Satellite Cybersecurity Act of 2025
- Bill Number
- S. 3404
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Science, Technology, Communications
- Status
- Introduced
- Latest Action
- 2026-04-14: Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
- Last Updated
- 2026-04-24T15:35:26Z
AI-Generated Summary
Purpose
The Satellite Cybersecurity Act of 2025 aims to strengthen the cybersecurity of commercial satellite systems—privately owned and operated satellite networks used for business—by requiring federal assessments, resource sharing, and coordinated strategies. It focuses on identifying risks, improving protections, and supporting private sector efforts without mandating new regulations.
Key Provisions
- Definitions: Establishes clear terms, such as "commercial satellite system" (a non-federal, U.S.-licensed network of satellites, ground infrastructure, and communication links), "cybersecurity risk" (potential harm from cyber threats, as defined in existing federal law), and "appropriate congressional committees" (specific Senate and House panels overseeing commerce, science, space, and homeland security).
- Study and Report on Federal Support (Section 3):
- The Comptroller General (an independent auditor for the federal government) must conduct a study on federal actions to bolster cybersecurity for commercial satellites, including ties to critical infrastructure (essential systems like power grids or transportation that, if disrupted, could harm national security or economy).
- Within 2 years of enactment, submit an unclassified report (with optional classified addendum) to congressional committees, covering:
- Effectiveness of federal efforts, including international and private sector partnerships.
- Public resources available for addressing cyber risks.
- How satellites integrate into critical infrastructure plans.
- Federal reliance on satellites, mitigation of risks (especially from foreign-owned or foreign-based systems), and agency coordination or overlaps.
- Recommendations for future actions, including information sharing.
- Includes a briefing to Congress and consultations with agencies like Commerce, Homeland Security, Defense, FCC, NASA, and others.
- Department of Commerce Responsibilities (Section 4):
- Within 180 days, create and maintain an online "clearinghouse" (a public hub) for cybersecurity resources, in coordination with the FCC and Cybersecurity and Infrastructure Security Agency (CISA).
- Must include voluntary recommendations, materials for operators (especially small businesses), and possibly controlled unclassified information (sensitive but non-secret data shared securely).
- Use existing platforms where possible and keep content updated.
- Consolidate voluntary cybersecurity guidelines covering topics like risk assessment, incident recovery, supply chain security, protections against jamming or hacking, and risks from foreign ownership or overseas infrastructure.
- Implement in partnership with private sector; coordinate with federal entities; consult non-federal groups like standards organizations.
- Submit biennial reports (for 9 years) to Congress on partnerships, consultations, coordination, clearinghouse status, recommendations, and feedback.
- Federal Strategy (Section 5):
- Within 120 days, the Secretary of Commerce (with National Space Council and National Cyber Director, plus coordination from Homeland Security, FCC, and others) must submit a strategy to Congress outlining agency roles and how cyber threats to satellites fit into broader critical infrastructure protections.
- Rules of Construction (Section 6):
- Clarifies the act does not classify commercial satellites as a new critical infrastructure sector or change existing agency powers.
Significant Changes to Existing Law
This bill introduces new mandates without directly amending prior laws. It builds on existing frameworks (e.g., definitions from the Homeland Security Act and Critical Infrastructure Protection Act) by requiring fresh studies, a dedicated resource hub, and a coordinated strategy—elements not previously specified for commercial satellites. It promotes voluntary guidelines rather than enforceable rules, avoiding expansion of regulatory authority.
Potential Impacts
- Government Agencies: Increases coordination among agencies like Commerce, DHS, FCC, and DoD, potentially reducing overlaps in cybersecurity efforts. Adds reporting and resource-maintenance burdens but fosters alignment on satellite protections, which could enhance national security without new funding specified.
- Citizens and Private Sector: Provides free, accessible tools and recommendations to help satellite operators (including small businesses) secure systems, potentially reducing cyber vulnerabilities in services like GPS, communications, and broadcasting that everyday people rely on. No direct costs to citizens, but indirect benefits through safer infrastructure.
- International Relations: Highlights risks from foreign-owned satellites or overseas ground stations, prompting better mitigation that could influence U.S. policies on foreign investments in space tech. May strengthen partnerships with allies on cyber threats but could strain ties with adversaries if risks are deemed significant.
Main Stakeholders Affected
- Federal Government: Departments of Commerce, Homeland Security, Defense, Transportation, and Justice; FCC; NASA; National Space Council; Office of the National Cyber Director; and the Comptroller General.
- Private Sector: Commercial satellite companies (owners/operators of U.S.-licensed systems), especially small businesses; supply chain vendors; and standards organizations.
- Congress: Specified committees for oversight, reporting, and briefings.
- International Entities: Foreign governments or companies involved in satellite ownership, operations, or infrastructure, due to focus on associated risks.
Notable Legal, Constitutional, or Political Implications
- Legal: Emphasizes voluntary measures and information sharing, preserving private sector autonomy and avoiding new regulatory burdens. The rules of construction protect existing agency jurisdictions, preventing legal challenges over authority overlaps.
- Constitutional: No direct implications; aligns with Congress's commerce and national security powers without infringing on free speech, privacy, or property rights.
- Political: Bipartisan sponsorship (by Senators Peters and Cornyn) signals broad support for space cybersecurity amid rising geopolitical tensions. Could set precedent for addressing emerging tech risks (e.g., in AI or quantum computing) through studies and strategies rather than mandates, influencing future legislation on critical infrastructure.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (1)
Recent Actions
- 2026-04-14: Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
- 2025-12-09: Read twice and referred to the Committee on Commerce, Science, and Transportation.
- 2025-12-09: Introduced in Senate
Bill Versions
- Satellite Cybersecurity Act of 2025 — issued 2025-12-09 — PDF (13 pages)