Legal Framework of the Space Activity Cybersecurity in the USA: Experience for Ukraine

Keywords: cybersecurity, incident, cyber risk, cyber threat, critical infrastructure, space activities


The article depict the timeline of the development of the cybersecurity legislation in the USA, which divided into two stages. The
first one rises as a response to the large-scale terroristic threats in 2001 and lasted until 2014. The second one starts with the massive
and multisectoral cyber incidents and cyber-attacks the US faced in the last five years. In addition, it was analyzed the changes in institutional
structure aimed to support the cybersecurity in the US and their branched connections with public and private actors. The main
attention was paid to the content of the Memorandum on Space Policy Directive-5 “Cybersecurity Principles for Space Systems”, which
could be the example of the best law-making practice not only for space actors within the US, but also for law-making actors of all
space-faring nations.
The chronology of the elaboration of cybersecurity legislation and the institutional structure of their support in Ukraine analyzed
in the second part of this article. On this ground, we observed some weak aspects of national cyber legislation. First is duplication and
inconsistency of the basic terms, like “cyberattack”, “critical infrastructure”. The second one is the absence of an approved list of cri -
tical infrastructure facilities and clear requirements for conducting an independent information security audit. The third one is by-laws
are aimed primarily at protecting public information resources and do not take into account the requirements for cooperation between
the public and private sectors in the protection of critical infrastructure, regardless of its affiliation to any form of ownership.
Analysis of the draft law concerned critical infrastructure permits to make a conclusion about coming to the second stage in the
development of cyber legislation in Ukraine, which will enhance the development of particular legislation within to each sector of critical
infrastructure. In this regard, it is necessary to elaborate legal background for cybersecurity of space activity. For this aim, we suppose
as necessary to designate the State Space Agency of Ukraine as a responsible entity in the field of space activities for the specified
sector of critical infrastructure. Furthermore, the article suggested prescribing plans to protect against cyber threats (cyber attacks or
cyber incidents) as one of the necessary documents for obtaining a permit to conduct certain types of space activities.


1. Cyber Security Law, its Regulation and Relevance for Outer Space:
2. Electronic and Cyber Warfare in Outer Space, May 2019 — Space Dossier 3 :
3. Global Counterspace Capabilities, 2020 Report:
4. P. Bilenchuk, M. Malii. Kosmichna y elektronna kiberzlochynnist: zahrozy i vyklyky novoho tysiacholittia :
5. [H.R. 4577] PUBLIC LAW 106–554—APPENDIX C, title V, DEC. 21, 2000:
7. National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience
8. 42 U.S. Code § 5195c. Critical infrastructures protection:
9. H.R.5005 - Homeland Security Act of 2002: https://www.con
10. National Infrastructure Protection Plan (NIPP) Security and Resilience Challenge is managed by the National Protection and Programs Directorate (NPPD), National Risk Management Center (NRMC), within the Department of Homeland Security (DHS), and in partnership with the National Institute for Hometown Security (NIHS):
11. Critical Infrastructure Protection. DHS List of Priority Assets Needs to Be Validated and Reported to Congress, March 2013:
12. John Moteff Critical Infrastructure: The National Asset DatabaseCRS Report for Congress, Updated July 16, 2007. 19 p. (P. 8-9):
13. DOD Dictionary of Military and Associated Terms. January 2020:
14. H.R.3844 Federal Information Security Management Act of 2002:
15. FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems: Federal information processing standards publication, 2004:
16. FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems: Federal information processing standards publication, 2006:
17. NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations:
18. SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems:
19. SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy:
21. DoD Digital Modernization Strategy, 5 June 2019, 72 p., P. 63:
22. S.2519 - National Cybersecurity Protection Act of 2014:
23. NCCIC Services for Federal Agencies:
24. Presidential Policy Directive -- United States Cyber Incident Coordination: Presidential policy directive/PPD-41, July 26, 2016:
25. S. 2521 An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Dec. 18, 2014:
26. SP 800-61 Rev. 2. Computer Security Incident Handling Guide:
27. US-CERT Federal Incident Notification Guidelines:
28. Cybersecurity and Infrastructure Security Agency Act of 2018:
29. Establishment of the United States Space Force: Space Policy Directive-4, February 19, 2019:
30. DoD Digital Modernization Strategy, 5 June 2019, 72 p. P. 16-22:
31. Memorandum on Space Policy Directive-5—Cybersecurity Principles for Space Systems. Issued on: September 4, 2020:
32. Natsionalnyi koordynatsiinyi tsentr kiberbezpeky posyliuie spivpratsiu iz mizhnarodnymy vyrobnykamy kiber-tekhnolohii, sait RNBO, 07.08.2020:
33. Pro zatverdzhennia Polozhennia pro Administratsiiu Derzhavnoi sluzhby spetsialnoho zviazku ta zakhystu informatsii Ukrainy: Postanova KMU vid 3 veresnia 2014 r. № 411:
34. STRATEHIIa rozvytku systemy Ministerstva vnutrishnikh sprav Ukrainy do 2020 roku:
35. Pro upravlinnia informatsiinykh tekhnolohii: Nakaz Ministerstva oborony Ukrainy № 426 vid 05.08.2019:
36. Sytuatsiinyi tsentr zabezpechennia kiberbezpeky: Sait SBU
37. Pro Natsionalnu bezpeku Ukrainy: Zakon Ukrainy № 2469-VIII vid 21.06.2018:
38. Natsionalnyi bank Ukrainy posyliuie vymohy do informatsiinoi bezpeky ta kiberzakhystu v bankakh Ukrainy: Sait NBU, 04.10.2017:
39. Natsionalnyi bank ta Derzhavnyi tsentr kiberzakhystu spivpratsiuvatymut u sferi kiberbezpeky : Sait NBU vid 02.08.2019:
40. Kiberbezpeka. Novyy̆ pidkhid v Ukraïni vid UIFuture, 24.07.2020:
41. Proekt Zakonu pro krytychnu infrastrukturu ta yii zakhyst № 10328 vid 27.05.2019:
42. Deiaki pytannia Ministerstva z pytan stratehichnykh haluzei promyslovosti Ukrainy: Postanova KMU vid 07 veresnia 2020 r. № 819:
43. Pro vnesennia zmin ta vyznannia takymy, shcho vtratyly chynnist, deiakykh aktiv Kabinetu Ministriv Ukrainy: Postanova KMU № 1072 vid 04.12.2019:
44. Pro rishennia Rady natsionalnoi bezpeky i oborony Ukrainy vid 27 sichnia 2016 roku "Pro Stratehiiu kiberbezpeky Ukrainy" vid 15.03.2016:
45. Pro zatverdzhennia pereliku obiektiv derzhavnoi vlasnosti, shcho maiut stratehichne znachennia dlia ekonomiky i bezpeky derzhavy: Postanova KMU vid 4 bereznia 2015 r. № 83:
Pro zatverdzhennia Poriadku vydachi (vidmovy u vydachi, anuliuvannia) dozvoliv na provadzhennia okremykh vydiv kosmichnoi diialnosti: Postanova KMU vid 26 liutoho 2020 r. № 197:
How to Cite
Malysheva, N., & Hurova, A. (2020). Legal Framework of the Space Activity Cybersecurity in the USA: Experience for Ukraine. Law Review of Kyiv University of Law, 1(3), 325-335.
The legal system of Ukraine and international law, comparative legal studies