At a glance.
- US Space Systems Command establishes satellite cybersecurity process.
- Preliminary results from CISA study suggest Dominion software issues had no electoral effect.
Space Force establishes satellite security pre-approval process.
Last week the US Space Systems Command launched the Infrastructure Asset Pre-Approval program, or IA-Pre, a process to evaluate the cybersecurity practices and systems of commercial satellite operators planning to work with the Department of Defense. SpaceNews explains that operators with pre-approval will be able to skip the lengthy cybersecurity questionnaires usually required for each individual contract proposal. Developed in collaboration with commercial vendors, IA-Pre “will ensure effective safeguards are applied and validated; and weaknesses are mitigated to reduce the cybersecurity risks which could impact DoD missions,” said Jared Reece, program analyst at the Space Systems Command’s commercial services systems office.
The timing couldn’t be more perfect, as Colonel Roy Rockwell, commander of Space Delta 6, said Space Force is currently planning to hire more cyber specialists to defend the ground systems used to operate communications, surveillance and navigation satellites. During an online Space Force Association meeting, Rockwell noted that the low cost of cyberweapons make them more accessible to threat actors than traditional missiles or lasers. “As we look at how we’ll be attacked in future fights, and how adversaries will try to eliminate us in the space domain, they’ll start with cyber attacks first and foremost,’ said Rockwell.
Security flaws found in US election systems pose no real threat.
A security assessment analyzed by the US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that ballot-marking devices from Dominion Voting Systems have software vulnerabilities which could allow a threat actor to tamper with the machines. However, CISA found that the bugs have never been exploited in an election, and doing so would require physical access to the equipment and other criteria prevented by existing security protocols. "We are working closely with election officials to help them address these vulnerabilities and ensure the continued security and resilience of US election infrastructure," CISA Executive Director Brandon Wales told CNN. "Of note, states' standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely. This makes it very unlikely that these vulnerabilities could affect an election." Nonetheless, Government officials are concerned that the findings could give election conspiracy theorists ammunition just in time for midterm elections. The investigation was conducted by a University of Michigan computer scientist on behalf of the plaintiffs in a controversial lawsuit alleging that the state of Georgia was involved in large-scale voting fraud impacting the 2020 US presidential election. "While these vulnerabilities present risks that should be promptly mitigated, CISA has no evidence that these vulnerabilities have been exploited in any elections," CISA’s draft advisory reads.