Space Cybersecurity: Protecting Satellites from Digital Threats

In February 2022, within hours of Russia's invasion of Ukraine, a cyberattack on the Viasat KA-SAT satellite network knocked tens of thousands of modems offline across Europe, disrupting communications for military and civilian users alike. The incident was a watershed moment: it demonstrated that satellites and their ground systems are credible, high-value targets for state-sponsored cyber operations — and that the effects could cascade far beyond any single operator.

Space cybersecurity has moved from a niche concern to a policy and operational priority. Understanding the threat landscape and the regulatory frameworks developing around it is essential for any organization operating space assets or depending on them.

The Threat Landscape

Satellite systems present an unusually complex attack surface because they span multiple domains:

• Ground segment attacks — satellite control networks, mission operations centers, and customer ground terminals can be targeted through conventional cyber means: phishing, malware, supply chain compromise, and software vulnerabilities. The Viasat attack exploited a VPN misconfiguration in the ground network.
• Link layer attacks — uplink jamming (overpowering the command or communications signal with radio frequency noise), downlink jamming (disrupting signals received by users), and spoofing (transmitting false signals that receivers accept as legitimate, as demonstrated extensively against GPS)
• Space segment attacks — direct attacks on the satellite software through the command link; if an adversary gains unauthorized command access, they could disable, reposition, or permanently damage a spacecraft
• Supply chain vulnerabilities — space systems incorporate components from global supply chains; hardware implants or compromised firmware in flight computers, radio frequency components, or ground equipment present difficult-to-detect risks

GPS Spoofing: A Growing Operational Problem

GPS spoofing — transmitting counterfeit GPS signals to manipulate receiver position or timing data — has expanded from a niche military threat to a documented operational problem affecting civil aviation, maritime navigation, and precision timing networks. Spoofing incidents have been reported extensively around conflict zones and near certain national borders, affecting commercial aircraft and vessel navigation systems.

The civil GPS signal was not designed with authentication in mind. The GPS directorate and international GNSS providers have been developing authenticated navigation signals (GPS OCSNA, Galileo's OSNMA) to address this, but receiver updates and certification take years to propagate through existing fleets.

Regulatory Developments

Space cybersecurity policy is developing rapidly, particularly in the United States:

• Space Policy Directive-5 (SPD-5) — issued in 2020, established cybersecurity principles for space systems including a secure-by-design approach, protection of command and control links, and incident response planning. Foundational but non-binding for commercial operators.
• NIST guidance — NIST IR 8401 provides cybersecurity framework guidance specifically for satellite ground segment systems
• Department of Defense — Space Force and NRO have developed classified security requirements for government satellite programs; CMMC requirements apply to contractors across the supply chain
• FCC — the FCC has increased focus on satellite cybersecurity in its licensing process, and the voluntary nature of most commercial requirements is under active policy debate
• International — the United Nations COPUOS and ITU have begun discussions on international norms for responsible behavior in space, including cyber operations, though binding international agreements remain distant

Technical Mitigations

Space system operators and designers have a range of technical tools available:

• Encrypted command links — all command uplinks should use strong encryption with robust key management; legacy satellites often used minimal encryption that would not meet modern standards
• Anomaly detection — behavioral monitoring of telemetry can detect command injection or unexpected satellite behavior indicative of compromise
• Frequency hopping and spread spectrum — techniques that make it harder to jam or spoof communications links by spreading signals across frequency bands
• Multi-constellation GNSS — receivers using GPS, Galileo, GLONASS, and BeiDou simultaneously are harder to spoof consistently than single-constellation receivers
• Zero-trust architecture — ground segment networks are increasingly being designed with zero-trust principles: no implicit trust based on network location, strict identity verification for all access
• Software update security — secure software update mechanisms with cryptographic signing and verification prevent malicious firmware from being uploaded to operational satellites

Insurance and Liability Implications

Cyber risk is increasingly a factor in space insurance underwriting. Operators that can demonstrate robust cybersecurity practices — including third-party audits, incident response plans, and technical controls — may qualify for better terms. The Viasat incident underscored that cyber incidents affecting satellites can trigger significant claims not just for the satellite operator but for downstream users across multiple industries.

Explore SpaceNexus regulatory and compliance intelligence for the latest updates on space cybersecurity policy, and monitor the market module for cybersecurity sector developments affecting space companies.