Space Cybersecurity in the Age of Defending Forward

In the wake of a new Trump administration policy directive establishing cybersecurity principles for space systems, Hanna and Velez examine the implications of the American “defending forward” strategy on space systems. They highlight a tension between American interests in securing its cyber assets through the defend forward strategy while respecting the Outer Space Treaty of 1967, which “aims to prevent the militarization of space.”

While I think the authors overstate the implications of the recent policy directive – a relatively toothless document not arguing for much more than improved cyber hygiene for space systems – I do agree that there are some interesting questions about how a defend forward strategy where U.S. Cyber Command conducts operations in “adversary or enemy” networks accounts for space systems. The authors argue that the defend forward strategy is still legally murky on Earth, and will only become more complicated in space since the U.S. has treaty obligations to uphold there. They identify this difference between the aggressive cyber posture and obligations to a peaceful treaty as a logical gap that will soon need to be filled by U.S. Cyber Command and the newly-created U.S. Space Force. Finally, the authors highlight an interesting difference between private companies on Earth and in space: that the U.S. government is responsible for those who operate in space. With regards to cybersecurity, this means that the federal government may take a more protective stance of private space companies than it has with other private companies in the past.