If you are applying for a licence to carry out commercial spaceflight and associated activities in the UK, it is important you understand the necessary security measures that may be required in relation to the physical, personnel and cyber security of space sites and operations. This includes requirements that cover facilities, equipment, spacecraft, carrier aircraft, other vehicles, payloads, cargo, supplies or other things at space sites.
Security requirements for all licence types under the Space Industry Act are explained in guidance on security matters for applicants and licensees.
Physical and Personnel Security
For a spaceport, range control or launch operator licence you must appoint a security manager – an employee of the organisation responsible for the implementation of the security programme of the spaceflight site or operation. This person must be able to achieve UK security vetting clearance and have appropriate training and qualifications to carry out the role in line with the requirements of Part 11 regulations. It is good practice to have a ‘deputy’ security manager cleared to this level of vetting in the event of illness or leave. As vetting can take up to around 6 weeks.
You will also need to submit a security programme that sets out the procedures that you will use to identify any potential security risks and rectify them. Rectification may include having to reapply security controls to any part of the operation where security may have been breached.
Additionally, all horizontal spaceports must be directed under the National Aviation Security Programme (NASP). Details of the publicly available elements of the NASP. Read the Secretary of State under the Aviation Security Act 1982 for further information on how to become a directed aerodrome.
Cyber Security
Our vision is to have a proportionate and effective approach to cyber security that enables space to manage their cyber security risks without compromising safety, security or resilience. Also, to stay up-to-date and positively influence cyber security within space to support the UK’s national security strategy.
Cyber Security Strategy under the Space Industry Regulations 2021
Under the Space Industry Regulations, all applicants are required to have a cyber security strategy for the proposed operation, based on a security risk assessment and, where required, a safety case.
The Cyber Team has published guidance for applicants and licensees. Should you require further information, please feel free to contact us at cyber@caa.co.uk and we will be able to answer any questions you may have.
Information handling
We are aware that some information relating to cyber security may be sensitive.
Before submitting sensitive cyber security information to the CAA please contact us at cyber@caa.co.uk You will receive secure Information Handling Instructions to ensure commensurate protections are established based on the sensitivity of the information in question.
Useful Links
CAA Cyber Security Certification Team
We would highly recommend joining the NCSC’s Cyber Security Information Sharing Partnership (CISP).
Provide page feedback
Please enter your comments below, or use our usual service contacts if a specific matter requires an answer.
Fields marked with an asterisk (*) are required.