Today marks a pivotal moment in U.S. history as presidential power transitions to the newly elected President. As this significant political change takes place, our focus turns to the future of initiatives spearheaded by the outgoing administration, including the executive order issued on 16 January 2025, titled Strengthening and Promoting Innovation in the Nation’s Cybersecurity. This order focuses on bolstering the cybersecurity of critical infrastructure, particularly space systems. The continuity and potential evolution of this initiative under the new administration remain key areas of interest.

Background of the Order
The order confronts rising cyber threats targeting the U.S., especially from adversarial nations. It builds on prior efforts such as the Executive Order 14028 (12 May 2021) and the National Cybersecurity Strategy, aiming to strengthen and protect digital infrastructure. With space systems playing a growing role in national security and economic activities, the recent order underscores the urgent need to protect space assets from cyber threats.

Key Objectives of the Order

Key objectives of the order include (i) Strengthening software supply chain security by requiring software providers to demonstrate secure development practices, (ii) improving communication and identity access and management systems by enforcing end-to-end encryption for federal communications, including email and video calls, and implementing advanced, phishing-resistant authentication methods across government systems, and (iii) fostering innovation in cybersecurity by promoting the use of emerging technologies, e.g., artificial intelligence, to enhance defenses, and encouraging public-private partnerships to drive cybersecurity advancements.

Space-Centric Cybersecurity Measures

Given the strategic importance of space systems, the order includes specific measures to protect space assets:

  • Setting Minimum Cybersecurity Standards
    Establishing baseline security requirements for U.S. space systems, including satellites, ground stations, and data networks, to maintain consistent protection.
  • Strengthening the Space Technology Supply Chain
    Conducting detailed assessments to identify vulnerabilities in the supply chain, with a focus on preventing malicious components from foreign suppliers.
  • Boosting Research and Development (R&D)
    Investing in advanced cybersecurity solutions tailored for space systems, including exploring quantum-resistant encryption to guard against future quantum computing threats.
  • Securing Communication Channels
    Implementing end-to-end encryption protocols to ensure data shared between space systems and ground stations remains confidential and tamper-proof.

Key Recommendations and Requirements

  • Continuous Assessment and Resilience of Federal Space Systems
    Federal agencies must verify that space systems are equipped to handle evolving cybersecurity threats through ongoing assessments, testing, exercises, and simulations.
  • Updates to Civil Space Contract Requirements
    • Within 180 days, designated agencies, including NASA, must review and recommend updates to civil space cybersecurity requirements in the Federal Acquisition Regulation (FAR).
    • These recommendations must adopt a risk-based, tiered approach and cover on-orbit and link segments for civil space systems. For high-risk tiers, requirements must include:
      • Command and Control Protection
        • Encrypting commands to ensure confidentiality.
        • Preventing modification of commands during transit.
        • Verifying commands are from authorized sources.
        • Rejecting unauthorized command attempts.
      • Anomaly Detection and Recovery
        • Implementing methods to detect, report, and recover from anomalous system or network activity.
      • Secure Development Practices
        • Using secure software and hardware development practices aligned with the NIST Secure Software Development Framework (SSDF).
  • Review and Implementation by FAR Council
    • Within 180 days of receiving recommendations, the FAR Council will review and amend the FAR as needed, ensuring compliance with applicable law.
  • Study and Inventory of Space Ground Systems
    • Within 120 days, the National Cyber Director must submit a study to the Office of Management and Budget (OMB) on space ground systems owned, managed, or operated by Federal Civilian Executive Branch (FCEB) agencies. The study must include:
      • A comprehensive inventory of space ground systems.
      • Classification of systems under ‘major information systems’ per 44 U.S.C. 3505(c).
      • Recommendations to enhance cybersecurity defenses and oversight of these systems.
  • Ensuring Compliance with Cybersecurity Requirements
    • Within 90 days of the study's submission, the Director of OMB must ensure that FCEB agency space ground systems comply with relevant cybersecurity standards.

This framework highlights a structured approach to enhance the cybersecurity of U.S. space systems, addressing command and control, anomaly detection, secure development, and compliance oversight.

Looking Ahead: The Order’s Future
The trajectory of this executive order will depend on the priorities of the new administration. While bipartisan agreement on the importance of cybersecurity suggests its foundational elements will persist, updates may be introduced to address evolving threats and technologies.

Lessons for Europe

The U.S. executive order highlights key strategies Europe can adopt to secure its space infrastructure. Continuous assessment and adaptive resilience, such as regular cybersecurity testing and simulations, ensure systems remain operational in contested environments. A tiered, risk-based approach to cybersecurity, focusing on high-risk systems, can help Europe allocate resources effectively while ensuring robust protections like encrypted commands and unauthorized access prevention.

Supply chain security is another critical lesson, as Europe’s reliance on global components necessitates stringent reviews to prevent vulnerabilities. Adopting a unified regulatory framework across EU member states would enhance consistency and resilience in European space systems, strengthening their defense against evolving cyber threats. It remains to be seen whether the proposed EU Space Act will include such cybersecurity requirements and safeguards against the increasing number of cyber threats.

Conclusion
This executive order represents a significant step in safeguarding U.S. cybersecurity, with a strong emphasis on space systems. As leadership transitions, a sustained focus on cybersecurity will be critical to protecting vital infrastructure from emerging threats. Stakeholders in the space sector are encouraged to stay informed and actively engage with evolving policies to ensure alignment with security goals.

For further details, the full text of the executive order is available on the White House website. For continuous updates on space-related cybersecurity, visit spacetech.law. If you seek legal advice, you may consult a lawyer from DLA Piper’s Space Exploration and Innovation group.