Stellar safeguards: How organizations can protect space assets from cyberthreats

Ultimately, the confluence of these factors means space is increasingly interconnected, complex, and viewed as an exploitable vulnerability by criminal and geopolitical entities alike. Each will be explored, but three critical vulnerabilities stand out that motivate a specific set of defensive cyber responses:

• Difficulty seeing and sensing cyber adversaries (lack of robust cyberthreat-detection capabilities)
• Limited collaboration among companies and governments needed to share threat information and manage risks
• Insufficient security-by-design attributes from the cyber supply chain to the end users, particularly as it relates to data integrity and reliability from source to transmission to analysis

The consequences of attacks could pose significant economic, national security–related, and environmental costs for the United States and other countries.⁴ The United States relies on space systems for all 16 critical infrastructure sectors. Similarly, the world’s most lucrative industries rely on space systems.⁵ And cyberattacks can spread from system to system and country to country very quickly while costs to remediate them swell.⁶ Even the physical environment of space that space systems operate in can be impacted by cyberattacks. Such attacks on space systems can intensify existing threats like space debris and congestion, further endangering critical earth orbits.

Mitigating cyber risks within the space industry includes improving cyber resilience through three channels:

•  Enhancing the ability to sense and detect cyberthreats in near real time across the ecosystem, including on-board systems that can actively detect potentially harmful cyber incidents⁷
• Coordinating timely and effective responses across industry, government, and with international partners
•  Adopting secure-by-design approaches to space system development

Providing space systems with a strong defense against cyber vulnerabilities is a necessary step in the evolution of the space industry. To grow the space industry and increase the many benefits it provides civilians, companies, and governments, space systems in orbit and on the ground should be resilient to cyberthreats.

Cyberattacks: An old challenge with increasing complexity

Cyberattacks on space systems aren’t a recent development. The first reported cyber incident occurred in 1986 against a commercial satellite TV company.⁸ Since then, cyberattacks have affected government, commercial, and scientific space systems.⁹ The value derived from space systems often comes from the unique ways space allows each to communicate and collect information. Whether that’s commercial TV signals, systems that monitor the earth to detect wildfires, or satellites that collect information for military operations, space systems offer unique ways of aiding commerce, national security, and science.

The processes involved in sharing and collecting information from space can also expose vulnerabilities to cyberthreats. Because spacecraft operate high above the earth, there are five segments required to extract value from space-based operations. Together, the segments place satellites in orbit, allow them to collect and share information, and provide services to customers or users. The segments are:  

• Space: Space assets such as satellites in orbit
• Ground: The ground-based infrastructure critical to the functioning of the space system, such as satellite monitoring and control, ground terminals, and mission operations centers
• User: GPS receivers, smartphones, satellite communications’ transmit/receive terminals, etc.
• Link: The communications networks that connect the other segments, including ground to space, space to space, and ground to ground
• Launch: Components and activities, including launch vehicles, satellite payload interfaces, ground support equipment, launch site infrastructure, and required staff and personnel

These segments enable companies and governments to share and access information from orbit. However, each segment also presents potential entry points for cyber intrusions.

More satellites create more cyber risk

Today, the space and cyber domains are integral and interdependent. Each of the five space segments depends, to varying degrees, on the cyber domain and the globally distributed technology supply chain that feeds it. Each segment is a potential cybersecurity vulnerability, and the number of vulnerabilities is growing exponentially.

There are nearly 10,000 active satellites in orbit, and that number is currently doubling roughly every 18 months.¹⁰ Given publicly available private sector and government plans to deploy more satellites, the growth trend will likely continue.¹¹

In an increasingly competitive and important industry, both companies and governments are eager to develop new technologies and processes for each space segment. The space industry should be managing cyber risk across a growing and diverse suite of space systems and technologies. Each space segment depends on the cyber domain and the global technology supply chain that feeds it, and each can have cybersecurity gaps. Every satellite, ground station, user, or data link can be a target for cyberattacks. As the number of satellites and related systems increases, the space ecosystem becomes more vulnerable to cyberthreats.

While new technologies and operating concepts may not be inherently risky, they do require the space industry to account for new and diverse cyber considerations. For example, cloud services are being increasingly adopted across the space industry, and while they are not inherently insecure, they can pose unique cybersecurity challenges for space systems.¹² Similarly, militaries are developing proliferated constellations of space systems to enhance their resilience (for example, against physical attacks),¹³ but this may also increase their exposure to cyberthreats. More satellites, data, and communication links can create more cyber vulnerabilities for national security space systems just like they can for commercial systems. Proliferated constellations of satellites may still be a good choice, but they may require greater attention to cybersecurity.

The number of vulnerabilities is increasing, and so too are the incentives to use cyber to attack. As Deloitte’s research into ransomware shows, the prospect of higher ransoms can also lead to higher volumes of attacks. The industry is currently valued at US$570 billion and growing at around 8% annually.¹⁴ For criminals and other malicious cyber actors, who may be motivated by money, the space industry can be a new and potentially lucrative target.

Space’s geopolitical value is creating new incentives, too. Militaries worldwide rely on space systems, which means adversaries could attack those systems if hostilities break out. While there are several kinetic and non-kinetic ways to attack satellites, cyberattacks can offer greater anonymity and precision for attackers than other anti-satellite systems, like destructive kinetic anti-satellite weapons or signals jamming.¹⁵ According to General Stephen Whiting, Commander of United States Space Command, “We know that a cyberattack is where we are most likely to face the enemy in space.”¹⁶ Russia is believed to have conducted such an attack on a commercial satellite communications network prior to its invasion of Ukraine because the Ukrainian military also used the commercial network. 

While the business and national security value of space is growing—along with incentives for conducting cyberattacks—barriers to accessing and using cyber tools maliciously are declining.¹⁷ In all, there are more reasons and ways to attack space systems via cyber means than ever before.

While on earth, replacing IT systems to offset cyber vulnerability can be, at worst, costly and inconvenient, replacing IT systems for space capabilities is not always possible. There aren’t any “orbital IT repair services” to call on to replace hardware or other IT systems for orbiting satellites. And while cyber systems for ground and other space segments may be updated to account for cyber vulnerabilities, a space network may only be as strong as the weakest segment. General Whiting once remarked that cyberspace is the “soft underbelly of global space networks.”¹⁸

A growing space industry providing more diverse and vital services increases the industry’s vulnerability to cyberattacks. In June 2024, the Space Information Sharing and Analysis Center (ISAC), an organization designed to facilitate collaboration across the space industry related to threats, reported recording more than 100 attempted cyberattacks on space systems each week.¹⁹ Moreover, the effects of cyberattacks often extend well beyond the initial target, potentially having widespread and lasting consequences that are not limited to space.

Space cyber vulnerabilities can produce shared consequences

The interconnected world enables cyberattacks to spread rapidly, amplifying their consequences significantly. The costliest cyberattack in history—the NotPetya attack—cost an estimated US$10 billion dollars because it was able to spread throughout the entire world.²⁰ When everything is connected, everything can be at risk: This is increasingly true for space systems.

A cyberattack, attributed to Russia, on a satellite communications provider used by the Ukrainian military inadvertently affected 5,800 wind turbines in Germany.²¹ Several countries and non-state groups have utilized cyber tools to disrupt space systems, impacting critical infrastructure, aviation, television, IT systems, and other services used across industries and countries.²²

In addition to consequences on earth, cyberattacks can also lead to long-term disruption of the space environment itself. Earth orbits are a finite resource, and exponential growth in active satellite numbers and space debris could jeopardize the very use of those orbits.²³ Interfering with satellite operations through cyberattacks can increase orbital debris risk.

Tens of thousands of existing space debris objects pose a threat to space operations because there are currently no means of removing debris from orbit once it’s there. Preventing its creation is critical for helping to preserve the space environment for space operations. The dangers posed by debris recently led the Group of Seven, which represents many of the world’s leading economies and militaries, to announce their commitment to reducing the risks posed by space debris, given their increasing reliance on space systems.²⁴

To help avoid or limit the consequences of cyberattacks on space systems can require more than passive measures that attempt to keep malicious actors out of space systems or quickly patch issues; it requires the ability to defend against threats actively.²⁵

Empowering defensive cyber operations

The dynamism helping to define the space industry today makes the idea of a “perfectly secure” system more of an unrealistic goal. But that doesn’t mean there isn’t an opportunity to reduce the number and impact of the vulnerabilities across space segments.

One approach is to improve defensive cyber operations through better cyber situational awareness, information-sharing, and secure-by-design approaches to the cyber ecosystem.

Cyber situational awareness: Detect and respond

Identifying a potential cyber vulnerability or defending against cyberthreats requires knowing about them. But knowing where and what to look for across all five segments continuously requires quickly combing through mountains of data flowing through operational systems. The task can be overwhelming for individual operators. Ultimately, good cyber situational awareness requires the right tools.

Through tools enabled by artificial intelligence, like systems placed onboard satellites, new opportunities exist to enhance threat detection analytics of space systems. Given the volume of data, AI and machine learning (ML) can be used to help effectively analyze data and identify patterns that indicate potential cyberthreats. In one example, AI tools reduced the threat detection and triage timeline by more than half.²⁶ The adoption of such tools can be included through payloads placed onboard satellites—like a cybersecurity guard standing watch within orbiting satellites. 

More than just detecting threats, AI tools can also be used to understand, anticipate, model, and simulate potential attack scenarios, allowing organizations to build an attack management program proactively and fortify their systems accordingly. In such a scenario, the AI/ML model can recognize unusual signal patterns, and rather than relying solely on predefined rules, it can recommend adjustments to mitigate the impact of intrusion. Such systems can also log the incident data, which can be used for additional analysis. These opportunities to learn could also allow organizations to use AI for immediate incident response based on preapproved rules.

Both rapid detection and agile response should be leveraged to help space organizations keep pace with evolving threats. By employing these tools, the space ecosystem can significantly bolster its cyber defense posture. However, space organizations should collaborate to share information and ensure each has the data required to detect, understand, and respond.

Information-sharing to fuel a collaborative cyber defense

Operating space systems is inherently collaborative because most space operators don’t control all five space segments. For instance, satellite operators are often not also launch providers, ground stations may now be offered as a service, and users and service providers are often separate groups. While operating a space system requires collaboration, exploiting cyber vulnerabilities may not.  

One vulnerability in any segment can interfere with operations. For example, a vulnerability in a satellite communications system’s internet user router can be enough to disrupt the company’s ability to provide services to thousands of users.²⁷

Owners of space segments should collaborate to share information and manage cyber risks. Yet, two obstacles currently limit how the space industry shares information about cybersecurity matters: One, barriers imposed by nascent industry standards and regulations; and two, challenges arising from business considerations that inform risk management practices. Ultimately, these hurdles can make it difficult for the space industry to know who to collaborate with and how to orchestrate collaboration.

Challenges impacting collaboration

Few regulatory requirements and industry standards facilitate information-sharing and collaboration on space cybersecurity. Though regulations are not always necessary to encourage collaboration between private sector companies or between the private sector and government agencies, they can influence how industries collaborate.²⁸ For regulations to empower cooperation rather than hinder it, they should be agile to keep pace with the rapid evolution of space technologies.²⁹ The financial cost placed on companies to meet regulatory requirements should also be considered.³⁰

The US Government’s Space Policy Directive-5—Cybersecurity Principles for Space Systems—recommended the space industry to collaborate to develop regulations, guidance, best practices, and norms to enhance space system cybersecurity.³¹ Similarly, the Cyber Incident Reporting for Critical Infrastructure Act was created to establish rules for reporting cyber incidents to the Cybersecurity and Infrastructure Security Agency (though it applies only to organizations that operate in one of 16 critical infrastructure sectors and not all space systems fall under that designation).³² Though these efforts constitute  steps toward better cybersecurity collaboration within the space industry, there is opportunity to improve collaboration further.

A second challenge can arise when cybersecurity practices influence business decisions. Organizations can perceive their cybersecurity practices and incident strategies as proprietary information. Equally, sharing cybersecurity information too widely can also enable malicious actors by providing information that may help them avoid cybersecurity measures. These factors can motivate organizations to keep their cybersecurity practices close hold.

But there are ways to overcome these challenges. The Space ISAC offers a blueprint for secure, productive collaboration. To facilitate collaboration across the global space industry, the Space ISAC acts as a source for data, analysis, and discussion on space security for its members.³³ Through several communities of interest and working groups, ISAC members share experiences and information to raise the cybersecurity posture of the space sector.³⁴ Through collaborative industry groups companies can share information and learn discretely and without the market or oversight pressures that may come from more public conversations.

Looking outside of the space industry, the financial services sector offers an example of productive cybersecurity collaborations, like the Financial Services Information Sharing and Analysis Center, which facilitates real-time threat intelligence and response.³⁵ Similarly, the US Financial Stability Oversight Council works with financial institutions to establish cybersecurity regulations and guidelines and facilitates threat-reporting.³⁶ Additionally, financial institutions can have direct lines to the government and law enforcement to help tackle financial crimes against the institutions. Finally, since the financial sector is also connected across the globe, institutions collaborate globally to help increase security and many often participate in government-led cybersecurity exercises to test the security of systems and response actions.³⁷

A similarly robust framework of organizations and policies designed to foster cybersecurity collaboration could significantly enhance cooperative efforts across the space industry and help strengthen cyber resilience. Strong cooperation can also improve how space systems are developed from a cybersecurity standpoint.

A secure-by-design cyber ecosystem

A secure-by-design approach requires making cybersecurity a priority from the outset of product design through development to build products in a way that provides a reasonable level of protection from malicious actors.³⁸ Integrating cybersecurity throughout the engineering, manufacturing, and operations life cycles is important to defensive cyber operations. It’s often also the fiscally responsible choice, as attempting to compensate for limited cybersecurity features after an incident is likely to be more expensive if it can be added at all.  

Secure-by-design approaches can help reduce the amount of inconsistency among security controls and solutions in IT systems, increase efficiencies in development processes, increase the ubiquity of security measures within systems, and improve overall cybersecurity visibility and transparency.³⁹ Each improvement can make systems more resilient while allowing for a faster and more effective threat response.

For example, secure-by-design principles for software development encourage software developers to: first, take ownership of security outcomes rather than letting it fall on customers; second, be transparent and accountable by prioritizing the sharing of information; and third, build organizational structures and culture to ensure cybersecurity is a design and development priority at all levels of the organization.⁴⁰ Secure-by-design approaches may look different between software and hardware and other related elements of the cyber ecosystem, but the goal is often the same: Make cybersecurity a cornerstone consideration across the design, production, and operations of cyber ecosystem components and systems.

Secure by design should also include a secure supply chain. As a system, cyber exploits can be embedded in many subcomponents during manufacturing and assembly. For instance, malicious code can be implanted within hardware before the hardware is installed in a satellite or other space segment. It can then lay dormant until the device is deployed and operational. This can pose a significant threat to space systems, considering that compromised hardware aboard deployed satellites cannot be replaced and could compromise the security of other segments. Proper security protocols to verify the integrity of components at each stage of the supply chain, from sourcing materials to manufacturers and end users, should be implanted.

The concept of secure by design should be a guiding principle, emphasizing the need to account for cybersecurity requirements and risk mitigations throughout the design process. While following secure-by-design principles cannot guarantee that space systems are impervious to all threats, it can help reduce the system’s overall vulnerability by decreasing the number of exploitable flaws.⁴¹

Defensive offense

Good cybersecurity starts with a strong defense. Improving cyber situational awareness and secure-by-design approaches are key to a good defense in part because they can reduce the number of vulnerabilities, but also because they can create more opportunities to actively thwart attacks as they’re occurring. Cyber situational awareness and more secure systems are akin to a bank with more security cameras and vault doors: If a bank robber were to make it through the first vault door undetected, the security cameras would create more opportunities for bank security to detect the robber and add extra protection to the remaining vault doors.

The same is true in the cyber domain. When space systems are designed and monitored properly, cybersecurity managers can detect intrusions earlier and take actions to secure other systems, learn about the intruder, employ decoys, and potentially access the intruder’s network, among other options. The ability to more actively “maneuver” within the cyber domain can improve the effectiveness of defense cyber options. While keeping malicious cyber actors out of space systems is critical, so too is the ability to act if they gain access.  

Taking action

The space industry is rapidly changing, which can make organizing around the cybersecurity challenge difficult. Yet, the steps that should be taken to help improve cyber resilience of space systems don’t require monolithic change. Space organizations across government and the private sector should consider the following:

Leverage AI and ML tools, including through onboard systems, to improve cyber situational awareness across space segments. AI and ML tools can enhance the detection and analysis of potential cyberthreats to operating systems in real time, enabling proactive management and response strategies that the space ecosystem requires.

Establish cyber cooperation groups, inclusive of industry and government focused on developing the tools and pathways for better information-sharing, including norms, best practices, and regulation development. By creating these collaborative groups, stakeholders can better understand cyberthreats and develop cybersecurity frameworks and communication channels to improve cyber resilience across the industry.

Prioritize secure-by-design approaches throughout the engineering life cycle. Integrating secure by-design features from the initial design phase through to deployment can help ensure that cybersecurity is a core consideration across all space segment components and operations, which can enhance overall industry resilience.

Consider mitigations unique to the operator’s particular operating environment (for example, laser crosslinks, fail-safes, cyber-safe modes, and out-of-band recovery options for in-orbit assets). Tailoring mitigations to specific operational environments and technologies can help address unique vulnerabilities and potential attack vectors that an increasingly diverse space ecosystem will require.

Implement security protocols to verify the integrity of the full supply chain from manufacturers and suppliers to end users. Establishing stringent security checks throughout the supply chain can help protect components from cyberthreats before they are integrated into larger systems.

Adopt business measures (for example, customer or partnership agreements) that require partners to conduct basic cyber hygiene practices, including implementing measures like encryption, authentication, compartmentalization, and regular cybersecurity sweeps and updates to detect and prevent cyberthreats. Enforcing such measures through business agreements can help ensure that all partners maintain a minimum standard of cybersecurity and helps avoid “weak links” in space systems.

Evaluate company or organization policies that limit or prohibit the sharing of actionable cyberthreat information and reporting to find opportunities to share and report more. Assessing and amending restrictive policies can enhance transparency and cooperation among entities, leading to improved industry collaboration and solutions. As part of this effort, the incentives that discourage the sharing of information should be evaluated while efforts to align incentives for better information-sharing should be emphasized.

Space systems face an increasingly complex cyberthreat landscape, but the risk isn’t limited to the space industry. Attacks on space systems can ripple across industries and borders. The space industry should adopt measures that enhance defensive cyber operations. The cyberthreat to space systems is evident today, and efforts to thwart them should be, too.