Space cybersecurity governance: assessing policies and frameworks in view of the future European space legislation

The space industry has grown significantly in recent years and has become essential to our daily lives. Space applications are now critical for powering necessary infrastructure, such as energy grids and financial networks. However, as the use and value of space continue to rise, it has also become a primary target for cyber threats, posing a significant risk to the networks and their connections with critical infrastructure. As a result, policymakers in Europe and other regions are developing policies, standards, and guidelines to improve space cybersecurity and protect this crucial sector. This paper aims to analyze the responsible entities for space cybersecurity governance in the UK, the USA, Germany, and the European Union and compare existing policies and guidelines against current threats. The goal is to determine the steps necessary to make the industry more robust. Our study focuses on European legislation, with a future Space Law on the horizon. The first policies to be part of our comparative analysis are the "Technical Guideline BSI TR-03184 Information Security for Space System"established in Germany, the UK Space Agency's "Cyber Security Toolkit,"and NASA's Space "Security: Best Practices Guide". Our findings highlight how governance frameworks for space security have not yet been clearly defined and we foresee a significant increase in the fragmentation of policies. We emphasize the importance of defining resilience clearly and providing tools and metrics to help industries measure their security and evaluate risk levels, to comply with upcoming policies. To achieve this goal, we suggest mapping cybersecurity requirements to practical security controls and safeguards that companies can easily understand and implement.