Review – S 3404 Introduced – Satellite Cybersecurity

Last month Sen Peters (D,MI) introduced S 3404, the Satellite Cybersecurity Act of 2025. The bill would require the GAO to publish a report on government actions to support cybersecurity of commercial satellite systems. It also outlines new responsibilities for the Department of Commerce (DOC) on satellite cybersecurity. No new funding is authorized by this legislation.

This bill is very similar to S 1425, the Satellite Cybersecurity Act, that was introduced by Peters in May 2023. The Senate Homeland Security Committee held a business meeting on May 17^th, 2023, where this bill was considered. The bill was ordered favorably reported and the Committee Report was published on September 5^th, 2023. No further action was taken in the Senate.

There are two significant differences between the two bills. First, S 3404 changes the definitions in Section 3. S 3404 removes two definitions; ‘Director’ and ‘Sector Risk Management Agency’. It also adds the definition of the term ‘appropriate congressional committee’. The later change obviates the need for naming these committees in various places in the bill. The deleted definitions relate to the other, more significant change, a change in the agency, from CISA to DOC, responsible for the cybersecurity responsibilities outlined in this bill.

Moving Forward

Peters is a member of the Senate Commerce, Science, and Transportation Committee. This means that there may be sufficient influence to see the bill considered in Committee. I see nothing in this bill that would engender organized opposition, and I would suspect the bill would receive the same level of bipartisan support that S 1425 received in the 118^th Congress. Unfortunately, I do not think that the bill is politically important enough to take up the Senate’s time if it were to be considered under regular order.

 

For more information on the provisions of the bill, including a commentary on why the responsible agency was changed, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-3404-introduced-satellite-cybersecurity - subscription required.