NOAA rejects one-size-fits-all solution for data protection

by

Because satellite capabilities and the threats they pose vary widely, the National Oceanic and Atmospheric Administration’s Commercial Remote Sensing Regulatory Affairs office plans to roll out a tiered approach to evaluating company data-protection plans.

Data protection requirements for satellites that pose no significant national security or foreign policy risks will be much less stringent than those of complex, highly capable systems, Tahara Dawkins, NOAA’s commercial remote sensing regulatory affairs director, said by email.

“We are looking more specifically at the type of technology rather than resolution.” — Tahara Dawkins, NOAA’s commercial remote sensing regulatory affairs director
“We are looking more specifically at the type of technology rather than resolution.”
— Tahara Dawkins, NOAA’s commercial remote sensing regulatory affairs director

This is an important change because any U.S. citizen, company or organization seeking to operate a private remote-sensing spacecraft must first obtain a NOAA license. As part of the licensing process, NOAA reviews an applicant’s data protection plan, which describe the steps an individual or organization will take to secure its system architecture, facilities on the ground, communications networks and data. In addition, data protection plans reveal how companies will comply with specific terms and conditions of their license, like resolution restrictions over certain geographic areas.

This fall, NOAA plans to begin evaluating data protection plans along three tiers.

“Class 1 will be for systems where loss of data would not be deemed sensitive and the impacts of loss of control of the space vehicle would be minimal,” Dawkins said. “Class 2 will be for systems with sensors that produce sensitive data which is superior to non-U.S. sources, but still fairly distributable to customers. Some restrictions may be placed on these systems to protect national security or foreign policy. Class 3 systems would include sensors that produce very sensitive data for which unauthorized dissemination would pose a clear and significant threat to national security or foreign policy as well as loss of control of those space vehicles would produce significant hazards.”

In addition, when reviewing data protection, NOAA may consider whether a satellite will be gathering Earth imagery or observations and whether it will observe artificial or naturally occurring phenomena. “Additionally, we are looking more specifically at the type of technology and application rather than resolution,” Dawkins said.

This tiered approach was recommended by the NOAA Advisory Committee on Commercial Remote Sensing, a group comprised of industry, academic and government officials who produce, study or employ space-based remote sensing data.

David Langan, chief executive of Umbra Lab, a Santa Barbara, California, startup developing high-resolution synthetic aperture radar satellites, and a member of the NOAA advisory committee, applauded NOAA’s decision.

It will allow NOAA “to focus its resources, regulatory and auditing systems, on satellites that would present a national security threat if compromised,” he said. “The need for security measures is real. It is important to make sure it is proportional to the risk level and commercially viable. If you increase the bar to a point where commercial companies can’t get licenses, I would argue you would harm national security by limiting the commercial space sector in the United States.”


Read more SpaceNews coverage from SmallSat 2018