- Latest available (Revised)
- Original (As made)
The Space Industry Regulations 2021
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Changes to legislation:
There are currently no known outstanding effects for The Space Industry Regulations 2021, CHAPTER 3.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
CHAPTER 3U.K.Cyber security
Spaceflight cyber security strategyU.K.
185.—(1) A licensee must draw up and maintain a cyber security strategy for the network and information systems (“the systems”) used in relation to spaceflight operations for which it is responsible.
(2) The strategy must—
(a)be kept up to date,
(b)be reviewed—
(i)no more than 12 months after the date on which the licence was granted and, subsequently, at intervals not exceeding 12 months, and
(ii)upon any upgrades made to the systems,
(c)be sent to the regulator following a review referred to in sub-paragraph (b)(i),
(d)be proportionate and appropriate for the type of systems operated,
(e)comply with international obligations of the United Kingdom and be consistent with such obligations,
(f)be based on a security risk assessment which—
(i)has been carried out by the licensee, and
(ii)is reviewed no more than 12 months after the date on which the licence was granted and, subsequently, at intervals not exceeding 12 months, and upon any upgrades made to the systems,
(g)ensure the security of the systems managed by employees or agents of the licensee,
(h)ensure that the systems are protected from—
(i)unauthorised access or interference,
(ii)other unlawful occurrences, and
(iii)cyber threat, and
(i)ensure that the licensee’s suppliers and their supply chain specify in their security protocols how they will achieve the cyber security requirements set out in the strategy.
(3) In this regulation—
“cyber threat” means anything capable of compromising the security of, or causing harm to, information systems and internet connected devices including hardware, software and associated infrastructure, the data on them and the services they provide, primarily by cyber means;
“jamming” means a deliberate blocking or interference with a wireless communication system by transmission of radio signals that disrupt information flow in wireless data networks by decreasing the signal to noise ratio;
“network and information systems” in connection with spaceflight operations means—
(a)
an electronic communications network within the meaning of section 32 of the Communications Act 2003(1),
(b)
any device or group of interconnected or related devices, one or more of which, pursuant to a programme, perform automatic processing of digital data,
(c)
digital data stored, processed, retrieved or transmitted by elements covered under sub-paragraphs (a) or (b) for the purposes of their operation, use, protection and maintenance, or
(d)
a flight safety system;
“spoofing” means a technique used to gain unauthorised access to computers whereby an intruder sends messages to a computer indicating that the message is coming from a trusted source;
“unauthorised access or interference” in connection with the security of systems relating to spaceflight operations includes hacking, jamming or spoofing of services or other recognised cyber threats;
“unlawful occurrences” includes theft of data.
Commencement Information
I1Reg. 185 in force at 29.7.2021, see reg. 1(1)
Duty to report a notifiable incident to the regulatorU.K.
186.—(1) A licensee must inform the regulator of any notifiable incident promptly and in any event within 72 hours after it becomes aware that a notifiable incident has occurred.
(2) In this regulation—
“notifiable incident” means any event—
(a)
of a type that has been determined by the regulator and the licensee as having an adverse effect on the security of the network and information systems used in relation to spaceflight operations, and
(b)
that may have a significant impact on future essential services provided by the licensee;
“security” in connection with the network and information systems means the ability of the network and information systems to resist any action that compromises the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or the related services offered by, or accessible via, the systems.
Commencement Information
I2Reg. 186 in force at 29.7.2021, see reg. 1(1)
(1)
2003 c. 21. Section 32(1) was amended by S.I. 2011/1210.
Options/Help
Print Options
PrintThe Whole Instrument
PrintThe Whole Part
PrintThis Chapter only
You have chosen to open The Whole Instrument
The Whole Instrument you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open The Whole Instrument as a PDF
The Whole Instrument you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
You have chosen to open The Whole Instrument without Schedules
The Whole Instrument without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open The Whole Instrument without Schedules as a PDF
The Whole Instrument without Schedules you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
You have chosen to open the Whole Instrument
The Whole Instrument you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open the Whole Instrument without Schedules
The Whole Instrument without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
Explanatory Memorandum
Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as enacted version that was used for the print copy
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Impact Assessments
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
- Why the government is proposing to intervene;
- The main options the government is considering, and which one is preferred;
- How and to what extent new policies may impact on them; and,
- The estimated costs and benefits of proposed measures.
Timeline of Changes
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as made version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.