Cybersecurity1 is critical to the satellite industry’s core goal: providing mission critical, highly reliable, and secure connectivity. The satellite industry has a long history of providing secure solutions to diverse global customers, including military and government users, corporations of every size and type, the non-profit and scientific communities, and individual consumers. Drawing on the expertise of its diverse membership, and responding to the demands of its user community, the industry has become a leader in providing safe, reliable communications.
Given the reliance of our economy and national security on secure communications, evolving attacks by criminals, terrorists, and nation-states properly concern national leaders and the private sector. The cyber threat environment is complex, and the stakes are high. While no system can be perfectly secure, each organization’s commitment to foundational security principles helps all contributors to the industry, from software vendors to equipment manufacturers and service providers, improve their security risk profile. SIA therefore adopts this statement in the interest of promoting development and use of best practices and greater collaboration on important matters of cybersecurity.
The satellite industry’s foundational and long-standing commitment to cybersecurity is evident in recent efforts. Several SIA member companies participated in the Federal Communications Commission’s (FCC’s) Security, Reliability, and Interoperability Council IV Working Group 4 (CSRIC IV WG 4) on Cybersecurity Risk Management and Best Practices. This substantial effort convened stakeholders from across the communications sector. The satellite segment created a prioritized adaptation of the United States National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), emphasizing the importance of organizations’ risk management using flexible measures that are self-reinforcing, tailored to networks’ unique needs, and that build upon international standards.
1 The Satellite Industry Association (SIA) and Global VSAT Forum (GVF) are leading trade associations representing the global satellite communications industry. SIA and GVF, on behalf of their members, issue this joint statement on the industry’s commitment to cybersecurity.
SIA Members continue to participate in various security efforts with government agencies, industry working groups, and international standards bodies. The satellite industry notes the work completed, including efforts within United States agencies, such as the FCC, Department of Homeland Security, NIST, and others pursuant to executive orders, directives, and initiatives. In particular, programs emphasizing the protection of critical infrastructure and promoting sharing of threat information reduce overall cybersecurity risk today, and will continue to do so in the future.
International efforts also are a key component of ensuring cyber security for the nation’s communications networks. For nearly a decade, the International Telecommunication Union has led cybersecurity initiatives that inform much of today’s cybersecurity dialogue, and myriad other national governments and regional groups have taken important steps to promote cybersecurity dialogue and development of best practices. Outside of government-sponsored initiatives, many industry-led efforts have proven effective at developing cybersecurity best practices and sharing valuable information. The industry also strongly supports the work of internationally recognized standards development organizations, the output of which will inform ongoing security specification and process development. The satellite industry’s success would not be possible without the foundation laid by these groups.
SIA members have learned important lessons for effective cybersecurity. Security and risk management must be part of an organization’s overall corporate culture. Organizations should, and do, implement best practices to protect against evolving threats and regularly revisit them. Industry members can use the output of CSRIC IV WG 4, the NIST Cybersecurity Framework, and other industry-driven resources to inform their own development of voluntary, proactive, risk-based internal approaches to mitigate risks. Collaboration, not regulation, is the best way for organizations to manage cyber risks. Voluntary information-sharing among the private sector, between the private sector and government, and between the private sector and end users is vital.
SIA encourages all segments of the satellite industry—from satellite communication providers to equipment manufactures and vendors—to address the dynamic challenge of cybersecurity. SIA has identified three principles that—although not intended to be a comprehensive roadmap or exhaustive list—should be at the center of private and government efforts to promote national and global cybersecurity.
Voluntary, industry-led efforts and public-private partnerships are the optimal way to address cybersecurity at the national or international levels.
Satellite industry organizations should actively address cybersecurity using industry best practices for risk management.
Each company in the satellite ecosystem should develop its own risk management approach, including by assessing whether to implement or customize one or more of many available tools.
Robust cybersecurity is aided by voluntary information sharing, free from fear of adverse consequences.
Sector participants often face common threats, so they must be free to collaborate among themselves and with government to identify and respond to attacks, share mitigations, and learn from past experiences.