• If you are applying for a licence to carry out  commercial spaceflight and associated activities in the UK, it is important you understand the necessary security measures that may be required in relation to the physical, personnel and cyber security of space sites and operations. This includes requirements that cover facilities, equipment, spacecraft, carrier aircraft, other vehicles, payloads, cargo, supplies or other things at space sites.

    Security requirements for all licence types under the Space Industry Act are explained in guidance on security matters for applicants and licensees.

    Physical and Personnel Security 

    For a spaceport, range control or launch operator licence you must appoint a security manager – an employee of the organisation responsible for the implementation of the security programme of the spaceflight site or operation. 

    You will also need to submit a security programme that sets out the procedures that you will use to identify any potential security risks and rectify them. Rectification may include having to reapply security controls to any part of the operation where security may have been breached. 

    Additionally, all horizontal spaceports must be directed under the National Aviation Security Programme (NASP). Details of the publicly available elements of the NASP. Read the Secretary of State under the Aviation Security Act 1982 for further information on how to become a directed aerodrome. 

    Cyber Security 

    Our vision is to have a proportionate and effective approach to cyber security that enables space to manage their cyber security risks without compromising safety, security or resilience. Also, to stay up-to-date and positively influence cyber security within space to support the UK’s national security strategy.  

    Cyber Security Strategy under the Space Industry Regulations 2021 

    Under the Space Industry Regulations, all applicants are required to have a cyber security strategy for the proposed operation, based on a security risk assessment and, where required, a safety case. 

    The Cyber Team will be publishing guidance to aid with the creation of their cyber security strategy. Whilst this is in development, if you have questions please contact us directly at cyber@caa.co.uk and we will provide interim guidance on this content.  

    Information handling 

    We are aware that some information relating to cyber security may be sensitive. 

    Before submitting sensitive cyber security information to the CAA please contact us at cyber@caa.co.uk You will receive secure Information Handling Instructions to ensure commensurate protections are established based on the sensitivity of the information in question.  

    Useful Links 

    CAA Cyber Security Oversight Team

    We would highly recommend joining the NCSC’s Cyber Security Information Sharing Partnership (CiSP).