Space and Cyberspace at the White House

hello everyone thank you for joining us this afternoon we are delighted to have Tanya Sims and Lauren Williams to talk to us about space and cyberspace at the White House thank you so much for that introduction um I guess first off welcome back from lunch um these seats are very comfortable so feel free to recline back and listen to us drone on about policy um yeah very exciting I got a woo somewhere um okay so uh first off um I guess a round of introductions my name is Tanya Sims I'm the director for cyber policy and programs at the office of the national cyber director over the course of the last 12 years prior to oncd

um I was I've been in the National Security Systems cyber defense sort of community making sure that our critical assets critical for military operations for other uh sensitive National Security missions are well defended and protected and so I see one of my former colleagues in the audience there but I guess I shouldn't point to him because he might have issues with that um but uh anyways so um at the office of the national cyber director um oh and CD as we like to call it um uh my primary goal as a director for cyber policy and programs is to look at critical infrastructure related governance right how is the federal government Community organized and um sort of around critical

infrastructure systems protections and so you think about sort of all the Departments and agencies uh dealing with the 16 critical infrastructure sectors that we have in this country um that are called sector risk management agencies right how are we actually working as a cohesive unit to properly defend the different sectors from cyber related risks and vulnerabilities attack but also how are we talking about sort of private public collaboration when it comes to critical infrastructure systems cyber security as we all know probably that um over the course of the last 20 years critical infrastructure is mostly within private sector hands right right and so public private collaboration in that sense is very important and Space Systems while

not a critical infrastructure sector per se formally designated as such we recognize it to be a critical underpinning function right when you think about not just military application but also sort of all of the communications GPS right weather monitoring that that we rely on um in our daily lives is just average civilians right Space Systems becomes incredibly important and so these are just some of the things that I focus on within oncd Lauren thanks so much Tanya I'm really glad to be here with my colleague given all of the Aries expertise that she's focused on for for a long time I'm Lauren Williams and I think we very much are here to bring put the space in

cyberspace through this panel and this conversation um and I am a senior advisor for strategy and research was in the office of the national cyber director and have been in this office for the better part of this year but previously immediately before coming to the White House was working in the Department of Defense in the office of the assistant secretary for space policy which is I'm sure as many of you know space policy particularly within the government is kind of a new a growing area an expanding area of focus given all the reasons that Tanya mentioned that's because Space Systems are so critical to way of life to National Security to our economy and so I joined that that office

relatively immediately after the space force was created lots of activity around space issues within the Department of Defense while I was there I focused very particularly on kind of the intersection thinking about the intersection between National securities-based missions and how we can better leverage our Partnerships with the private sector particularly many of the companies that are based here in California how can the Department of Defense way on the other side of the country be better integrated and thinking about how the private sector does things and incorporating that way of thinking and systems and services into how we do things back in DC and since I joined the White House when I walked in the door as the person who had

come immediately from from the Department of Defense working on Space issues this issue of space system cyber security was one that had been percolating it's one that Tanya had been thinking about at the White House for some time but it's one that needed kind of further high level attention from our perspective at the White House and so we're here today to talk to you about um I would say in the better part of the past six months of effort on going within our offices to lend more of that high level next expertise and invisibility to this issue okay and with that maybe the next slide so first off right um a little bit more about the office of

the national cyber director how many of you have heard of oncd just a oh there's a lot of you okay well um I will still do my spiel Berg and so um Owen CD right um the newest sort of organization policy organization at the White House um I I'll just circle back right over the last 40 years and that predates my existence on this Earth but over the last 40 years there's been sort of a debate a discussion at the highest levels in terms of how do we organize as a US Government around cyber security as the sort of thing that is not just you know in the movie movie hackers as a subculture right but as a as a critical

function that that underpins sort of everything that we are doing um and so there's this rapid Innovation rapid sort of Market expansion and then and also a growing rapid need for cyber security and so um there has been this debate but really sort of I think no sort of central point to say how do we actually do this how do we actually create some accountability in this space and so in 2019 um the uh Solarium commission um stood up and sort of tried to examine and how do we actually do this right and what the commission found was that there is a need that there is a gap to be filled with the creation of a national

cyber director well first the commission thought it was going to be a great idea to maybe create a new Department of cyber that was scrapped pretty quick pretty quickly right we we need more federal agencies um but no so uh after sort of toying with the idea of the creation of a department of cyber they said well what if we had sort of an organization at the highest level at the White House um who had the sort of a national cyber director who had the convening authority to to bring together public and private stakeholders like never before right no one truly has that Authority whether you go to sort of a specific Federal agency like sizza or NSA or whatever right not

one of them has sort of um an overall convening authority over the entirety of public and private and so this office would be sort of stood up to first and foremost have that convening Authority and then um the other point right um is that um Congress agreed with that assessment surprisingly so um in uh 2021 the National Defense authorization Act of fiscal year 2021 actually called for the stand-up of this position the national cyber director and so in June of 2021 um Chris Inglis so many of you might have known him um former deputy director of NSA and also fighter pilot extraordinaire um he was actually sworn in uh sorry confirmed by the Senate to be the

nation's first cyber director and in July he was actually sworn in but he was employee number one so we like to call ourselves a startup of the White House um for all that who have worked in federal government that is um it's it's both fun and interesting and daily excitement right but uh as employee number one right he had the hard task of right-sizing the organization because he can't obviously cannot do it all so over the course of the last year we've grown to 80 people strong within oncd and I would say it's still growing right and we have people like myself and Lauren and others from um sort of private and public sectors to

bring their background and experiences to bear in onc and um what is really our mission so our mission right one is that public and private partnership what does that actually mean right we've talked about it and talked about it and talked about it over you know decades and decades but how do you actually bring that to bear what do you do to bring some accountability to that second is federal coherence who is actually doing what in the federal sphere right if you're going to reach out to or if you have a concern about a cyber security risk or vulnerability who do you reach out to you shouldn't write um you just have to Google it right you

should have a roster of candidates at your disposal to reach out to for additional information and to be connected to the right people right you don't want to just be constantly searching and searching and searching um third is increasing future resilience right cyber security isn't something to just sprinkle in after the fact after you know a cyber 911 type of event right you want to we want to consider a culture where it's cyber security by Design so that we are increasing the security and resiliency of products that everyday citizens use whether that's you know your your grandparents or also your children or the businesses and the organizations that you support right um we want those products to be secure

by Design and then fourth is aligning resources to aspirations um very very important which I think is um a little bit different from maybe some of the other organizations that have been stood up at the White House level where this one is especially when we're talking about cyber security cyber security can be expensive right and maybe not all the different organizations that we're talking to have the resources to actually do the things that that we are asking of them and so how do we align that there's a specific team within oncd looking at budget right looking at and talking to different organizations to make sure that we can have those resources that align to what

we are talking about and that gets into sort of implementing and talking about a national cyber security strategy all right so I think that's a great lead-in to again our very new organization just showed up in 2021 um just very much now uh reaching its full strength and uh kind of thinking about the full breadth and range of activities that an office of the national cyber director should be undertaking for the purpose of increasing security and resilience across the digital ecosystem and so it's been it's been very busy and as Tanya mentioned it's been an exciting time um and not least because in just last month early in March 2023 the Biden Harris Administration released a

national cyber security strategy and as I'm sure many of you know this was the first cyber security site the first cyber security strategy but the first cyber strategy uh released within the last five years and for this Administration and this strategy is very much focused on what we like to call an affirmative vision for cyberspace an affirmative vision for a digital ecosystem that is different from from previous versions previous iterations of cyber strategies because it's not one that's focused on the threat actors it's not one that's focused on you know what we need to do to um what we need to do to defend ourselves from threat actors primarily but also to think about how we can be

better using cyberspace to enable all of the things that are important to us as Citizens and across National Security and kind of economic implications and so kind of the key underlying principles are that you know cyberspace exists to help us achieve our goals it should be an enabler not an impediment the end state that we're seeking is a digital ecosystem in which it enables civil society and defense and National Security as well as cooperation in advanced areas like space um and so the key fundamental shifts that are important to highlight are are the ones that are listed on on this side of the the slide here and they are one kind of the primary uh fundamental shift

uh that has been getting a lot of attention is this Focus um now within this Administration to Shifting the burden of responsibility from the actors that are most vulnerable that are at least um least able to handle it to those who are most enabled and most empowered uh to be able to make the changes that can have Ripple effects across the digital ecosystem so very specifically we're talking about government we're talking about bigger companies that should have more of the burden of responsibility than for example our grandparents or us as individual citizens who have been told you know just change your passwords or do XYZ and and then um you know you will you yourselves will

be will be protected those things are all important but there's also a bigger conversation to be had about where the burden of responsibility should lie so that is fundamental shift number one number two uh to Tanya's Point earlier as well focusing on implementation and thinking about what should be done kind of realign incentives there's a focus in this strategy on realigning incentives to favor our longer term aspirations and Investments the strategy itself is organized around five critical pillars which are listed on this side defending critical infrastructure and disrupting and dismantling threat actors shaping Market forces to drive security and resilience investing in a resilient future and finally for and last but not least finally forging International

Partnerships what we would argue as we we transition to talking more about space cyber security is that the national cyber security strategy and the Five Pillars included in that strategy are an opportunity they provide an opportunity their policy it's a policy document a strategic kind of high level language but it provides an opportunity for us as government and as a private sector and across Society just apply those principles to real world challenges to real World threats that are ongoing today and one area of growing activity and growing Focus for our office as well as other elements at the the White House the National Space Council National Security Council as well is the important and Urgent issue

of space cyber security foreign all right so in particular the work that we have been doing and thinking about related to space system cyber security very much is driven and motivated by the existing policy and the law of the land when it comes to space cyber security and so this is very specifically space policy directive five which was released during the previous administration um and it is good policy we would argue um it is high level it it provides General policy and five principles to apply to the space ecosystem and kind of stepping back for a moment uh the policy is based on the the assessment and the argument that you know Space Systems are

a critical and critical enabler of all critical infrastructure those 16 sectors that Tanya mentioned here on Earth and so we don't just care about space for space's sake or because it's cool we which all of which is true but we care about it because Space Systems they satellites allow us to utilize GPS here on the earth they enable Communications more and more you know companies are providing private sector companies are providing space-based internet and communication Services you name it probably any daily activity that you rely on also relies on on Space Systems and so for that reason it's incredibly incredibly important for us to think about how we can better as across private and public sector how we

can better ensure that space systems are resilient to cyber threats and thinking a little bit more uh thinking about the threat environment it is I'm sure very well known to all of you that in the Ukraine Russia Ukraine context over a year ago the very first shot we would argue in that in that conflict was a Cyber attack on a U.S U.S based space system which had Ripple effects across Europe and so they're very very real threat and kind of urgent urgent challenges to be addressed so go ahead yeah no I just wanted to underscore that last point right and so during the Russia Ukraine conflict we saw that um space assets weren't just focused on

for sort of projecting military operations or military might but specifically when it came down to it the impact to the civilians and the Dual nature of space assets is what we're talking about in terms of criticality right um Communications for you know phone signals were disrupted but also access to Internet for just people trying to go about their daily lives and then the other point is what we're talking about when when you hear sort of thought leaders talk about great power competition um and just you know great power competition in in terms like that right we think about Russia the the People's Republic of China right you think about the doctrines that they have issued

which which highlight the importance of space assets not just because of the Dual nature but because of both the economic Advantage um in sort of peacetime as well as in Wartime that military advantage and so um space Assets in in in that respect right remain incredibly important um for us as a government um but the issues with spd5 So principally speaking the general principles that are outlined here right I think everybody can agree these make sense they look good they sound good they feel good but at the end of the day we're lacking one a lot of technical detail right we're lacking what what are the steps to implementation what are those some of the key features that

people can really grasp and say okay this is how I'm going to prioritize my cyber security in in working through this issue um and so those measures are sort of missing right we don't have sort of accountable parties even listed out in the actual directive calling out different government agencies for example in terms of them having accountability over certain aspects of of what is presented in spd5 the other point is that there is no enforcement mechanism that in that sense um it's policy not law and for the lawyers out there right that distinction is very very important it's not statute right no one is required to do it it's not a mandate and so um in that sense

right if there's no implementation details right and there's no nobody's sort of cracking the Whip or not even cracking or providing a very soft carrot right to say like Please do this right um then who's actually tracking progress um when it comes to a space system cyber security um and so with with solarwinds I think we saw a lot of the challenges associated with supply chain security but also first and foremost it was an issue with information sharing and truly understanding what resides um within your software product and so something like spd5 right what we're saying is well let's take these basic principles and let's add some teeth to it but also let's let's provide some technical

details where we can get at things like soft uh supply chain security absolutely and then the other element that is really that is critical and it also uh very much fits into our ethos as an organization is that as we all know uh the private sector is very much kind of driving the pace of innovation when it comes to thinking about the growth of the space economy and all of the Innovations across the the ecosystem of Space Systems so we're talking about launch and Commercial imagery satellite Communications cloud and data infrastructure the private sector is very much on the Leading Edge of innovation and so we as oncd with a very much a focus on public-private

collaboration and our partners within the White House would agree um very much see the the importance of especially even in just you know the past three years when uh since spd5 was released very much see the importance of Leaning into understanding perspectives from the White House sorry perspectives from industry and how those can be taken back to the White House and better used to be to inform um further kind of Developmental policy and again to the point of implementation even when it comes to the National cyber security strategy oncd has already begun focusing on implementation plan because implementation is really where policy hits the road and so we see space cyber security as another very important area

in which to apply uh that prioritization of you know policy is needed but implementation is really where the rubber hits the road yeah and there's also been of some other policies that have come out since then um right in May 2021 there was executive order 14028 um improving the nation's cyber security which really put a spotlight on the need for better critical or better sort of processes guidelines procedures when it came to critical infrastructure related systems and assets as well as those in the federal government um right you had things in there to call out specific principles and sort of requirements for federal agencies to look at zero trust to look at uh different sort of better

encryption right multi-factor authentication things like that that are I think pretty you know well maybe aside from zero trust but the other ones right probably things that you have heard again and again and again but those are things where when it becomes policy or when you see that sort of reflected and um in an executive order right you take stock of that um but even with that right um it's how can that EO then be applied or expand upon spd5 and I think it does take it one step further but also it's not directly relevant to Space Systems right um it's not for Space Systems and so people have to extrapolate and do an extra layer of thinking so

um but also with the EO the question becomes well who can offer some coherence around the federal governments and agencies trying to implement the executive order and that's where sort of um oncd comes in in terms of the mission that we have the public private sort of collaboration and the federal coherence that we have to bring to bear right one of the key things that we're we have been driving since um you know oncd standup is convening executive level forums at the White House to share sensitive information but also to present it to to the c-suite level leaders who if you deal with them on a daily basis right they might not understand the context for why you're

asking for additional Technical Resources right and so trying to add some context to the things that their people might be already communicating to them right and adding a level of urgency to that those were some of the dialogues that we have been trying to convene at the White House so um first was focused on energy sector then we did I think healthcare Aviation um the last one in December was on electric vehicles and most recently was the one at the um focused on space yes so just a few weeks ago um as Tony mentioned oncd continued a series of executive level forums um with our most recent activity focused on space system cyber security so this

was a really exciting event for for us exciting activity um for us at the White House we co-hosted our acting National cyber director Kemba Walden in particular co-hosted with National Space Council executive secretary shirag Parikh an executive forum on space at the White House with 10 leading space industry Executives at the c-suite level along with a really uh really long list of senior level U.S government officials and I think what was really important about the kind of just looking around the room which you can you can see a depiction of of here um was that in the corner oh yeah we're in the corner exactly right over there we were very excited about that um what this demonstrates is

demonstrated for us was the importance of this particular issue area across the private sector across government because uh you know this this was a very tightly held forum for the purpose of a Sunday mentioned providing sensitive information that may not otherwise you know be able to be shared um unless officials come to the White House as well as to have a a small sort of moderated discussion so those two two elements formed the executive forum you can't really have that if you have a kind of a conference level a sort of event and so we've scoped these very tightly for the purpose of generating conversation and we very much saw um kind of across the board in the

conversations with industry Executives and with the senior government leaders how important they found this issue just demonstrated by the fact that you know these Executives flew across across the country to the White House for a half day event I think that very much demonstrated to us how important this issue was the opportunity for them them to share our perspectives with each other and to gain in real-time information from senior officials like uh you know our bosses we mentioned in the National Space Council but NASA administrator Bill Nelson was there as well uh and Deputy Administrator deputy secretary of Commerce Don Graves also was an anchor of that event for us and so it was a really critical sort of

launch I would say of the work that we had been doing to gather perspectives and to understand what are the critical concerns that industry has and how can bringing together like using the convening power of the White House really Galvanize Galvanize activity related to space system cyber security yeah all right so we wanted to share some of the things that um were relayed during that forum and so um I think the key thing here to note is that um regardless of whether or or not we're talking about sort of ground segments the space segment or link segments right we're saying essentially that um if you have a space system right um You can leverage terrestrial sort of

traditional cyber security best practices as well Concepts and principles in sort of your daily operations and that's I think really important right we're not just saying that space systems are this you know unique bin of um set of challenges though we do recognize that there are sort of some very complex nuances to Space Systems but for in generally speaking right there are a lot of sort of basic cyber security principles that we use for terrestrial networks that can be applied to Space Systems cyber security um and so the main risks out that we see right one is um not being secure by Design so when when we talk about space assets and being launched into orbit I think

there's a general recognition that it's incredibly it would be incredibly harder to apply cyber security mitigations to something that is vulnerable than in orbit and so what we're saying is harping again on secure by Design secure by Design right we're not talking about um trying to do something after launch right we're saying before that actually takes place in your r d phase think about better ways to to have cyber security based on some of the policies that have been out there based on some of the best practices that already exist in that ecosystem two is also not being Innovative in silos right so what we're talking about is um getting away from that culture of

sort of being first to Market but secure to Market and that's something where I think it's very much a distinct call out in the National cyber security strategy right it's that push for Innovation should shouldn't be sort of segregated from the fact that you want to also have a secure product and that's something where um that's that's something that we're trying to footstomp with people at all levels of sort of the cyber security ecosystem and then third is um not ignoring sort of incidents that have occurred in other sectors right we talk about Colonial we talk about solar winds um even uh some of the things that have affected sort of the food and AG sector

right those incidents shouldn't be viewed as something that is Irrelevant for the Space Systems Community there are a lot of good Lessons Learned whether it's from better information sharing practices or better risk management related approaches right those things are are the things that can be applied as well for the space system community yeah and one point I want to emphasize particularly on that that second element there um talking about you know integrating cyber security into how we think about Space Systems one of the fundamental learnings uh for us along this process and I think it's it's very uh it could be could be apparent but um it's been really really critical to how we think about communication is that um

in government and I think as well in the private sector even within the communities of space and cyber security space and cyber communities there was not always that overlap in terms of even common terminology of common understanding they are two very distinct and very technical areas but even across those two there isn't always the communication that would allow for thinking holistically about spaces and cyber security and so even just physically by bringing together stakeholders from those two communities I come from the space Community Tanya has spent more time in the cyber community across our team making sure that we're we're thinking about ways to communicate that's been a really critical finding for us and so we hope

to continue to convene thinking about bringing those two communities together yeah so the next slide um just more generally or actually more specifically cyber threats to Space Systems and so we talk through the ground segment um the space segment and then more generally what should be done so um there's a lot of words I think on this slide um but really what we're trying to get at is the it's I think um an incredibly frustrating but all too sort of familiar position to be in where we realize sort of where our weakest vulnerabilities or unpatched vulnerabilities are after they have been exploited by an adversary right whether that's a nation state adversary whether or not that's a cyber criminal these are

the things that we find out only after the fact and what we're trying to get at here is you should know what resides on your network you should know what was what you know all of the different endpoints that you have you should know where your weakest sort of vulnerabilities are before the adversary so when um you know the adversary decides to take out a certain critical node in a critical infrastructure sector whether that's a pipeline whether that's a Waterway a railway whatever if they know the critical node before you actually know it we're always going to be playing catch-up right and so that's the sort of cyber 911 that I'm talking about where there's the adversary knows the state of

our critical infrastructure perhaps in a way that we don't even know ourselves and that's something that I think we can't afford to be in and that's a culture shift right that's a culture shift of better understanding your network be being vigilant in doing those vulnerability risk assessments having a cyber security plan that actually maps that out and being cognizant and and persistent in sort of conducting those risk assessments and so this is sort of just some general things that we shared with the CEOs and I don't think that any of this is gonna surprise or Scare any of you in the room right but this is I think generally some of the things that I think would be

useful for you to note that we relate to those CEOs so that when you are having um conversations about what you need and how you need to do them the resources that you need it should be sort of Fairly easier right an easier conversation to have in a much more um a one where it's going to be more productive absolutely all right okay the question that we got from the executives were um where can we find additional information right and so the thing to note here is that the federal government has issued or has attempted to sort of um provide as much information as as as as as possible to the broader public not just for the national security systems

Community but for you know people working in all sectors to say here are some of the common the used ttps that these different threat actors that we are concerned about are using and how they're doing it and here are some mitigation steps right and so um there are a couple that to highlight again there's a lot of words I don't expect you to read them but there's the website there um it's NSA also sizza has um their own sort of Library as well but they're complementary um NSA says uh even FBI and some of the isacs have partnered a lot over the course of the years to um provide some context for some of the things that

they're talking about and how this relates to Space Systems these are some of the ones that that were presented to the CEOs but also you know when we talk about resets right um how visat is is sort of that integral layer to communication communicating from a space asset to um you know a ship related asset or some aircraft right those vsat terminals are going to be incredibly important but also very vulnerable to Cyber attack and here are some specific ways to mitigate this one's talk talking about rmm software and how adversaries are exploiting that to gain persistence on specific networks um and then the last one there to highlight is just commonly used or commonly exploited cpes by

PRC threat actors yeah and one of the again to the the overarching point I think we would definitely like to want to make and want to leave with with all of you uh is that there are resources obviously that exist um that are being pushed out on a regular basis by by agencies like the National Security Agency like the Department of Homeland Security but we also understand um this is something that you know government needs to do better is to share and make sure that the private sector is aware and is receiving that information and again knows who to come to and no Sue to call so threat information sharing especially in the context of space cyber security which

again historically has been a relatively kind of over classified area of a study there are ways existing there are existing ways and there are ways to improve information sharing from from public to private sector and that's very much an element and a key priority of the work that we're doing and further to that work so we have obviously held a forum at the senior executive level and it was limited in scope and tightly uh tightly scoped for for a reason which was to to generate kind of safe conversation among Executives at that level which uh to then uh to kind of ensure that they are thinking about cyber security more holistically and have informed views

that are informed by more sensitive information and and takeaways to take back to their companies and Implement up and down the chain but the the next critical step for us um that was the clear from the start was not only to have those kind of high level um uh sorts of events but to immediately take the conversation following that executive level Forum down to the technical level and so we are here in California this week Tanya and I are are going to be convening a group of uh space industry representatives from the the West Coast from California yeah and kind of surrounding areas for the first stop on what we are calling an industry Road Show and so as you can see here we

have a busy spring and summer ahead of us and the purpose of this of this road show is to one for us to get out of our comfort zone to get out of Washington DC and to go to the hubs of space industry and to very much be in a listening posture we want to hear what the current kind of state of play is across across companies and how they're thinking about across space companies how they're thinking about tackling cyber threats and the way to do that we understand we very much understand is by going to where industry is is based and we want to have some geographical representation geographical diversity in terms of the conversations

that we're holding and so we will we will be across the country and um again in California and Colorado and Texas and Florida in the northern Virginia area and maybe others as seem necessary in order to to gain that holistic set of perspectives and all for the purpose of Gathering perspectives from the private sector having parallel conversations in government thinking about how government owned and operated Space Systems can be better secured and better more resilient to cyber threats and taking that whole body of information and feeding it back into the policy process as we think about from the White House level what should be done what should be built upon from uh built on the existing policy

dating back to 2020 recognizing that the the pace of Industry Innovation and the pace of development the space economy is moving really quickly so that's the overarching perspective and and plan ahead for us at oncd in partnership with the National Space Council in a partnership with with other federal government partners yeah I think it's it's really important for us to do this because um as we sort of have been saying throughout this whole talk right policy is only as good as its implementation and for us it's listening to the actual key stakeholders not just at the c-suite level right but um the people who are The Operators and the actual sort of developers um that level right hearing from them in

terms of does this actually apply to you or how are you thinking through um some of the things that that you're being presented with in policy um and and having sort of a dialogue around that that's how we are viewing sort of um this Roadshow hosting these workshops to really try to get at um sort of that technical Workforce all right and so last but not least this is this is a representation of um Federal cohesion and kind of a whole of government uh sort of approach that we are taking uh into this work on Space cyber security because it can't just be a White House driven initiative even though we have heard and listened to the

fact that it does require um you know to tackle a threat like the chocolate challenge like this it does require senior level attention which we have tried to generate through convening but it very much does require a Litany of departments and agencies I won't list all of them in specificity here but you know yes their logos are big um so you can see that we are we engaged in a lot of a conversation across uh departments and agencies and uh are moving forward on this work in Partnership um with all of them yeah and I think I just wanted to call out right a lot of government agencies are already doing or um you know trying to be thought leaders

in this space no pun intended already um so sizza developed the uh cyber security performance goals which are meant for staying a local but it could also be applied for uh to sort of um different sectors of industry and so um the question is how right and that's the conversation that we want to have nist has done or just closed sort of their public commentary period for um uh 8270 which is on on the cyber security of commercial satellites right but um what does that final thing look like um final report look like and how does the community view implementation right that's that's kind of what we're trying to get at soza and the FBI are also

convening public-private sector sort of workshops as well um which we hope to that will be very complementary with some of the efforts that we're talking about at a broader scale and so we're really excited about this road show and really happy to be here to tell you all about it so I think we have some time for questions eight minutes so your Roadshow your uh you're very space oriented because that's your point but you're also going to be seen as a cyber industry and you assume the space industry knows enough about cyber anything else with cyber hap or only yeah it's a great question um I would say uh well so very much we are we are focused on making sure that

we as a cyber oriented White House organization in partnership with our space oriented White House organization the National Space Council that we as a cyber organization are touching space industry uh very much for the for the reason that you note which which is that you know there may be there there is a need to bring together those two communities to make sure that they are communicating um you know with each other and able to speak the same language and so there definitely is an education piece when it comes to our our objectives for for outreach with the space industry where you know as Innovation is is moving along quickly cyber may not cyber security may not be uh top of mind

um and so that you know changing that mindset and introducing uh and emphasizing the importance of cyber security by Design is very much a key priority and so yes uh space industry is is the the key Focus but we will have some some cyber companies that are already planning to come to the account California event and I think as we move forward yeah having a good representation of the two will be key

I am yes and I think uh go ahead yeah um a direct contact for both of us no but the larger oncd yeah we we do is zero point to to make sure that we are working with them yeah I mean if you need to uh connect better yeah we've had some engagement with a space cyber expert who's plugged into IEEE yes right here

some of which will be degraded uh in the next turn that be considered in the scope of spd5 and cyber security risks or space risks I I don't think so um so I think what we're talking about are sort of the assets that'll have sort of dual use um specifically for our purposes but when it comes to sort of assets that are beyond their lifespan which is what I think you're getting at right um what to do about them in terms of the risks that they pose could they be leveraged for other purposes or repurposed I think that's some of the conversation that we're having right now um maybe not specific to the climate change question but very much specific

to some of the the assets that are that are already beyond their life cycle okay there's a couple so maybe over here yeah go ahead

space it should I would think should apply government-wise is there another group that looking at the broader picture government-wide because everything you're saying should apply to everybody you should be doing it yeah I think I think that's absolutely right um so kind of zooming back to our conversation about the national cyber security strategy which is the bigger picture uh whole of government whole of society a set of principles and policy practices to to lead toward that broader resilient digital ecosystem so so that's kind of the overarching um set of principles for this Administration and then uh how we're thinking about spaces and cyber security it's just one of many and I think one of probably uh other future to be

articulated specific areas of real world threat that require very urgently today you know applying those principles of the national cyber security strategy and cyber security by Design and other policies um that are that are in place toward that effect to a specific urgent threat area but uh others are absolutely there are other areas of effort across our office and will be others going forward but this is very particularly one that we think needs really high level urgent action attention rest of the government is compared to not just space aspect yeah so so I think what you're getting at is sort of accountability across the federal ecosystem right and so um a lot of the the players that we

mentioned already so NASA says a FBI NSA um uh other folks within the Executive Office of the President the federal partners that we had on the screen here right they're engaged in conversation with us right right now um Space Systems as I mentioned before is not designated as a critical infrastructure sector um so the the idea of one government agency governing all of the all of the uh space assets um across the federal ecosystem right um that structure does not exist but what we're talking about right is having that dialogue to see what should be feasible on this side

um sorry can you can you repeat the the questions you're talking about

Country Time Zone but then there's like talk about like how oh there's talk let's talk about uh like what is the time like what are the plans for time like this time zone standardization for places like like satellite locations like uh like the moon or something like that it's a I think that's a really interesting um issue area but beyond our scope okay uh thank you so you may be in the back there yeah for a little while uh I got actually one of one questions so one of the thing item is uh Beyond us which is which one's toasters in Leos Lindo tomorrow but they're also coming like Airbus is chilling sell like all

day long up there uh those people have to comply with disraculations and one of the problem with satellite Private Industry uh is there's no FAA on that thing nobody reviewed the code nobody care about safety you just keep launching it like tomorrow so it's been a way to look at what they do you can regulate what you want this is not a statue they won't listen to you because you don't have agency to read an engineering part of the equation and of course they look at the recent leak of the Ukraine defense pay-per-view

thank you