If you are applying for a licence to carry out commercial spaceflight and associated activities in the UK, it is important you understand the necessary security measures that may be required in relation to the physical, personnel and cyber security of space sites and operations. This includes requirements that cover facilities, equipment, spacecraft, carrier aircraft, other vehicles, payloads, cargo, supplies or other things at space sites.
Security requirements for all licence types under the Space Industry Act are explained in guidance on security matters for applicants and licensees.
Physical and Personnel Security
For a spaceport, range control or launch operator licence you must appoint a security manager – an employee of the organisation responsible for the implementation of the security programme of the spaceflight site or operation.
You will also need to submit a security programme that sets out the procedures that you will use to identify any potential security risks and rectify them. Rectification may include having to reapply security controls to any part of the operation where security may have been breached.
Additionally, all horizontal spaceports must be directed under the National Aviation Security Programme (NASP). Details of the publicly available elements of the NASP. Read the Secretary of State under the Aviation Security Act 1982 for further information on how to become a directed aerodrome.
Our vision is to have a proportionate and effective approach to cyber security that enables space to manage their cyber security risks without compromising safety, security or resilience. Also, to stay up-to-date and positively influence cyber security within space to support the UK’s national security strategy.
Cyber Security Strategy under the Space Industry Regulations 2021
Under the Space Industry Regulations, all applicants are required to have a cyber security strategy for the proposed operation, based on a security risk assessment and, where required, a safety case.
The Cyber Team has published guidance for applicants and licensees. Should you require further information, please feel free to contact us at email@example.com and we will be able to answer any questions you may have.
We are aware that some information relating to cyber security may be sensitive.
Before submitting sensitive cyber security information to the CAA please contact us at firstname.lastname@example.org You will receive secure Information Handling Instructions to ensure commensurate protections are established based on the sensitivity of the information in question.
We would highly recommend joining the NCSC’s Cyber Security Information Sharing Partnership (CiSP).