Over the past year, this office has had numerous inquiries regarding COMSEC for NASA spacecraft, and the applicability of National and NASA COMSEC policies to U.S. Civil (non-DoD) space programs. Because of this heightened level of interest, and some inconsistencies associated with decisions concerning the application of COMSEC to command uplinks, which we believe resulted in the unnecessary expenditure of funds and the acceptance of unnecessary risk, we in the NASA Security Management Office felt it necessary to clarify the existing policies to eliminate any confusion created by misinterpretation of these policies.
The National Policy on Application of Communication Security to U.S. Civil and Commercial Space Systems, NTISSP No. 1 dated June 17, 1985, contains the applicable and current policy on protecting the command and control uplink for U.S. Government owned spacecraft. This policy has not been rescinded or superseded, nor has it been revised since its original issue in 1985. Moreover, NASA adopted, within the NASA Security Handbook (NHB 1620.3C) the total provisions contained in NTISSP No. 1.
Paragraph 1 states "Government classified and Government or Government contractor national security related information transmitted over satellite circuits shall be protected by approved techniques from exploitation by unauthorized intercept. "This aspect of the policy has led to misconceptions. Although there is no question that telemetry carrying classified data must be protected by encryption, we often hear comments like "NASA is a non-DoD agency, and our missions are totally unclassified, therefore, encryption is not required." Although it is true that most of NASA's mission data is unclassified, there is a great deal of Government sensitive unclassified information handled daily at NASA. NASA's Automated Information Security Handbook, NHB 2410.9, requires justification for not encrypting the most sensitive of this information. The bottom line is that program decision makers must determine the risk balanced against the cost of encrypting sensitive unclassified data with the knowledge that interception of this data is increasingly easy and common when transmitted from one terrestrial location to another via a communications satellite.
Paragraph 2 states, "government or Government contractor use of U.S. civil (Government-owned but non-DoD) and commercial satellites launched five years from the date of this policy shall be limited to space systems using accepted techniques necessary to protect the command/control uplink." Paragraph 2 embodies another commonly misunderstood aspect of this policy. It discusses the most critical aspect of COMSEC needs for all NASA space flights, the requirement to protect the command uplink. Threats to the command link range from intentional attack by nation states, terrorist groups, foreign space consortiums, and hackers or space communications enthusiasts, to those posed by operations in the increasingly crowded frequency spectrum where unintentional interference can have dire consequences. Thousands of hacker penetration attempts occur daily on the Internet. With the degree of sophistication in these attacks increasing, coupled with the communications equipment we believe it could only be a matter of time before an unprotected NASA satellite is damaged through the introduction of an unauthorized command. It is for the same reasons that commercial enterprises are routinely applying COMSEC to their command uplinks to prevent "outages" as a result of unintentional interference that can result in the significant loss of revenue.
The term "accepted techniques" referred to in both paragraphs also needs to be explained. Approved techniques as they pertain to space COMSEC equate to National Security Agency (NSA) endorsed encryption and authentication systems. The NSA, as the national manager for COMSEC, has thirty years of experience in developing reliable, lightweight, space qualified COMSEC systems which are now unclassified. There is a perception in some circles that, since the command link is unclassified, encryption systems endorsed by the National Institute of Standards and Technology (NIST) are to be used; this is wrong. The NIST has no plans now or in the future to get into the space COMSEC business. It is important to note that this misconception has resulted in the unnecessary expenditure of significant developmental funds for a nonspace related encryption system, when proven NSA space rated devices were already available, at a fraction of the cost.
Paragraph 3 states "The need for and means to protect the command/control uplink associated with civil satellite systems, intended exclusively for unclassified missions, will be determined by the organization responsible for the satellite system in coordination with the National Security Agency." The requirement to apply COMSEC is not automatic in all cases, but it does seek to engage the responsible programs with the NSA for the purpose of discussing threat and associated risk when making these decision.
Paragraph 6 states "The Director, National Security Agency, in coordination with other departments or agencies as appropriate, shall assess space systems telecommunications and command/control uplink functions to determine their vulnerability to unauthorized use and provide approved protection techniques and guidance." Additionally, in complying with this policy, Chapter 46 of the NASA Security Handbook (NHB 1620.3C) seeks to facilitate this process by requiring responsible organizations within NASA to also coordinate with our office on space COMSEC issues. In response to the last sentence in this paragraph it should be noted that "approved protection techniques" means NSA endorsed space qualified authentication/encryption devices. These endorsed products for Government use can be direct purchased "off-the-shelf" from NSA authorized vendors.
This office can help by assisting the responsible program and project managers address the security cost and benefit analysis necessary in performing a thorough risk assessment. If you have future space programs in the planning stage or other projects requiring COMSEC and we can be of assistance, or if you have any questions concerning security, please contact me at (202) 358-0118 or, in my absence, Jack Symanek, NASA's COMSEC Manager. He can be reached at (202) 358-2455.
Mark R.J. Borsi
To be contacted for a confidential consultation |
please E-mail: firstname.lastname@example.org
or send a letter via US Mail to: