US Misses Two Cyber 'Pearl Harbor' Attacks
The U.S. reportedly suffered two cyber “Pearl Harbor” attacks from Russia and China in January and February. The damage to U.S. critical national infrastructure is still being assessed.
There is a missing link. The U.S. government continues to ignore the space-cybersecurity connection.
Why is the FCC’s blanket licensing of over 80,000 low orbit, non-geostationary satellites and millions of base stations being allowed in the midst of these critical security breaches?
The vulnerability of satellites is not about 5G or other distracting issues that minimize the seriousness of this foreign act of aggression.
At last, something is being done to address these national and international security dangers. An FCC petition for emergency expedited rulemaking was just filed expressing the concerns of a broad coalition of more than 200 organizations from over 60 countries including scientists, astronomers, national security experts, environmentalists, and consumer advocates. Their legal brief requests a 180-day pause on the FCC’s piecemeal satellite licensing program. The group argues that these licenses, worth hundreds of millions of dollars to a few satellite companies, are jeopardizing international security and the environment.
For the past four years, the Trump administration allowed the FCC to ignore these critical risks, notwithstanding urgent appeals from other federal agencies, international organizations, and the U.N.
The FCC's major federal action is permitting a dramatic increase in the number of targets for cyber-attack in space and on the ground by increasing dependency on outer space as an essential part of U.S. critical national infrastructure.
The petition offers a breakthrough in thinking in how to solve "wicked problems" of this kind with a new balanced approach that can be implemented within a 180-day pause.
The FCC must engage the best talents from numerous concerned federal agencies, as well as experts within Congress and the private sector, to help the U.S. government and the new satellite industry address an unfolding national and international calamity for which the January and February cyber-attacks are only early heralds.
The petitioners further allege that the FCC’s piecemeal licensing of tens of thousands of satellites and millions of base stations is placing in reckless jeopardy the public trust in the heavens for all of humanity, future generations, and the living environment. This principle has been recognized and protected by numerous international treaties and conventions signed and ratified by the U.S.
Moreover, the FCC’s program is being implemented in open defiance of major federal laws, including the National Environmental Policy Act and the Administrative Procedure Act, that require U.S. agencies to demonstrate a reasoned process of decision making, supported by a credible record, which is entirely absent in the “Satellite Experiment.”
Contrary to well-established regulatory and business practices, the satellite experiment is being pressed forward by a few companies without regulatory transparency, much less any provision for indemnification or insurance.
In plain terms, the public is being asked without its consent to shoulder all the risks and to pay for all the harms.
Cybersecurity is one of those rare areas where diverse and apparently opposing interests align, including those of the satellite industry, environmental and consumer groups, and the government. Given the astronomic costs of an effective cyber-attack on a satellite constellation, SpaceX’s Starlink, Amazon’s Kuiper, and other satellite ventures have as much interest in a protective cybersecurity regulatory regime as the general public.
The U.S. must not allow more and more satellites to be launched into increasingly overcrowded orbits filled with mounting debris that increases significantly the risk of collisions. One example is the near-miss by 60 feet of two dead satellites over Pittsburgh in January 2019.
Given the collision risks, and Russian SolarWinds malware hack and the Chinese hacking of Microsoft, what are the potential costs in security and privacy of a hostile takeover and/or weaponization of a satellite constellation?
Petitioners are urging that the FCC require sign-off on the Cybersecurity and Infrastructure Agency (CISA) as a pre-condition for all satellite/base station licenses. The FCC has also not prepared a comprehensive programmatic environmental impact statement on this major federal action, which involves unassessed risks of diverse environmental harms from chemical and light pollution, impairment of the ozone layer and associated climate change risks, and interference with weather prediction and astronomical research.
The Biden administration has a unique opportunity to correct the Trump administration’s endorsement of the FCC’s “Ready-Fire-Aim” space policy. Restoring balance to the present regulatory chaos is as immediate and urgent a national security priority as climate change.
Julian Gresser is an international attorney and negotiator who advised the U.S. State Department, World Bank, and European Commission
© Copyright IBTimes 2024. All rights reserved.