The U.S. Space Force has rolled out new cybersecurity standards for commercial satellite operators to give satellite companies an incentive to bolster their security.
Under the Infrastructure Asset Pre-Approval (IA-PRE) program, commercial suppliers of satellite-based services are evaluated based on their cybersecurity practices and systems. Suppliers that pass the government’s checklist are placed on a pre-approved list and will not be required to complete lengthy cybersecurity questionnaires for each contract proposal, reducing administrative burdens on the government and its industry partners.
“Cybersecurity is critical to the DoD and its missions,” said Jared Reece, IA Policy and Compliance Lead for the U.S. Space Force Commercial Satellite Communications Office (CSCO). “Today, the commercial satellite industry spends countless dollars on cybersecurity to ensure their assets and customers remain protected from malicious actors.”
The overall goal of the IA-PRE program – first announced in 2020 – is to develop a “pre-approved product list” of commercial satellite providers with cybersecurity posture scores based on standards set by the government.
According to Reece, having the pre-approved list of providers will speed up procurement of commercial services and avoid unnecessary duplication of cybersecurity acquisition requirements. It will also enable CSCO to be more agile in onboarding new capabilities.
Additionally, vendors will be incentivized to comply with IA-PRE because of changes in the acquisition rules that govern the way CSCO buys commercial services, Reece said.
The IA-PRE program will replace existing questionnaire-based methods that rely on self-attestation. Under the new process, vendors will undergo a one-time third-party assessment with monthly follow-ups.
IA-PRE pretrials are expected to start next month.