Senator Fischer Presses Expert on Satellite Security and Cyber Threats

Satellite Security and Supply Chain Vulnerabilities

• 💡 Satellite operators often rely on external supply chains for subsystems, making it crucial to extend threat sharing and ensure secure-by-design components from the ground up.
• ⚠️ Foreign-supplied components have been found with security vulnerabilities upon initial delivery, highlighting the need for rigorous vetting.
• 🧠 Secure-by-design principles and flexible encryption protocols are essential for building robust satellite infrastructure.

Threats to Space Systems

• 🚀 China's SJ21 satellite, designed for debris removal, demonstrates a capability to grapple and move other satellites, posing a significant offensive threat.
• 💥 Even without direct destruction, a satellite's debris field can create problems for other satellites, posing a huge issue in outer space.
• 🛰️ Making satellites defensible and increasing the diversity of systems through more numerous and faster satellite launches can create a more resilient and capable infrastructure.

Cybersecurity Frameworks and FCC Role

• ✅ Cybersecurity frameworks must be flexible and adaptive, with the FCC playing a vital role in protecting communication networks.
• 🔑 Basic protections like changing default passwords, requiring minimum password strength, adopting multi-factor authentication, and patching vulnerabilities are not burdensome for member organizations.
• 🤝 Cybersecurity risk management plans are actively maintained and evolving by member companies, though sharing them with committees may be restricted by trade association policies.

Government Contracts and Cyber Requirements

• 💰 The federal government has spent billions on telecommunication and IT contracts, underscoring the need for a floor of cyber requirements to safeguard taxpayer dollars.
• 🌐 Outsourcing work, especially to call centers in rural areas, can introduce national security vulnerabilities if not adequately protected.

Cyber Safety Review Board and Salt Typhoon

• ⚠️ The Cyber Safety Review Board (CSRB), tasked with reviewing the Salt Typhoon hack, was unable to function due to bureaucratic hurdles, lack of clearances, and restrictions on communication.
• 🚫 The board was disbanded without effectively completing its work, and its re-establishment would require a commitment to effective operation and access to necessary information.
• 🏛️ An outside commission, similar to the 9/11 commission, is recommended to make comprehensive recommendations on how to improve collaboration between the executive branch, legislative branch, and industry on cybersecurity issues.