Satellite Associations Upgrade High-level Cyber Policy Guidelines to Reinforce Supply-Chain Security

29 May 2018

May 29, 2018: WASHINGTON, D.C. – As cyber threats continue to escalate globally, so too are the security measures being applied by the satellite communications industry, which has augmented high-level policy guidelines to enable unprecedented levels of supply-chain security in all nations of the world.

Three major associations representing the leading members of the international satellite communications sector have now collaborated to upgrade and begin sharing the latest version of the guidelines with national administrations taking into account critical supply chain issues. The associations include the EMEA Satellite Operators Association (ESOA), the Global VSAT Forum (GVF), and the Satellite Industry Association (SIA).  

“Providing supply-chain security has always been of paramount importance to the satellite industry’s delivery of communications for all users, whether they are military and government, corporations, the non-profit and scientific communities, or individual consumers,” the associations said. “But it is imperative that we continue to evolve our strategies.”

Core to the satellite industry’s latest cyber and supply-chain security guidance is that voluntary, industry-led efforts and public-private partnerships be accompanied by voluntary information sharing and that satellite industry organizations should actively address cyber and supply-chain security using best practices for risk management.

Public and Private Sector Collaboration

The satellite industry cyber and supply-chain security initiative builds upon extensive collaboration not only with the private sector, but also with national administrations throughout the world.

Recently leading members of the associations have supported the U.S. Federal Communications Commission’s (FCC’s) Security, Reliability, and Interoperability Council IV Working Group 4 (CSRIC IV WG 4) on Cybersecurity Risk Management and Best Practices. The satellite segment created a prioritized adaptation of the United States National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), emphasizing the importance of organizations’ risk management using flexible measures that are self-reinforcing, tailored to networks’ unique needs, and that build upon international standards.

This builds on the International Telecommunication Union (ITU) leadership of cyber-security initiatives that inform much of today’s cyber and supply-chain security dialogue, and a myriad of other national governments and regional groups that have taken important steps to promote dialogue and development of best practices.

Members of ESOA, SIA and GVF are participating in various cyber and supply-chain security efforts with government agencies, industry working groups, and other international standards bodies. In particular, programs emphasizing the protection of critical infrastructure and promoting the sharing of threat information reduce overall cyber-security risk today, and will continue to do so in the future.

The three industry associations are currently reaching out to all governments to share best practices and lessons learned for effective cyber and supply-chain security. Likewise, as security must be part of an organization’s overall corporate culture, the associations’ members are continuously implementing best practices to protect against evolving threats.

ESOA, GVF and SIA collectively believe that collaboration, not regulation, is the best way for organizations to manage cyber risks. Voluntary information-sharing among the private sector, between the private sector and government, and between the private sector and end users is vital.

Full text of the core-principles document can been seen at: www.esoa.net, www.gvf.org, www.sia.org

▶︎ SIA-GVF-ESOA Joint Cybersecurity Policy Statment May 2018.pdf