Article 76
Risk management through the lifecycle of space missions
1. Union space operators shall take all the necessary measures to manage the risks posed to the security of network and information systems and the security of the physical infrastructure and environment, in accordance with the principle of proportionality, taking into account their risk profile and size, as well as the nature, scale and complexity of their space activities. The measures referred to in the first subparagraph shall be:
(a) comprehensive, to cover, depending on the tasks being carried out, all segments of space infrastructure, including the ground infrastructure, encompassing the systems and subsystems thereof;
(b) appropriate and proportionate to risks;
(c) based on an all hazard-approach.
[ADD POINT];
2. The measures referred to in paragraph 1, first subparagraph, shall allow Union space operators to:
(a) ensure at all times the resilience of space infrastructure;
(b) maintain effective technical control of their space missions, while allowing a level of risk that is appropriate and consistent with the objectives and the features of each space mission and compliant with supervisory instructions.
3. Union space operators shall take into account at least the following criteria when assessing the appropriate and consistent level of risk in accordance with paragraph 2, point (b):
(a) the type and features of the space mission, such as its specific objectives, the orbit, the constellation size;
(b) the impact upon other space activities;
(c) the size of the respective entity, the degree of exposure to risk and the likelihood and severity of incidents, including their societal and economic impact.
4. Union space operators shall manage the risks referred to in paragraph 1, first subparagraph, to ensure the digital and physical resilience of space infrastructure, throughout the lifecycle of space missions, with due regard to:
(a) the conception and design phases, including the preparatory activities to the manufacturing phase, such as mission analysis, system analysis, system definition, system design, until the complete determination of systems;
(b) the manufacturing and test phases, such as manufacture, assembly, integration, verification, validation and qualification phases;
(c) the operational phase, including:
(i) the transport, commissioning, launch and early orbit phase (‘LEOP’);
(ii) the operation of a space object, the routine phase, the activities related to the control, management and monitoring of a space mission and any relevant coordination thereof;
(iii) maintenance of the ground segment and space segment;
(iv) carrying out in-space operations and services, such as on-orbit servicing;
(d) the end of life phases, notably the end of the space mission, the passivation, the disposal, the decommissioning and de orbiting phases;
(e) any supporting activities, such as transport, storage, logistics, maintenance services, management of general ICT infrastructure.
5. Union space operators shall establish, implement and maintain an information security management system in accordance with relevant standards. The information security management system referred to in the first subparagraph shall be part of the overall risk management of Union space operators and shall be implemented in a way that allows them to efficiently and comprehensively address all sources of risk, pursuant to Article 78(1), point (a), and the principles laid down in paragraph 2, point (b).
6. Union space operators shall establish, implement and apply a policy and procedures to assess whether the cybersecurity risk-management measures taken are effectively implemented and maintained.
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/article.php:8) in /var/www/html/script/loginauth.php on line 163