Legal Framework of the Space Activity Cybersecurity in the USA: Experience for Ukraine

Abstract

The article depict the timeline of the development of the cybersecurity legislation in the USA, which divided into two stages. Thefirst one rises as a response to the large-scale terroristic threats in 2001 and lasted until 2014. The second one starts with the massiveand multisectoral cyber incidents and cyber-attacks the US faced in the last five years. In addition, it was analyzed the changes in institutionalstructure aimed to support the cybersecurity in the US and their branched connections with public and private actors. The mainattention was paid to the content of the Memorandum on Space Policy Directive-5 “Cybersecurity Principles for Space Systems”, whichcould be the example of the best law-making practice not only for space actors within the US, but also for law-making actors of allspace-faring nations.The chronology of the elaboration of cybersecurity legislation and the institutional structure of their support in Ukraine analyzedin the second part of this article. On this ground, we observed some weak aspects of national cyber legislation. First is duplication andinconsistency of the basic terms, like “cyberattack”, “critical infrastructure”. The second one is the absence of an approved list of cri -tical infrastructure facilities and clear requirements for conducting an independent information security audit. The third one is by-lawsare aimed primarily at protecting public information resources and do not take into account the requirements for cooperation betweenthe public and private sectors in the protection of critical infrastructure, regardless of its affiliation to any form of ownership.Analysis of the draft law concerned critical infrastructure permits to make a conclusion about coming to the second stage in thedevelopment of cyber legislation in Ukraine, which will enhance the development of particular legislation within to each sector of criticalinfrastructure. In this regard, it is necessary to elaborate legal background for cybersecurity of space activity. For this aim, we supposeas necessary to designate the State Space Agency of Ukraine as a responsible entity in the field of space activities for the specifiedsector of critical infrastructure. Furthermore, the article suggested prescribing plans to protect against cyber threats (cyber attacks orcyber incidents) as one of the necessary documents for obtaining a permit to conduct certain types of space activities.