The Relevance and Applicability of Cybersecurity Laws with Regard to Data Storage on Board Satellites and on the Ground

Abstract

Cybersecurity is a growing concern in the space sector, with satellite transmission interference and unauthorized access to data being the most common threats against space systems. This article will focus on the latter and on the cybersecurity laws that, albeit in their infancy, aim at protecting against such risks. In particular, this article will assess whether the existing cybersecurity regulations are pertinent to the protection of data stored onboard satellites in outer space and on ground facilities. It will specifically refer to the context of the EU Directive on Security of Network and Information Systems (EU NIS Directive), the US Internet of Things Cybersecurity Improvement Act (IoT Cybersecurity Act), and the Tallinn Manual on the International Law Applicable to Cyber Operations (Tallinn Manual 2.0), so as to assess their connection to the current methods of data storage. Towards this end, the relevance of the said laws and their competence in ensuring adequate standards of protection against cyber threats and security breaches will be argued. On the one hand, cybersecurity regulations are designed to safeguard the integrity of data systems from external tampering. On the other hand, it has not yet been established whether the scope of these laws extend outside the territorial sovereignty of States or in outer space, all while cyber operations in the framework of space activities may appear in various forms. The purpose of this article is to determine whether the regulatory regime in force is able to address the challenges arising from the increasing connectivity of satellites and satellite systems, which make them vulnerable to cybersecurity risks. In doing so, it will mainly focus on the notions of an information system, service provider, and cyber threat within the structure of space data systems.