Space

On April 8, 2019, it was announced at the 35th Space Symposium in Colorado Springs, Colorado that the space industry was getting an Information Sharing and Analysis Center (ISAC). Kratos Defense & Security Solutions, “as a service to the industry and with the support of the U.S. Government,” was the first founding member of the Space-ISAC (S-ISAC).

“[ISACs] helps critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency.”

National Council of ISACs

ISACs, first introduced in Presidential Decision Directive-63 (PDD-63) in 1998, were intended to be the one aspect of the United States’ development of “measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems.” PDD-63 requested “each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities.” In 2003, Homeland Security Presidential Directive 7 (HSPD-7) reaffirmed the relationship between the public and private sectors of critical infrastructure in the development of ISACs.

Today, there are ISACs in place for a number of subsectors within the sixteen critical infrastructure sectors, for specific geographic regions, and for different levels of government.

However, the S-ISAC, while undoubtedly a good call, has left me with a few questions.

Why so much government involvement?

From what I’ve read, the Federal government’s role is to “collaborate with appropriate private sector entities and continue to encourage the development of information sharing and analysis mechanisms.” For example, the Aviation-ISAC (A-ISAC) was formed when “[t]here was consensus that the community needed an Aviation ISAC”; the Automotive-ISAC (Auto-ISAC) came into being when “[fourteen] light-duty vehicle [Original Equipment Manufacturers] decided to come together to charter the formation of Auto-ISAC”; and the Information Technology-ISAC (IT-ISAC) “was established by leading Information Technology Companies in 2000.”

Reportedly, it was not the private actors within the space industry that recognized or felt the need for the S-ISAC, but an interagency body designed to keep an eye on and occasionally guide or direct efforts across space agencies. The Science and Technology Partnership Forum has three principle partner agencies: U.S. Air Force (USAF) Space Command, the National Aeronautics and Space Administration (NASA), and the National Reconnaissance Office (NRO).

Additionally, it appears as though Kratos, a contractor for the Department of Defense and other agencies, was the only private actor involved in the development and formation of the S-ISAC.

These are just something to keep in mind. The S-ISAC’s perhaps unique characteristics must be considered in light of the clear national security and defense interests that these agencies and others have in the information sharing mechanism. Also, since the announcement of the S-ISAC, Kratos has been joined by Booz Allen Hamilton, Mitre Corporation, Lockheed Martin, and SES as founding members.

Why an ISAC?

Again, ISACs are typically the domain of the private owners, operators, and actors within an industry or sector. As new vulnerabilities and threats related to the United States’ space activities have rapidly manifested in recent years and are quickly emerging today, it would seem to make sense for the Federal government to push for the development of an Information Sharing and Analysis Organization (ISAO). ISAOs, formed in response to Executive Order 13691 (EO 13691) in 2015, are designed to enable private companies and federal agencies “to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.”

While ISAOs and ISACs share the same goals, there appear to be a number of differences between the two information-sharing mechanisms. ISACs can have high membership fees that individual members are responsible for, potentially blocking smaller organizations or new actors from joining, and that often work to fund the sector’s ISAC; however, grants from the Department of Homeland Security (DHS) are available to provide additional funding for the establishment and continued operation of ISAOs.  ISACs – for example, the A-ISAC – seem to monitor and control the flow of member-provided information available to the Federal government more closely than ISAOs.

Also, ISACs – such as those recognized by the National Council of ISACs (NCI) – are typically limited to sectors that have been designated as Critical Infrastructure and the associated sub-sectors. Despite obvious reasons why it should, space has not been recognized as a critical infrastructure sector.

For now, this seems like a good place to end. This introductory look into ISACs generally and the S-ISAC has left me with many questions about the organization itself and its developing relationship with the private space industry as a whole. Hopefully, these questions and more will be answered in the coming days as the S-ISAC and the private space industry continue to develop and grow. 

Here are some of my unaddressed questions to consider while exploring and considering the new S-ISAC: Why develop the S-ISAC now? What types of companies are welcome to become members, only defense contractors or, for example, commercial satellite constellation companies and small rocket launchers? As the commercial space industry continues to grow in areas such as space tourism, will the S-ISAC welcome these actors as well or will we see the establishment of a nearly-identical organization with a different name?

Nowadays it seems like everyone wants to get in on the rapidly-growing commercial space industry, reportedly worth approximately $340 billion per year. From Stratolaunch Systems’ “world’s largest plane, which acts as a launch pad in the sky,” to NASA’s Space Act Agreements (SAA) with Boeing and SpaceX for taxi services to and from the International Space Station (ISS), this is certainly not your parents’ space race.

While the private space industry of today may not have bloomed until after we entered the 21st century, the United States’ love affair with space activities in the private sector can be traced back to the 1960’s, although it was the passage of the Commercial Space Launch Act in 1984 that really lit a fire under private industry. It goes without saying that a lot has changed in the years between then and now.

As a matter of fact, the private space sector as we know it today has a term all its own: NewSpace.

“Alt.space, NewSpace, entrepreneurial space, and other labels have been used to describe approaches to space development that different significantly from that taken by NASA and the mainstream aerospace industry.”

HobbySpace.com

NewSpace is a move away from the traditional understanding of space being the domain of government agencies alone and a step toward more affordable access to space. This transition has allowed for the incredible growth and expansion of the economic endeavors within the private space sector, and it’s only expected to get bigger and more profitable as time and developments continue to advance.

However, beyond the incredible news stories about “the world’s first commercial Spaceline” and Elon Musk sending his car into space – which you can track here, by the way – there is an entire universe of issues and concerns that do and/or will cause hiccups and delays to entering the first space tourists into orbit.

One of the first concerns that comes to mind is often that of safety. Saying that there are a few safety concerns relating to commercial space transportation would be putting it very, very lightly. Risks and dangers plague every step of the process, from launchpad to landing. I am all for scientific inquiry and experimentation, but unfortunately this is one area where trial and error has a good chance of ending in both the loss of equipment and the loss of life.

Commercial space transportation is still a fairly high-risk industry in terms of safety, and the responsibility to develop safety regulations for the U.S. commercial space transportation industry rests with the Federal Aviation Administration (FAA) Office of Commercial Space Transportation (AST). The AST issues licenses and experimental permits for launch or reentry vehicles and spaceports after the issuance of a safety approval.

According to the AST website, the FAA “has the authority to issue a safety approval for one or more of the following safety elements: a launch vehicle, a reentry vehicle, a safety system, process, service, or any identified component thereof, and qualified and trained personnel performing a process or function related to licensed launch activities.”

I will stop myself here (for now), but this is just a drop in the bucket. There are plenty of topics surrounding commercial space flight that this post didn’t discuss, such as issues with funding, the minefield that is space debris, and the question of whose law governs in space. While this may seem like a lot, be reassured by the fact that this means we all may have the chance to live out that childhood (adulthood) dream of being an astronaut.