the President's National Security Telecommunications Advisory Committee included the formation of the Satellite Task Force, comprised of federal agency and industry officials, which in February 2004 studied the sensitivity of commercial SATCOM satellites to vulnerabilities and made recommendations on ways to improve infrastructure protection for commercial satellites.

Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

Status: Implemented

Comments: OMB's release of Memorandum M-04-15, "Development of Homeland Security Presidential Directive (HSPD)--7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructure and Key Resources" provides guidance for coordination with the private sector and in particular, collaboration on use of commercial satellites. Furthermore, OMB's Memorandum M-05-16, "Regulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings" sets forth general requirements to initiate a review of telecommunication capabilities in the context of planning for contingencies and continuity of operations (COOP) situations. Further action taken by the President's National Security Telecommunications Advisory Committee included the formation of the Satellite Task Force, comprised of federal agency and industry officials, which in February 2004 studied the sensitivity of commercial SATCOM satellites to vulnerabilities and made recommendations on ways to improve infrastructure protection for commercial satellites.

Recommendation: Considering the importance of satellites to the national economy, the government's growing reliance on them, and the threats that face them, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should consider recognizing the satellite industry as either a new infrastructure or part of an existing infrastructure.

Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

Status: Implemented

Comments: In February 2002, the President released the National Strategy to Secure Cyberspace, which included satellites within the information and telecommunications infrastructure. Further, in November 2002, the President signed the Homeland Security Act of 2002 (P.L. 107-296), which also included satellites within the information technology and telecommunications critical infrastructure.

Agency Affected: Executive Office of the President: Office of Homeland Security

Status: Implemented

Comments: In February 2002, the President released the National Strategy to Secure Cyberspace, which included satellites within the information and telecommunications infrastructure. Further, in November 2002, the President signed the Homeland Security Act of 2002 (P.L. 107-296), which also included satellites within the information technology and telecommunications critical infrastructure.

Agency Affected: Executive Office of the President: Office of the Assistant to the President for Cyberspace Security

Status: Implemented

Comments: In February 2002, the President released the National Strategy to Secure Cyberspace, which included satellites within the information and telecommunications infrastructure. Further, in November 2002, the President signed the Homeland Security Act of 2002 (P.L. 107-296) that also included satellites within the information technology and telecommunications critical infrastructure.