Contract changes needed to improve cybersecurity, Space Force leader says
Lt. Gen. John Thompson, a leader of U.S. Space Force, says cybersecurity is increasingly integral to space missions and infrastructure contracts need to change to keep up.
NOTE: This article first appeared on FCW.com.
The U.S. Space Force is working on bolstering its space and missile systems' cybersecurity, starting with its infrastructure contracts.
Lt. Gen. John Thompson, commander of the Space and Missile Systems Center (SMSC) under the U.S. Space Force, said cybersecurity was increasingly integral to space missions as threats continue to grow during the California Polytechnic State University's Space and Cybersecurity Symposium Oct. 5.
"The vulnerabilities of our space systems really kind of threaten the way we've done business in the past," said, "as the threat vectors change, as the vulnerabilities change we've got to be nimble enough, agile enough to be able to bounce back and forth."
Thompson said that as space becomes a more crowded domain, the need for cybersecurity increases.
"Space is becoming congested and contested and that contested aspect means that we've got to focus on cybersecurity in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out," he said.
Thompson said the SMSC began reviewing all of its major contracts in 2019 to make sure that they had the right clauses and sufficiently accounted for cybersecurity needs.
"We found ourselves having to add new language to our contracts to require system developers to implement some more advanced protective measures in this evolving cybersecurity environment so that data handling and supply chain protections from contract inception to launch and operations were taken into account," the general said.
The pivot to more comprehensive cybersecurity comes as the Defense Department contends with vulnerabilities in its weapons systems, increased personnel needs, and heavy reliance on IT networks and services that ups the risk, according to a Government Accountability Office report in April.
Thompson said the threats the U.S. face are part of a new era of warfare that involve space and cyber and that a cyberattack, such as denial of service, could be just as devastating as a kinetic attack. That's particularly relevant as DOD embraces mesh networks to provide network connectivity on the battlefield using lower and middle earth orbit satellites.
"We've got to make sure that they are secured to avoid an accident or international damage. Loss of control of these constellations really could be catastrophic from a mission perspective or from a satellite tumbling out of lower earth orbit perspective," Thompson said.
But that security can't only come from a checklist, he said, like the Risk Management Framework (RMF) approach, it has to be part of a weapons systems life cycle, while accounting for new and emerging threats.
"We can't have program managers and engineers just accomplish an RMF on a system and then high five, we're all good," Thompson said. "It's a journey, not a destination—that's cybersecurity. And it's a constant battle rhythm throughout a weapons systems life cycle, not just a single event."