Cybersecurity
Supply Chain Security
The protection of space systems through security requirements and assessment of suppliers, vendors, and service providers.
Supply chain security addresses risks introduced through third-party components, software, and services used in space systems.
NIS2 Requirements Article 21(2)(d) requires entities to address:
- Supply chain security policies
- Supplier assessment procedures
- Security requirements in contracts
- Ongoing supplier monitoring
Space-Specific Concerns
- Counterfeit electronic parts
- Malicious code in software
- Compromised ground equipment
- Untrusted launch services
- Third-party data handling
Assessment Elements
- Supplier identification and classification
- Security capability evaluation
- Contractual requirements
- Ongoing compliance verification
- Incident notification obligations
- Subcontractor transparency
Best Practices
- Component traceability
- Secure software development requirements
- Background checks for personnel
- Physical security of facilities
- Diversification of critical suppliers
Coordination ENISA provides sector-specific guidance on supply chain security for space operators.