With the continuous enrichment of commercial application scenarios of satellite Internet, the global commercial satellite Internet industry is booming. Due to its abundant data resources and diverse participation in the operation of commercial satellite networks, it is difficult to protect security, and security threats such as signal interference, data leakage, and chain attacks for commercial satellite networks are becoming increasingly significant, and the harmful impact continues to expand. In order to deal with the threat of space network security, the United States has intensively issued strategic documents and issued a series of laws and policies in recent years to promote the standardization of the security management system of commercial satellites. At present, there is a gap in China's legislation in the field of commercial aerospace, and the standard system and ecosystem of commercial satellite cybersecurity have not yet been established. CCID Research Institute suggests that China should speed up the introduction of satellite Internet security policies and regulations, build commercial satellite network security standards and evaluation systems, promote the integrated development and technological upgrading of aerospace and network security, and actively carry out international cooperation on global aerospace information networks.
1. The deployment of U.S. commercial satellite network security management has accelerated
Accelerate the deployment of commercial satellite network security strategies, and strive to seize the initiative in space security. At the strategic level, the Space Policy Directive No. 5 of September 2020 explicitly calls for the integration of cybersecurity into the entire lifecycle of satellite network development to strengthen the cybersecurity of space systems. In March 2023, the U.S. National Science and Technology Commission issued the National Low-Earth Orbit Research and Development Strategy, proposing that NASA will establish a national laboratory in low Earth orbit to strengthen a number of cutting-edge research, including satellite cybersecurity. In November 2023, the U.S. Department of Defense announced that it is developing the first Department of Defense Commercial Space Integration Strategy to promote commercial technology integration and ensure viable commercial space solutions during times of competition, crisis, and conflict. At the level of laws and regulations,In April 2022, the U.S. Congress passed the Satellite Cybersecurity Act, which requires the development of cybersecurity recommendations for U.S. satellite operators and the opening of resources to address cybersecurity and threats to commercial satellite systems.
Establish a multi-level system of space network security standards and norms, focusing on the full life cycle management of commercial satellite networks. The U.S. National Institute of Standards and Technology (NIST) has issued four satellite cybersecurity risk management guidance frameworks to help commercial satellite operators identify cybersecurity risks in space segments, terrestrial segments, user segments, and hybrid satellite networks. Relevant units of commercial satellites should take a series of norms as a reference for managing cybersecurity risks, incorporate cybersecurity risk management into the overall risk management plan, and manage cybersecurity risks of satellite systems, networks and assets from the five stages of identification, protection, detection, response and recovery. In addition, in April 2023, the U.S. Commission on Cyberspace Solarium recommended that the U.S. Department of Homeland Security establish space systems as critical infrastructure to reduce satellite cybersecurity breaches. In May 2023, the United States proposed in the "Strategic Framework for Space Diplomacy" document that it should continue to strengthen space network security and information and communication technology represented by satellite Internet, and strengthen the security and resilience of space-related critical infrastructure.
Seize the opportunity of commercial satellite deployment, strengthen cooperation with the industry, and promote the cross-domain integration and development of cyber security and satellite technology. On the one hand,To strengthen the resilience of space networks, the United States has further promoted cooperation with commercial space companies, and commercial space companies are vying to lay out the low-orbit satellite market. As of November 2023, SpaceX's Starlink project has launched a total of 5,513 satellites and carried out Internet access services in 60 countries around the world. Amazon Inc. of the United States has launched the satellite Internet construction project "Kobayi Project", which plans to deploy 3,236 satellites in low-earth orbit within five years, and begin to provide Internet services after the first batch of 578 satellites enter orbit. On the other handIn March 2023, the U.S. Space Information Sharing Center established a new operation monitoring center to monitor, analyze, and quickly respond to cyber threats to key assets in space in real time. In August 2023, Spideroak, a U.S. cybersecurity company, successfully validated its zero-trust cybersecurity software OrbitSecure on the International Space Station, enabling the use of a zero-trust framework to secure satellites and ensure the secure transmission of data between terrestrial networks and low-Earth orbits.
2. China's commercial satellite network security policy legislation and standard supervision system have not yet been formed
The progress of China's commercial aerospace safety legislation lags behind, and it is difficult to coordinate supervision. In recent years, the demand for commercial aerospace market represented by commercial satellites has gradually expanded, and data circulation and throughput have expanded rapidly, but the legislative progress of relevant network security protection has been relatively slow. On the one hand,At present, China's cybersecurity legislation is mainly guided by the "People's Republic of China Law of the People's Republic of China", "Cybersecurity Law of the People's Republic of China", "Data Security Law of the People's Republic of China", "Regulations on the Security Protection of Critical Information Infrastructure", etc., and there are no laws and regulations for network security protection in the commercial aerospace field. "Space Law" and "Regulations of the People's Republic of China on Satellite Navigation" were included in the legislative plan of the Standing Committee of the National People's Congress. On the other handChina's satellite management is under multiple competent departments, and the relevant network security risks are managed by the corresponding business authorities. However, due to the variety of application scenarios, the complex and lengthy chain, and the large number of operation service units of commercial satellites, it is difficult for supervision to achieve comprehensive coverage. For example, in view of the broadband communication satellite access problem of satellite Internet, for the equipment terminal with a ground information customs station, the security management of the operating enterprise can be implemented, but for the way that the ground information customs station is not required, the Internet is directly connected to the Internet through a specific micro satellite equipment terminal, or the Internet access is provided to the territory through the overseas information customs station at the border, which will bring problems to China's network supervision. In addition, the interweaving of security management rules for military and commercial satellites is also prone to problems such as cross-management and blind spots in supervision, which reduces the effectiveness of supervision.
There is a lack of unified standards for the network security of commercial satellites in China, and the security industry ecosystem has not yet been formed. China's commercial satellite Internet technology industry has problems such as lagging basic technology and lack of special security standards. At the same time, factors such as the small scale of the industry, the low attention of enterprises, the lack of leading enterprises, and the lack of industrial activity also restrict the overall development of the satellite Internet security industry. On the one hand,China's satellite Internet technology industry is still in the early stage of development, in many basic links, such as the performance of on-board payload processing, satellite networking protocol, channel coding and other technologies are still in the catch-up period, most of them are "usable" as the standard, mainly in accordance with the standards of the United States and other Western countries as a reference, with the development of technology and the intensification of international competition, security risks will gradually appear. The security standards of commercial satellite Internet are mainly guided by general standards such as "Basic Requirements for Classified Protection of Information Security Technology", "Evaluation Requirements for Classified Protection of Information Security Technology", and "Technical Requirements for Security Design of Classified Protection of Information Security Technology", and lack of security standards dedicated to satellite networks. In addition, China's existing satellite network security standards are outdated, such as satellite communications, some broadband satellite signaling coding and protocol standards are outdated, and are not applicable to the development of new satellite technology and network security. On the other handChina's terrestrial communication and network security ecosystem is gradually maturing, but the overall scale of the industry in the field of commercial satellite network security is small and the market share is low. Most of the satellite Internet users pay attention to the performance, cost and efficiency of their products, and invest less in satellite network security. At the same time, there is a lack of leading enterprises with typical security technologies and scenario applications of satellite Internet in China, and most of the security service providers have not established a special security business line in the satellite field, and most of them still focus on traditional communications, terminals, services, and new technology security protection. In addition, industry associations in the field of commercial satellite Internet are still in the early stage of establishment, and the activity of industrial technical cooperation, forum activities, and talent training needs to be improved.
3. Enlightenment and Suggestions
The commercial satellite industry is developing rapidly and is expected to lead the world into the intelligent era of the Internet of Everything. In 2022, the market size of China's satellite Internet industry will reach 31.4 billion yuan, and the market size is expected to reach 44.7 billion yuan in 2025.
Accelerate satellite Internet security legislation and promote the formulation of coordinated and unified management policies. On the one hand,On the basis of the Space Law of the People's Republic of China, promote China's satellite network security legislation and formulate guidelines for commercial satellite network security. Facing all links of the satellite Internet industry chain, comprehensively considering data security, network security, and chain security, the minimum security standards for satellite networks and commercial satellite access specifications are formulated, and the spectrum scope and allocation mechanism for satellite communications are stipulated. Launched a network security application guide for commercial satellite application parties, leading companies and service providers, and provided corresponding practices and cases to guide them to ensure satellite network security. On the other handClarify the management responsibility unit and promote a coordinated and unified management model. Strengthen the "vertical" management capacity, incorporate satellite Internet security into the overall management of all links, and promote the establishment of a satellite constellation network security system and mechanism with the participation of enterprises, experts, and other parties. We can learn from the practice of the United States and establish institutions such as the "Cyber Security Coordination Center for Commercial Satellite Systems" to provide cyber security resources and guidance for commercial satellite users, manufacturers and operators.
Promote the construction of commercial satellite network standards and evaluation systems, and forward-looking layout of future security technologies. One isAccelerate the establishment of a network security standard system for commercial satellites, and promote the standardization of space network security. Research and formulate standards and specifications related to the management, technology, evaluation, and emergency response of commercial satellite network security, and guide operators to strengthen their protection capabilities. The second isEstablish a cybersecurity assessment system for space systems, and promote the orderly development of security assessments. Formulate general security standards for leading merchants, service providers, and users, and at the same time, according to the different uses and characteristics of satellites, formulate special security assessment standards for commercial satellite networks, standardize evaluation procedures and evaluation methods, build a satellite network security situation rating system, build a national commercial satellite network security testing service platform, implement security certification procedures for space network products and systems, carry out security evaluation services for commercial satellite networks, and comprehensively promote the construction of commercial satellite network security protection capabilities. The third isPromote innovation in satellite security technology. Relying on the technological innovation capabilities of satellite enterprises in the commercial field, we will promote emerging security technologies such as zero trust, blockchain, and artificial intelligence to serve satellite network security applications. Strengthen the research on the space-ground integrated cryptographic protection system, carry out key technical research such as satellite-ground communication security switching, data transmission, inter-satellite routing, privacy computing, and intelligent attack and defense, accelerate the construction of an endogenous security guarantee system and data security service capabilities for satellite network data fusion applications, and support the construction of an integrated space-ground network security protection system.
Promote cross-industry integration and exchanges in the field of cyber security and aerospace, and strengthen the construction of satellite security resilience. One isStrengthen the integrated development of the cybersecurity industry and the aerospace field. Cross-industry alliances can be established to bring together experts and scholars from industries including satellite communications, network security, software development, and hardware manufacturing to jointly explore key common problems in security and promote R&D and innovative technologies. The second isPromote public-private sector cooperation, actively promote diversified and organic cooperation with commercial aerospace, cybersecurity, finance and other industries, explore new government-enterprise cooperation models, focus on breakthroughs in key security technology capabilities, and share resources and expertise. Encourage the establishment of industry associations and industry alliances, hold conferences, exhibitions, forums, salons, and competitions in the field of commercial satellite network security, select excellent satellite network security solutions and application cases, improve the attention of user units and operating units in the commercial aerospace field to satellite network security, increase the enthusiasm of software and hardware equipment vendors and network security service providers in R&D investment, and expand and optimize the commercial satellite security industry. The third isCarry out personnel training to improve safety awareness and emergency response capabilities. Encourage competent departments, user units, and network security vendors to strengthen the training and assessment of network security personnel, promote the establishment and training of new professions such as satellite communication system security testers and satellite ** chain security administrators, carry out in-depth training of satellite network security personnel, strengthen actual combat drills, and improve the network security capabilities and emergency response capabilities of user units and product users.
Actively participate in global governance and promote dialogue and cooperation in the field of international aerospace information network security. One isActively participate in international cooperation and exchange platforms to promote the sharing of security capabilities. Establish or join international aerospace information cybersecurity alliances and organizations, promote exchanges and cooperation between enterprises, academia and other countries, promote the signing of bilateral and multilateral cooperation agreements, establish a cybersecurity cooperation mechanism in the aerospace field, and promote the sharing of cybersecurity intelligence and defense strategies with international partners. International conferences and seminars are held regularly to share experience, publish satellite network security protection cases and guidelines, and enhance international influence. The second isParticipate in the development of international standards and strengthen dialogue at the legal level. Actively lead or participate in the formulation of international standards for cybersecurity in the space field, relying on the International Telecommunication Union, the International Telecommunication Standardization Organization and other alliance units, research and promote satellite network security standards with independent intellectual property rights to become international standards, and gradually enhance China's international influence in the field of space cybersecurity. Participate in the formulation of international laws and policies, put forward China's proposals, advocate fair and transparent cybersecurity policies, and ensure the stability and security of the global Internet. The third isLower the threshold for international cooperation of enterprises, and promote international cooperation in technology research and development and innovation. Encourage transnational R&D projects, formulate policies conducive to international scientific and technological cooperation, and reduce administrative and legal barriers to transnational R&D cooperation. Harmonization of IP protection and technology transfer policies within the international legal framework. Establish international scientific research and industrial cooperation** to support innovative research in the field of satellite Internet. Support cooperation between international scientific research institutions and enterprises, promote the joint development of advanced aerospace cybersecurity technologies by Chinese security enterprises and foreign enterprises, and promote technical exchanges and knowledge sharing.