We Have an Anomaly: America Is Missing a Space-Systems Critical Infrastructure Sector Published Nov. 2, 2023 By Lieutenant Colonel Justin D. Ellsworth, USAF Wild Blue Yonder, Maxwell Air Force Base -- The other day, I found an old road map of the Mid-Atlantic states while cleaning out a desk drawer and handed it to my 11-year-old. I asked him if he could locate our house on the map. After staring at the map for a few minutes, he asked me, "Dad, where is our blue dot?" Like many Americans, our reliance on capabilities provided by the space domain continues to grow exponentially, and our ability to disconnect and function without these vital services provided by space is declining. Space is at the forefront of these developments, from our dependence on the Global Positioning System (GPS) to groundbreaking 5G Communications Services. However, we have a problem – despite America's reliance on this critical sector, the Department of Homeland Security (DHS) does not comprehensively cover all aspects of this domain under the current list of sixteen critical infrastructure sectors. With this backdrop, America's entire space infrastructure must become the seventeenth critical sector, protected from threats by a leading Sector Risk Management Agency, as the nation prepares for current and future growth driven by the space domain. Background on America's Critical Infrastructure Sectors & Space Critical infrastructure sectors are not a new concept and originally started in 1998 with the Clinton Administration understanding the need to protect various vital infrastructures across the nation. While other Presidential Policies extended the original directive, it was not until Presidential Policy Directive 21 (PPD-21) in February 2013, signed by President Obama, that the modern-day critical infrastructure policy was clearly defined.[1] PPD-21 specifically annotated these critical sectors, which provide "the essential services that underpin American society." Furthermore, it stated that "proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure – including assets, networks, and systems –vital to public confidence and the nation's safety, prosperity, and well-being."[2] The initial list of sixteen sectors covered everything from financial services, food, and agriculture to healthcare and communications sectors. Looking at the vast array of sectors, from dams to electrical grids, one key fact remains - most of the infrastructure called out in PPD-21 is owned and operated by the private sector. These critical infrastructure sectors provide vital services to Americans' daily lives, which requires government intervention to coordinate the protection of a wide array of disparate systems belonging to a multitude of actors to keep them secure. If any of these vital sectors fail, the effects on the economy, security, healthcare, and more are disastrous. But what about space? Space is buried as a key sub-component within the communications sector, which was most likely acceptable in 2013 but not today.[3] However, fast-forward ten years to where America's burgeoning space market is today, and therein lies the challenge. America's farmers rely on satellite data to monitor soil, water assessments, crop developments, and much more for their livelihoods and our agricultural industry.[4] The operators of dams leverage satellite technology to measure rainfall as it changes the level of reservoirs and identifies potential impact points for local infrastructure downstream, serving as a life-saving aid to local emergency personnel.[5] On the financial front, the commercial sector picked up on this trend of reliance on space, showcasing a 6.6% increase in commercial space revenue from 2020, topping nearly $357 billion, with over 90 nations entering the space market.[6] The think-tank McKinsey and Company found that private-sector funding in space companies hit an all-time high of $10 billion the previous year.[7] With commercial providers, such as SpaceX, revolutionizing the launch industry, a similar paradigm shift is occurring in satellite manufacturing. Technology is driving changes in small satellite development, leading to significant economies of scale, more efficient use of batteries, and commercial off-the-shelf components. The Global Security Environment Demands a New Sector However, all the news and excitement around America's love for space is giving rise to counter-space weapons to disrupt, degrade, or destroy space systems, according to the 2023 Space Threat Assessment by the Center for Strategic and International Studies. The assessment continues to expand upon the myriad of threats our space ecosystem faces on the ground and in space. The review categorizes these threats into capabilities that are kinetic physical, non-kinetic physical, electronic, or derived from cyberspace which can impact everything from satellite manufacturers and operators to launch providers. This past year, Russia decided to test the entire threat spectrum during the run-up to and subsequent invasion of Ukraine. Since Russia invaded Ukraine, they have conducted co-orbital dangerous maneuvers near a satellite, conducted a cyber-attack against multiple satellite ground stations, and electronically jammed global positioning and communications satellites.[8] Notably, each attack conducted against commercial space assets required commercial space providers to act immediately to safeguard their assets. Furthermore, we have even seen anti-satellite demonstrations by Russia in 2021, when they launched a missile against a defunct Soviet-era satellite creating 1,500 pieces of trackable debris.[9] Just last year, China launched the Shijian-21 "repair and inspection" satellite into orbit, which used grappling arms to grab and move a derelict BeiDou satellite into a graveyard orbit.[10] These are the same commercial assets that many nations and their citizens depend on daily and propel the need to establish a new critical infrastructure sector focused on space. Furthermore, the current space construct within the communications infrastructure sector misses vital industries in the broader space ecosystem. This seventeenth critical infrastructure of space systems must include the entire value chain from satellite manufacturing, launch operations, and satellite operations. The disruption through kinetic and non-kinetic means at any point of the space value chain can have a negative cascading effect throughout the entire industry. Through a holistic approach, this new critical infrastructure sector can develop and identify key areas that require safeguarding from the evolving complex threat landscape. Sector Risk Management Agency for Space Systems Elevating space to the seventeenth critical infrastructure sector seems an easy victory for the United States, but pinning one federal agency to lead the charge is a significant challenge. In addition to NASA, the Department of Commerce, the Department of Defense, the State Department, the Department of Transportation, and others all have organizations responsible for various aspects of the space enterprise. The Sector Risk Management Agency (SRMA) serves as the day-to-day Federal organization responsible for incident management, coordinating with other federal and private owners and operators, and facilitating technical assistance or consultations to identify vulnerabilities within their relevant sector. Each of the current sixteen sectors has an SRMA, with the goal of assigning an agency that understands the "unique characteristics, operating models, and risk profiles" of their respective sectors.[11] Selecting an SRMA to lead the new Space Systems Critical Infrastructure Sector is incredibly challenging, given the range of agencies involved with this domain and the overall knowledge required to comprehend this sector. Recently, some authors stated that NASA or the Department of Defense must take the lead, but they are incorrect in their conclusions.[12] For instance, NASA's mission focuses on researching and developing new technologies for space exploration and advancing science-related space data, homing in on its position as a primarily science and research organization.[13] Given that the SRMA's responsibility is operational and security-focused, putting NASA as the lead SRMA is likely the wrong answer and will put the organization at odds with itself. Furthermore, putting the Department of Defense, mainly the nascent U.S. Space Force and U.S. Space Command, as the SRMA is unwise at this time. Based on Congressional Testimony, the leaders of these organizations must focus on maturing their forces first before taking on an exponentially growing commercial space sector. With U.S. Space Command hitting full operational capability later this month, this is not the time to add in a new mission as the Command focuses on the threats posed against our military assets by Russia and China.[14] Unfortunately, the remaining federal agencies within the space domain only own small portions of the space enterprise, whether the Federal Aviation Administration in awarding launch licenses or the Office of Space Commerce focusing on building economic opportunities for commercial organizations. Since no single agency is responsible for all aspects of the space domain, the best option today is likely the Department of Homeland Security. While adding another "rock" in the pack of this agency is not ideal, its position is at the overlapping point of many factors within the space infrastructure community. The Department's established relationship with the various National Information Sharing and Analysis Centers links them directly to threats or potential threats inside multiple sectors.[15] This relationship includes the Colorado Springs Space Information and Sharing Analysis Center (Space-ISAC). In partnership with Space-ISAC, the Department can facilitate collaboration across the entirety of the space industry as it responds to the threats mentioned earlier. With the Department of Homeland Security serving as the central hub for coordinating responses, America's critical infrastructure remains well protected if it comes under attack. Amplifying the significance of placing the Department of Homeland Security as the lead SRMA is their role as the National Risk Management Center. Within this role, the National Risk Management Center is working on developing a new National Critical Functions list, which represents tasks by the government and the private sector deemed critical to the lives of Americans that any "disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety." After publishing the initial list of 55 functions in 2019, the Department categorized the functions into four areas: connect, distribute, manage, and supply to prioritize this list of critical functions to help inform the critical infrastructure sectors.[16] The National Critical Functions list represents a different framework for understanding and safeguarding critical tasks, moving away from the PPD-21 critical infrastructure sector policies. Whether the United States keeps the existing critical infrastructure framework or moves to this new model, space impacts nearly every function across each category. John Galer, then Vice President for National Security Space at the Aerospace Industry Association, noted that "there are 55 national critical functions and space either has dependencies or uses in all those things…absent the critical infrastructure designation, whether that happens or not, we have got a challenge here and we have to get after it."[17] Finally, the Department of Homeland Security is appropriately postured to lead this new critical sector, especially considering its existing Space Systems Critical Infrastructure Working Group.[18] Given that the expertise of this critical domain lies in various federal and commercial organizations, the Department must tap into this existing group and appoint permanent positions with representatives from leading federal government and commercial sector space organizations. The choice is clear – the Department of Homeland Security is the right pick. Over the Horizon As the commercial sector continues to make giant strides in developing space-based assets, propelling America's reliance on the space domain, the federal government must take concrete steps to protect its critical infrastructure. By appointing the Department of Homeland Security as the lead agency for coordinating activities in this infrastructure sector, the government can prepare itself for the burgeoning space ecosystem. At the end of 2022, MITRE and the Aspen Institute called for a whole-of-nation approach to building a sustainable, secure, and resilient space domain. Their report found that as "space expands beyond its government-led roots to the commercial sector, new challenges have emerged… Tied to this swiftly evolving space landscape, U.S. national and economic security are now inextricably intertwined and depend on the security, resilience, and sustainability of all U.S. space systems." As America's reliance on space continues to grow, the report found that there is an "insufficient complementary technical infrastructure to assure the security, resilience, and sustainability of the U.S.-envisioned space environment." It concluded that a "collective and sustained effort of commercial, civil, and military stakeholders—in other words, a whole-of-nation approach— is required to tackle these shared challenges and take advantage of future opportunities."[19] Lieutenant Colonel Justin D. Ellsworth, USAF Lt Col Ellsworth (M.S., The Dwight D. Eisenhower School for National Security and Resource Strategy; MBA, The Citadel; B.S., University of Connecticut; Legislative Affairs Certificate, Government Affairs Institute at Georgetown University) is a career Cyberspace Warfare Operations Officer. He serves as Branch Chief of Cyber Force Management at Headquarters, United States Air Force, The Pentagon. NOTES [1]. U.S. Library of Congress, Congressional Research Service, Critical Infrastructures: Background, Policy, and Implementation, by John D. Moteff, RL30153, (2015), https://crsreports.congress.gov/product/pdf/RL/RL30153. [2]. White House, Presidential Policy Directive -- Critical Infrastructure Security and Resilience, PPD-21 (Washington, DC: The White House, February 12, 2013), https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil. [3]. “Communications Sector,” Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, 2015, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/communications-sector. [4]. “Benefits of Space: Agriculture,” Office for Outer Space Affairs, United Nations, accessed September 20, 2023, https://www.unoosa.org/oosa/en/benefits-of-space/agriculture.html [5]. “Space Technology Helps Boost Dam Safety,” HR Wallingford, accessed September 20, 2023, https://www.hrwallingford.com/insight/space-technology-helps-boost-dam-safety. [6]. The Space Foundation, 2021 Annual Report (Colorado Springs, CO: Space Foundation Headquarters and Discovery Center, 2022), 7, https://www.spacefoundation.org/wp-content/uploads/2022/04/SpaceFoundation_2021-Annual-Report_Final-1.pdf. [7]. Ryan Brukardt, “How Will the Space Economy Change the World?,” McKinsey & Company, November 28, 2022, https://www.mckinsey.com/industries/aerospace-and-defense/our-insights/how-will-the-space-economy-change-the-world. [8]. Kari Bingen, Kaitlyn Johnson, and Makena Young, “Space Threat Assessment 2023,” (Washington, D.C.: Center for Strategic and International Studies, April 2023), https://csis-website-prod.s3.amazonaws.com/s3fs-public/2023-04/230414_Bingen_Space_Assessment.pdf. [9]. Chelsea Gohd, “Russian Anti-Satellite Missile Test Was the First of Its Kind,” Space.com, November 17, 2021, https://www.space.com/russia-anti-satellite-missile-test-first-of-its-kind. [10]. Andrew Jones, “China’s Shijian-21 Towed Dead Satellite to a High Graveyard Orbit,” SpaceNews, January 27, 2022, https://spacenews.com/chinas-shijian-21-spacecraft-docked-with-and-towed-a-dead-satellite/. [11]. “Sector Risk Management Agencies,” Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, Accessed on September 20, 2023, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/sector-risk-management-agencies. [12] Christopher Stone, “Who Will Defend Critical Space Infrastructure If Not the Space Force?,” Defense News, July 19, 2023, https://www.defensenews.com/opinion/2023/07/19/who-will-defend-critical-space-infrastructure-if-not-the-space-force/, Sharon Cardash, Frank Cilluffo, Mark Montgomery, and Kelsey Shields, “CSC 2.0: Time to Designate Space Systems as Critical Infrastructure,” Cyberspace Solarium Commission, (Washington, D.C., April 14, 2023,) https://cybersolarium.org/csc-2-0-reports/time-to-designate-space-systems-as-critical-infrastructure/. [13] “About NASA,” National Aeronautics and Space Administration, Accessed on September 20, 2023, https://www.nasa.gov/about/index.html. [14]. Rachel Jewett, “US Space Command to Reach Full Operational Capability in August,” Via Satellite, August 2, 2023, https://www.satellitetoday.com/government-military/2023/08/02/us-space-command-to-reach-full-operational-capability-in-august/. [15] “About ISACs,” National Council of ISACs, Accessed on September 20, 2023, https://www.nationalisacs.org/about-isacs. [16]. “National Critical Functions,” Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, Accessed on September 20, 2023, https://www.cisa.gov/national-critical-functions. [17]. Joseph Marks, “Space could be the next frontier for cyber threats,” Washington Post, November 8, 2021, https://www.washingtonpost.com/politics/2021/11/08/space-could-be-next-frontier-cyber-threats/. [18]. “CISA Launches a Space Systems Critical Infrastructure Working Group,” Cybersecurity & Infrastructure Security Agency, Department of Homeland Security, May 13, 2021), https://www.cisa.gov/news-events/news/cisa-launches-space-systems-critical-infrastructure-working-group. [19]. “The Space Imperative: A Whole-of-Nation Approach to a Sustainable, Secure, and Resilient Space Domain,” (Aspen Institute and The MITRE Corp., November 2022), 1, https://www.mitre.org/sites/default/files/2022-11/pr-22-3156-space-imperative-whole-of-nation-approach-sustainable-secure-resilient-space-domain.pdf.