{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T16:18:55Z","timestamp":1775146735462,"version":"3.50.1"},"reference-count":82,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T00:00:00Z","timestamp":1749859200000},"content-version":"vor","delay-in-days":164,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000780","name":"European Union","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The space industry has grown significantly in recent years and has become essential to our daily lives. Space applications are now critical for powering necessary infrastructure, such as energy grids and financial networks. However, as the use and value of space continue to rise, it has also become a primary target for cyber threats, posing a significant risk to the networks and their connections with critical infrastructure. As a result, policymakers in Europe and other regions are developing policies, standards, and guidelines to improve space cybersecurity and protect this crucial sector. This paper aims to analyze the responsible entities for space cybersecurity governance in the UK, the USA, Germany, and the European Union and compare existing policies and guidelines against current threats. The goal is to determine the steps necessary to make the industry more robust. Our study focuses on European legislation, with a future Space Law on the horizon. The first policies to be part of our comparative analysis are the \u201cTechnical Guideline BSI TR-03184 Information Security for Space System\u201d established in Germany, the UK Space Agency\u2019s \u201cCyber Security Toolkit,\u201d and NASA\u2019s Space \u201cSecurity: Best Practices Guide\u201d. Our findings highlight how governance frameworks for space security have not yet been clearly defined and we foresee a significant increase in the fragmentation of policies. We emphasize the importance of defining resilience clearly and providing tools and metrics to help industries measure their security and evaluate risk levels, to comply with upcoming policies. To achieve this goal, we suggest mapping cybersecurity requirements to practical security controls and safeguards that companies can easily understand and implement.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf013","type":"journal-article","created":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T14:23:01Z","timestamp":1749910981000},"source":"Crossref","is-referenced-by-count":5,"title":["Space cybersecurity governance: assessing policies and frameworks in view of the future European space legislation"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-4251-5614","authenticated-orcid":false,"given":"Francesco","family":"Casaril","sequence":"first","affiliation":[{"name":"IMT School for Advanced Studies Lucca , 55100, Lucca ,","place":["Italy"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0351-9169","authenticated-orcid":false,"given":"Letterio","family":"Galletta","sequence":"additional","affiliation":[{"name":"IMT School for Advanced Studies Lucca , 55100, Lucca ,","place":["Italy"]}]}],"member":"286","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"2025061410225922800_bib1","article-title":"Space cybersecurity market intelligence report","author":"Cyberinflight","year":"2024"},{"key":"2025061410225922800_bib2","article-title":"Civil nuclear cyber security strategy","author":"Department for Energy Security and Net Zero and Department for Business, Energy & Industrial Strategy","year":"2022"},{"key":"2025061410225922800_bib3","article-title":"U.S. Department of Energy","author":"Cybersecurity Strategy","year":"2024"},{"key":"2025061410225922800_bib4","volume-title":"Building Effective Governance Frameworks for the Implementation of National Cybersecurity Strategies","author":"Sarri","year":"2023"},{"key":"2025061410225922800_bib5","doi-asserted-by":"publisher","first-page":"1243","DOI":"10.1016\/j.dcan.2023.01.016","article-title":"Software defined satellite networks: a survey","volume":"9","author":"Jiang","year":"2023","journal-title":"Digit Commun Netw"},{"key":"2025061410225922800_bib6","first-page":"4042","volume-title":"The Evolution of Ground Stations in the New Space Industry","author":"Cleverly","year":"2021"},{"key":"2025061410225922800_bib7","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-21920-7_2","article-title":"Cyber threats and the security risks they pose to national security: an assessment of cybersecurity policy in the United Kingdom","volume-title":"Countering Cyberterrorism: The Confluence of Artificial Intelligence, Cyber Forensics and Digital Policies","author":"Montasari","year":"2023"},{"key":"2025061410225922800_bib8","doi-asserted-by":"crossref","first-page":"110897","DOI":"10.1016\/j.injury.2023.111013","article-title":"Empowering boards: how the National Cyber Security Centre Board (United Kingdom) toolkit is transforming cyber security governance","volume":"54","author":"Tarka","year":"2023","journal-title":"Injury"},{"key":"2025061410225922800_bib9","article-title":"Public Summary of Sector Security and Resilience Plans","author":"UK Cabinet Office","year":"2018"},{"key":"2025061410225922800_bib10","article-title":"The Case for Space: Research and Analysis","author":"UK Department for Science, Innovation and Technology","year":"2023"},{"key":"2025061410225922800_bib11","article-title":"Written Evidence from the Cabinet Office. Science, Innovation and Technology Committee","author":"UK Cabinet Office","year":"2023"},{"key":"2025061410225922800_bib12","article-title":"Defence Space: through Adversity to the Stars?","author":"Committee, House of Commons Defence","year":"2022"},{"key":"2025061410225922800_bib13","article-title":"National Risk Register: 2023","author":"Government, UK","year":"2023"},{"key":"2025061410225922800_bib14","first-page":"654","article-title":"The Space Industry Regulations 2021: another giant leap?","volume":"26","author":"Simmonds","year":"2021","journal-title":"Covent Law J"},{"key":"2025061410225922800_bib15","article-title":"Defence of Space-Based Assets","author":"UK Parliament POSTNOTE","year":"2024"},{"key":"2025061410225922800_bib16","doi-asserted-by":"crossref","first-page":"323","DOI":"10.1017\/ajil.2020.13","article-title":"United States creates the US space command and the US Space Force to strengthen military capabilities in space","volume":"114","author":"Galbraith","year":"2020","journal-title":"Am J Int Law"},{"key":"2025061410225922800_bib17","article-title":"Executive Order 14028: improving the Nation's Cybersecurity","author":"United States Government","year":"2023"},{"key":"2025061410225922800_bib18","article-title":"Budget Overview Fiscal Year 2024 Congressional Justification","author":"Agency, Department of Homeland Security Cybersecurity and Infrastructure Security","year":"2023"},{"key":"2025061410225922800_bib19","article-title":"US Space Force personnel role distinctions","author":"Yonekura","year":"2024"},{"key":"2025061410225922800_bib20","first-page":"1","volume-title":"Cyber Defense of Space Assets","author":"Hutchins","year":"2016"},{"key":"2025061410225922800_bib21","article-title":"President Donald J. Trump Is Establishing America's First Comprehensive Cybersecurity Policy for Space Systems","author":"The White House","year":"2022"},{"key":"2025061410225922800_bib22","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1111\/j.0360-4918.2001.00160.x","article-title":"The Law: presidential memoranda and executive orders: of patchwork quilts, trump cards, and shell games","volume":"31","author":"Cooper","year":"2001","journal-title":"Pres Stud Quat"},{"key":"2025061410225922800_bib23","article-title":"To Direct the Secretary of Homeland Security to Issue Guidance with Respect to Space Systems, Services, and Technology as Critical Infrastructure, and for Other Purposes, US Congress, House - Science, Space, and Technology","author":"Lieu","year":"2023"},{"key":"2025061410225922800_bib24","volume-title":"We Have an Anomaly: America Is Missing a Space Systems Critical Infrastructure Sector","author":"Ellsworth","year":"2023"},{"key":"2025061410225922800_bib25","article-title":"National Defense Authorization Act Section 9002(b)","author":"CISA","year":"2021"},{"key":"2025061410225922800_bib26","article-title":"Spyware German Aerospace Center Cyber Espionage","author":"The Hacker News","year":"2014"},{"key":"2025061410225922800_bib27","article-title":"Aerospace Clusters. World's Best Practice and Future Perspectives. An Opportunity for South Australia","author":"Paone","year":"2016"},{"key":"2025061410225922800_bib28","article-title":"New Historic High for Government Space Spending, Mostly Driven by Defense Expenditures","author":"Euroconsult","year":"2022"},{"key":"2025061410225922800_bib29","doi-asserted-by":"publisher","first-page":"61","DOI":"10.32084\/tkp.4793","article-title":"Germany\u2019s cybersecurity policy","volume":"15","author":"Brzostek","year":"2022","journal-title":"TKP"},{"key":"2025061410225922800_bib30","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1365\/s43439-022-00058-7","article-title":"One step ahead: mapping the Italian and German cybersecurity laws against the proposal for a NIS2 directive","volume":"3","author":"Schmitz-Berndt","year":"2022","journal-title":"Int Cybersecur Law Rev"},{"key":"2025061410225922800_bib31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1365\/s43439-022-00077-4","article-title":"Kritikalit\u00e4t: von der BSI-KritisV zur NIS2-Richtlinie","volume":"4","author":"Vogel","year":"2023","journal-title":"Int Cybersecur Law Rev"},{"key":"2025061410225922800_bib32","article-title":"The German Federal Government's Space Strategy","author":"(BMWK), Federal Ministry for Economic Affairs and Climate Action","year":"2023"},{"key":"2025061410225922800_bib33","article-title":"Technical Guidelines (BSI TR-03184)","author":"Federal Office for Information Security","year":"2023"},{"key":"2025061410225922800_bib34","article-title":"Cybersicherheit in Zahlen","author":"G DATA","year":"2022"},{"key":"2025061410225922800_bib35","article-title":"118th Congress (2023\u20132024)","author":"Satellite Cybersecurity Act","year":"2023"},{"key":"2025061410225922800_bib36","article-title":"Cyber Security Toolkit","author":"UK Space Agency","year":"2021"},{"key":"2025061410225922800_bib37","article-title":"Guidance on Cyber Security Strategies for Applicants and Licensees","author":"Civil Aviation Authority","year":"2023"},{"key":"2025061410225922800_bib38","first-page":"213","article-title":"The UK Civil Aviation Authority and European air services liberalisation","volume":"30","author":"Humphreys","year":"1996","journal-title":"J Transp Econ Pol"},{"key":"2025061410225922800_bib39","article-title":"Time to designate space systems as critical infrastructure","author":"Cilluffo","year":"2023"},{"key":"2025061410225922800_bib40","doi-asserted-by":"crossref","first-page":"103799","DOI":"10.1016\/j.cose.2024.103799","article-title":"Securing SatCom user segment: a study on cybersecurity challenges in view of IRIS2","volume":"140","author":"Casaril","year":"2024","journal-title":"Comput Secur"},{"key":"2025061410225922800_bib41","article-title":"Space Security: Best Practices Guide (BPG)","author":"NASA","year":"2023"},{"key":"2025061410225922800_bib42","article-title":"Undesamt f\u00fcr Sicherheit in der Informationstechnik","author":"IT-Grundschutz-Profil f\u00fcr das Bodensegment von Satelliten","year":"2024"},{"key":"2025061410225922800_bib43","article-title":"ESA Cyber Security Resilience Achievement","author":"ESA Security Office","year":"2023"},{"key":"2025061410225922800_bib44","first-page":"77","article-title":"The new EU space regulation: one small step or one giant leap for the EU?","volume":"17","author":"Ore\u0161kovi\u0107","year":"2021","journal-title":"Croat Yearbook Eur Law Pol"},{"key":"2025061410225922800_bib45","doi-asserted-by":"crossref","first-page":"Tv_1","DOI":"10.2322\/tastj.12.Tv_1","article-title":"Waking up to a new threat: cyber threats and space. Transactions of the Japan Society for Aeronautical and Space Sciences","volume":"12","author":"Kallender","year":"2014","journal-title":"Aerosp Technol Jpn"},{"key":"2025061410225922800_bib46","article-title":"ESA tender portal","author":"ESA. QSVP\u2014Quantum Security Verification Platform","year":"2024"},{"key":"2025061410225922800_bib47","volume-title":"Zero Trust Architecture","author":"Stafford","year":"2020"},{"key":"2025061410225922800_bib48","first-page":"4302","volume-title":"An International Technical Standard for Commercial Space System Cybersecurity-A Call to Action","author":"Falco","year":"2022"},{"key":"2025061410225922800_bib49","article-title":"Qualitative fault tree analysis applied as a design tool in a low cost satellite design: method and lessons learned","volume-title":"Proceedings of STEC2006","author":"Van\u00a0Breukelen","year":"2006"},{"key":"2025061410225922800_bib50","article-title":"Securing satellite link segment: a secure-by-component design","volume-title":"arXiv","author":"Yahia","year":"2024"},{"key":"2025061410225922800_bib51","doi-asserted-by":"crossref","DOI":"10.1109\/SYSCON.2018.8369491","article-title":"Examination of security design principles from NIST SP 800-160","volume-title":"Proceedings of the\u00a02018 Annual IEEE International Systems Conference (SysCon)","author":"Mailloux","year":"2018"},{"key":"2025061410225922800_bib52","article-title":"Device Security Guidance","author":"UK National Security Center","year":"2021"},{"key":"2025061410225922800_bib53","article-title":"Using CCSDS standards to reduce mission costs","volume-title":"Proceedings of the\u00a0Annual AIAA\/USU Small Satellite Conference 2017.\u00a0GSFC-E-DAA-TN44423","author":"Wilmot","year":"2017"},{"key":"2025061410225922800_bib54","article-title":"Space Data Link Security Protocol (CCSDS 355.0-B-2). Blue Book, Issue 2","author":"Consultative Committee for Space Data Systems (CCSDS)","year":"2022"},{"key":"2025061410225922800_bib55","doi-asserted-by":"crossref","DOI":"10.2514\/6.2014-1850","article-title":"CCSDS Next Generation Space Link Protocol (NGSLP)","volume-title":"Proceedings of the\u00a0SpaceOps 2014 Conference","author":"Kazz","year":"2014"},{"key":"2025061410225922800_bib56","doi-asserted-by":"crossref","DOI":"10.23919\/3S60530.2024.10592286","article-title":"Developing a CCSDS compliant platform to reliably secure current and future space data links","volume-title":"Proceedings of the 2024 Security for Space Systems (3S)","author":"Masson","year":"2024"},{"key":"2025061410225922800_bib57","article-title":"CCSDS","author":"CCSDS Network Layer Security Adaptation Profile"},{"key":"2025061410225922800_bib58","article-title":"CCSDS","author":"CCSDS Unified Space DATA link Protocol (USLP)","year":"2024"},{"key":"2025061410225922800_bib59","article-title":"The application of security to CCSDS protocols","author":"The Application of Security to CCSDS Protocols","year":"2019"},{"key":"2025061410225922800_bib60","article-title":"Commission Work Programme 2024","author":"European\u00a0Commission","year":"2024"},{"key":"2025061410225922800_bib61","article-title":"EUSL Baseline","author":"DEFIS, European Commission DG","year":"2024"},{"key":"2025061410225922800_bib62","first-page":"4","article-title":"Understanding the EU's competence to harmonise space law amid publication","volume":"49","author":"Jacobs","year":"2024","journal-title":"Delays Air Space Law"},{"key":"2025061410225922800_bib63","article-title":"EU space strategy for security and defence","author":"European Commission","year":"2023"},{"key":"2025061410225922800_bib64","doi-asserted-by":"publisher","first-page":"3827","DOI":"10.1017\/S2071832200017120","article-title":"The limits of legislative harmonization ten years after tobacco advertising: how the court's case law has become a \u201cDrafting Guide\u201d","volume":"12","author":"Weatherill","year":"2011","journal-title":"Ger Law J"},{"key":"2025061410225922800_bib65","article-title":"Programme of the Polish Presidency of the Council of the European Union: January 1\u2013June 30, 2025","author":"Polish Presidency of the Council of the European Union","year":"2024"},{"key":"2025061410225922800_bib66","doi-asserted-by":"publisher","first-page":"142241","DOI":"10.1109\/ACCESS.2024.3467253","article-title":"State-of-the-art authentication measures in satellite communication networks: a comprehensive analysis","volume":"12","author":"Suhaimi","year":"2024","journal-title":"IEEE Access"},{"key":"2025061410225922800_bib67","doi-asserted-by":"crossref","DOI":"10.1109\/TPS-ISA62245.2024.00077","article-title":"Advancing spacecraft security through anomaly detection","volume-title":"Proceedings of the\u00a02024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","author":"Wiatrek","year":"2024"},{"key":"2025061410225922800_bib68","article-title":"Dishing out DoS: how to disable and secure the Starlink user terminal","volume-title":"arXiv","author":"Smailes","year":"2023"},{"key":"2025061410225922800_bib69","volume-title":"A wake-up call for SATCOM security","author":"Santamarta","year":"2014"},{"key":"2025061410225922800_bib70","volume-title":"Hacktivism Goes Orbital: Investigating NB65\u2019s Breach of ROSCOSMOS","author":"Thummala","year":"2024"},{"key":"2025061410225922800_bib71","doi-asserted-by":"publisher","first-page":"100701","DOI":"10.1016\/j.ijcip.2024.100701","article-title":"Cyber attacks on critical infrastructures and satellite communications","volume":"46","author":"Carlo","year":"2024","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2025061410225922800_bib72","doi-asserted-by":"crossref","DOI":"10.1109\/CSR61664.2024.10679479","article-title":"The impact of GPS interference in the Middle East","volume-title":"Proceedings of the\u00a0IEEE International Conference on Cyber Security and Resilience (CSR)","author":"Ieropoulos","year":"2024"},{"key":"2025061410225922800_bib73","doi-asserted-by":"crossref","DOI":"10.1109\/SMC-IT56444.2023.00018","article-title":"Wannafly: an approach to satellite ransomware","volume-title":"Proceedings of the\u00a0IEEE 9th International Conference on Space Mission Challenges for Information Technology (SMC-IT)","author":"Falco","year":"2023"},{"key":"2025061410225922800_bib74","volume-title":"Resilience for Space Systems: Concepts, Tools and Approaches","author":"Corporation, Aerospace","year":"2017"},{"key":"2025061410225922800_bib75","doi-asserted-by":"crossref","DOI":"10.1109\/SMC-IT61443.2024.00016","article-title":"Minimum requirements for space system cybersecurity-ensuring cyber access to space","volume-title":"Proceedings of the\u00a0IEEE 10th International Conference on Space Mission Challenges for Information Technology (SMC-IT)","author":"Falco","year":"2024"},{"key":"2025061410225922800_bib76","volume-title":"Resiliency in Space as a Combined Challenge for NATO","author":"Vasen","year":"2021"},{"key":"2025061410225922800_bib77","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1504\/IJCCBS.2020.108685","article-title":"A security metric for assessing the security level of critical infrastructures","volume":"10","author":"Tortorelli","year":"2020","journal-title":"IJCCBS"},{"key":"2025061410225922800_bib78","article-title":"CrowdStrike 2024 Global Threat Report","author":"CrowdStrike"},{"key":"2025061410225922800_bib79","article-title":"Wireless signal injection attacks on VSAT satellite modems","author":"Bisping","year":"2024"},{"key":"2025061410225922800_bib80","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.infsof.2015.08.002","article-title":"On the capability of static code analysis to detect security vulnerabilities","volume":"68","author":"Goseva-Popstojanova","year":"2015","journal-title":"Inf Softw Technol"},{"key":"2025061410225922800_bib81","first-page":"4380","volume-title":"Space Cybersecurity Lessons Learned From the Viasat Cyberattack","author":"Boschetti","year":"2022"},{"key":"2025061410225922800_bib82","first-page":"122","article-title":"A critical view on CIS controls","volume-title":"Proceedings of the\u00a016th International Conference on Telecommunications (ConTEL)","author":"Gro\u0161","year":"2021"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf013\/63491165\/tyaf013.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf013\/63491165\/tyaf013.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T14:23:12Z","timestamp":1749910992000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf013\/8162738"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":82,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf013","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf013"}}