Drafting a Cybersecurity Standard for Outer Space Missions: On Critical Infrastructure, China, and the Indispensability of a Global Inclusive Approach

Abstract

Despite limited progress within international institutions, the need for articulating a regulatory framework for cyber operations in outer space is becoming a pressing concern. One precondition for regulation is to share cybersecurity and outer-space common terminology that can inform the negotiation of standards, policies and laws. While the UN Institute for Disarmament Research has recently issued a baseline policy glossary, binding technical definitions are missing, and the lack of a binding international cybersecurity regime adds to the obsolescence of a binding outer-space regime tracing back to half a century ago. As the IEEE SA embarks on the drafting of the first-ever technical standard for cybersecure-by- design outer-space missions, scoping and conceptual challenges abound. Technical standards are US-centred, non-binding, engineering-intensive exercises, where lawyers and Asian jurisdictions are only marginally involved; nevertheless, as China’s framework for cybersecurity is refined and its involvement in outer-space policing deepens, its disengagement from Western-driven standard-setting bodies appears unsustainable. Drawing on the specific challenge of defining what makes a cyber system ‘mission-critical’, I expose the necessity to examine how domestic cybersecurity laws from a diverse range of States identify ‘critical’ information infrastructure. Generalising therefrom, I advocate a jurisdictionally inclusive process that combines American supremacy in technical standard-setting for outer-space missions with Chinese normative contributions to cybersecurity regulation, including on data localisation and mandatory multilevel cyber-hygiene requirements. I further argue that involving legal experts from a diverse range of jurisdictions and sociolegal cultures may enhance the global reception of standardisation outputs, thus securing higher degrees of voluntary compliance therewith. This could foster cooperation and promote regional and global satellite cybersecurity.