ISAC Ventures Into Space Information Sharing

The nascent Space Information Sharing and Analysis Center, a nonprofit headquartered in Colorado Springs, Colorado, is working to be a platform for analysis and threat information sharing for the space domain. Through its membership and collaborations, it will share threat information regarding the space-related business and enterprise systems and supply chain.

Along with its indicators and analysis, the center aims to provide the resources to support response and mitigation efforts in regard to cyber or other threats to the space industry, reported Erin Miller, executive director, Space ISAC, speaking at the AFCEA Rocky Mountain Chapter’s Cyberspace Symposium yesterday.

Space ISAC, as it is known, is operated by the National Cybersecurity Center (NCC). Run by CEO Harry Raduege, a retired U.S. Air Force lieutenant general, the NCC is a nonprofit organization raising cyber awareness and advancing cybersecurity. In addition to the Space ISAC, the NCC also includes the Secure the Vote, Cybersecurity for State Leaders and the Secure Smart Cities organizations.

Miller announced in late February that the ISAC had reached initial operating capability. The center has partnered with New York-based Cyware to share threat intelligence through that company’s situational awareness platform and threat intelligence exchange.

“We are in existence to facilitate collaboration across the global space industry to enhance the ability to prepare for and respond to vulnerabilities, incidents and threats,” Miller said. “Space ISAC is the only all-threats security information source for the public and private space sector.”

And although there are many other types of ISACs—in the automotive, aviation, communications and national defense sectors—a space-related ISAC did not exist until about a year ago, Miller said. Moreover, these ISACs are usually tied to critical infrastructure, but space has not yet been designated as critical infrastructure, a priority measure for the Space ISAC.

“Space ISAC standing up actually signals a major milestone in getting to that place where space might be designated as critical infrastructure,” the executive director noted.

Space ISAC also is closely watching the proliferation of low-Earth orbit satellite mega constellations, which cross nation-state boundaries and increase the attack vectors. “LEO constellations are being used for 5G and maybe eventually 6G, so when Space ISAC was launched in 2019, much of this [threat] was projected and now it's coming to fruition,” Miller said. “We're seeing that it's very much needed that we have a way to share information on threats and vulnerabilities to space on a daily basis.”

A task force within the center is working to identify any gaps in standards in regard to implementing cybersecurity for space-related systems, as dictated by Space Policy Directive 5. “We are having continued discussions with the American National Standards Institute, the National Institute of Standards and Technology, and Consultative Committee for Space Data Systems, which is an international standard setting body, to discuss how they could help us to use the results of our analysis to fill gaps in standards that exist now,” she explained.

In addition to growing its industry, academia and federally funded research and development center membership, the Space ISAC is working to form partnerships with the European Space Agency, the Japanese Space Agency and the German Aerospace Center, Miller shared.

“When it comes to space, the Space ISAC is not a political organization,” she emphasized. “We are operationally focused. We are solving problems for analysts and operators and empowering access to information for managers and executives across the globe.”