Bill Overview
Title: Satellite Cybersecurity Act
Description: This bill addresses cybersecurity matters related to commercial satellite systems. Specifically, the Cybersecurity and Infrastructure Security Agency (CISA) must maintain a publicly available clearinghouse of resources concerning the cybersecurity of commercial satellite systems. CISA must also consolidate voluntary recommendations for the development, maintenance, and operation of such systems. The recommendations must include measures to protect systems against cyber-related vulnerabilities, risks, and attacks. The bill also requires the Government Accountability Office (GAO) to study and report on federal actions to support the cybersecurity of commercial satellite systems, including with respect to critical infrastructure sectors. In carrying out its study and report, the GAO must coordinate with designated federal agencies.
Sponsors: Rep. Malinowski, Tom [D-NJ-7]
Target Audience
Population: People dependent on or working with commercial satellite systems
Estimated Size: 350000000
- The bill is specifically targeting the commercial satellite industry, which includes companies that own, operate, and develop satellite systems.
- Employees of commercial satellite companies, such as engineers, cybersecurity professionals, and operation managers, will need to comply with new recommendations and possibly adopt new cybersecurity measures.
- Users and customers of commercial satellite services, which include telecommunications companies, internet service providers, and television broadcasters, could be affected by changes in the operation and security of satellite systems.
- The legislative measures aim to increase the resiliency and security of commercial satellites, potentially impacting data security and service reliability for global communications.
- Law enforcement and national security agencies will be indirectly affected as enhanced cybersecurity measures may improve or complicate investigation processes depending on context.
- As satellite systems often support various critical infrastructure sectors, improvements in satellite cybersecurity can have widespread implications for these sectors' operations and services.
Reasoning
- The population influenced directly by this policy primarily includes employees and stakeholders in the commercial satellite industry, estimated at around 350 million globally, with a significant portion based in the U.S.
- Considering the budget constraints, the policy is likely to influence the cybersecurity workforce within the commercial satellite industry by requiring updates to systems and increasing demand for cybersecurity resources.
- Indirect impacts extend to consumers and businesses reliant on satellite services, but these are often less immediately drastic since changes in cybersecurity lead to more gradual improvements in reliability and safety.
- The policy focuses on voluntary guidelines and recommendations, meaning immediate mandatory compliance costs for companies may be limited, but may drive longer-term strategic shifts, impacting jobs and consumer perceptions of satellite service safety.
Simulated Interviews
Cybersecurity Engineer (California, USA)
Age: 35 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 5/20
Statement of Opinion:
- I think the policy is a good step toward strengthening our cybersecurity landscape.
- Initially, compliance might be challenging, but the focus on voluntary measures is reasonable given the budget.
- This will likely increase our workload, but also bolster job security in our field.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 5 |
Satellite Communications Consultant (Florida, USA)
Age: 41 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- This act solidifies the importance of cybersecurity in satellite communications.
- While the policy aims for improvement, smaller companies may struggle with the increased resource needs without government aid.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 8 | 5 |
Telecommunications Executive (Texas, USA)
Age: 50 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 4/20
Statement of Opinion:
- I'm concerned about potential cost increases and disruptions our operations might face due to new cybersecurity requirements.
- However, improving security could prevent costly breaches.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 4 |
Media Company Employee (New York, USA)
Age: 29 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 2.0 years
Commonness: 6/20
Statement of Opinion:
- Security is vital, but I'm worried about how updates might affect broadcasting and service stability temporarily.
- Long term, it's reassuring knowing cybersecurity is taken seriously.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 5 |
Retired (Virginia, USA)
Age: 64 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 0.0 years
Commonness: 8/20
Statement of Opinion:
- I retired before cybersecurity became this critical, but I understand its importance.
- Improving satellite security is crucial, yet I wonder if this will lead to higher service costs.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 5 | 5 |
| Year 5 | 5 | 4 |
| Year 10 | 5 | 4 |
| Year 20 | 5 | 4 |
Government Analyst (Washington, USA)
Age: 38 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 2/20
Statement of Opinion:
- This aligns with national priorities on cybersecurity and could guide similar international efforts.
- Balancing voluntary compliance with effective enforcement will be a challenge.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 5 |
| Year 10 | 8 | 5 |
| Year 20 | 8 | 5 |
Small Business Owner (Colorado, USA)
Age: 45 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- I hope the policy offers support for small businesses to adopt recommended practices.
- Cybersecurity is important, but I worry it might eat into our already tight budgets.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 4 |
| Year 20 | 6 | 4 |
Graduate Student (Georgia, USA)
Age: 27 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 7/20
Statement of Opinion:
- The policy could open more research and job opportunities in satellite cybersecurity.
- It highlights growing awareness and support for protecting critical tech infrastructure.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 7 | 7 |
Satellite Technician (New Mexico, USA)
Age: 32 | Gender: other
Wellbeing Before Policy: 7
Duration of Impact: 7.0 years
Commonness: 4/20
Statement of Opinion:
- More regulations could mean more training and standards to meet, but there's some job security in that.
- Keeping systems secure is essential, but I hope it doesn't complicate our operations too much.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 5 |
Telecom Company Executive (Illinois, USA)
Age: 56 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 5/20
Statement of Opinion:
- Satellite security is pivotal for us, but initial costs can be a concern.
- Ultimately, the policy's emphasis on security is aligned with our corporate goals.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 4 |
Cost Estimates
Year 1: $120000000 (Low: $100000000, High: $150000000)
Year 2: $122000000 (Low: $102000000, High: $153000000)
Year 3: $125000000 (Low: $105000000, High: $156000000)
Year 5: $130000000 (Low: $110000000, High: $162000000)
Year 10: $135000000 (Low: $115000000, High: $168000000)
Year 100: $135000000 (Low: $115000000, High: $168000000)
Key Considerations
- The cybersecurity of commercial satellite systems is critical for national security and global communications.
- There are significant coordination requirements between CISA, GAO, and other federal agencies to implement the bill's provisions.
- The bill's recommendations must be regularly updated to tackle evolving cyber threats effectively.
- Potential resistance from parts of the industry to voluntary recommendations that might imply additional costs.