Space Cybersecurity: Protecting Satellites from Hackers

On February 24, 2022 — one hour before Russian ground forces invaded Ukraine — a cyberattack disabled Viasat's KA-SAT network, knocking out internet service for tens of thousands of users across Europe, including Ukrainian military communications. The attack, attributed to Russian intelligence, used a malicious firmware update pushed to satellite modems. It was the most consequential publicly known cyberattack on space infrastructure, and it sent a clear message: satellites are targets.

As the space economy grows to $630+ billion and satellites become critical infrastructure for everything from banking to battlefield communications, the cybersecurity of space systems has moved from a niche concern to a national security priority. Yet the space industry remains, by many assessments, a decade behind terrestrial IT in cybersecurity maturity.

The Satellite Attack Surface

A satellite system has three main segments, each with distinct vulnerabilities:

Ground Segment

Ground stations, mission operations centers, and the terrestrial networks connecting them are the most accessible — and often the weakest — targets. The Viasat attack targeted the ground segment, compromising a VPN appliance to push malicious firmware to user terminals. Ground segment attacks use the same techniques as conventional cyber operations: phishing, network intrusion, supply chain compromise, and credential theft. Many satellite ground systems run on legacy software with known vulnerabilities, and some operators still use unencrypted command links.

Communication Links

The radio frequency links between ground stations and satellites — the uplink (commands and data sent to the satellite) and downlink (data transmitted from the satellite) — can be intercepted, jammed, or spoofed:

• Eavesdropping: Unencrypted satellite signals can be intercepted by anyone with the right equipment. Commercial SATCOM signals are routinely intercepted by intelligence agencies and, increasingly, by criminal organizations
• Jamming: Overwhelming a satellite's receiver with noise to deny service. GPS jamming is already widespread — Russia regularly jams GPS signals in conflict zones, and inexpensive commercial jammers are readily available. SATCOM jamming is more difficult but well within nation-state capabilities
• Spoofing: Transmitting fake signals that impersonate legitimate ones. GPS spoofing can cause navigation errors in aircraft, ships, and military systems. SATCOM spoofing can inject false data or commands

Space Segment

The satellites themselves are the hardest to attack but the hardest to fix. If an attacker gains access to a satellite's command and control systems, they can potentially:

• Reorient or reposition the satellite, disrupting its mission or causing it to deorbit
• Disable sensors or payloads, blinding EO or communications capabilities
• Exfiltrate data from onboard storage or intercept data in transit
• Brick the satellite by corrupting firmware or depleting propellant through erroneous thruster commands

Unlike a compromised server that can be physically accessed and reimaged, a satellite in orbit cannot be physically serviced (with very rare exceptions). A successful cyber attack on the space segment can result in permanent loss of a multi-hundred-million-dollar asset.

Who's Attacking Space Systems?

The primary threat actors for space cybersecurity are nation-states. China, Russia, North Korea, and Iran all maintain offensive cyber capabilities targeting space systems. The motivations are strategic:

• Military advantage: Disrupting an adversary's satellite communications, GPS navigation, and ISR (intelligence, surveillance, reconnaissance) capabilities degrades their ability to conduct military operations. Modern militaries are heavily dependent on space — the US military alone uses an estimated 80+ satellite constellations
• Economic espionage: Stealing satellite design data, proprietary imagery, and communications intelligence
• Coercive signaling: Demonstrating the ability to disrupt space systems without actually destroying them — a gray-zone tactic below the threshold of armed conflict

Non-state actors are an emerging concern. Criminal organizations have targeted satellite operators with ransomware. Hacktivist groups have attempted to disrupt satellite communications. As satellite ground systems increasingly use commercial off-the-shelf (COTS) IT infrastructure, they become vulnerable to the same automated attacks that plague every other industry.

The Current State of Space Cybersecurity

The space industry's cybersecurity posture varies enormously by segment:

• Military and intelligence satellites: Highly secured with encrypted command links, hardened ground systems, and extensive security testing. However, even classified systems have been compromised (the Turla group, linked to Russian intelligence, reportedly hijacked satellite internet connections for covert communications)
• Large commercial operators (SES, Intelsat, Viasat, SpaceX): Increasingly sophisticated cybersecurity programs, driven by government contract requirements and the Viasat wake-up call. Starlink has demonstrated notable resilience, rapidly countering Russian jamming attempts in Ukraine
• Small satellite operators and startups: Often have minimal cybersecurity capabilities. CubeSat missions frequently use unencrypted command links and minimal authentication. A 2023 academic study found that many small satellite operators had no formal cybersecurity program at all

The fundamental challenge is that satellites are designed for 15+ year lifetimes in an environment where cyber threats evolve in months. A satellite launched in 2020 with state-of-the-art encryption may face quantum computing-enabled decryption threats before it's decommissioned. Unlike terrestrial systems, satellites cannot be easily patched, upgraded, or replaced.

How the Industry Is Responding

Encryption and Authentication

The most fundamental improvement is encrypting satellite command links and data transmissions. The NIST Cybersecurity Framework and the Space ISAC (Information Sharing and Analysis Center) provide guidelines, and government procurement requirements increasingly mandate encrypted communications. Post-quantum cryptography — encryption algorithms resistant to quantum computer attacks — is being developed for next-generation satellite systems.

Zero-Trust Architecture

Companies like SpiderOak are bringing zero-trust security to space systems. Their OrbitSecure platform enables secure data sharing between satellites and ground systems without centralized key management, so that compromising any single node doesn't compromise the entire system. Zero-trust principles — "never trust, always verify" — are particularly important in space, where physical security is impossible.

Resilience Through Proliferation

Large constellations provide inherent cybersecurity resilience through numbers. If an attacker compromises or jams one Starlink satellite, there are 6,000+ others providing coverage. This "resilience through proliferation" approach is a key reason the US Space Force is investing in proliferated LEO constellations for military communications and missile warning, rather than relying on a few exquisite GEO satellites.

Software-Defined Satellites

Next-generation satellites are increasingly software-defined, meaning their capabilities can be reconfigured through software updates after launch. While this creates new attack surface (malicious software updates), it also enables cybersecurity patches and upgrades throughout the satellite's lifetime. Lockheed Martin, Airbus, and Thales are all developing software-defined satellite platforms.

Regulatory Requirements

Governments are beginning to mandate space cybersecurity. The US Space Policy Directive-5 (SPD-5) established cybersecurity principles for space systems. The FCC has proposed requiring cybersecurity plans as part of satellite licensing. The EU's NIS2 Directive includes space systems as critical infrastructure requiring cybersecurity compliance. The Space ISAC facilitates threat intelligence sharing among space operators, similar to ISACs in other critical infrastructure sectors.

Emerging Threats

• AI-powered attacks: Machine learning can automate the discovery of vulnerabilities in satellite systems, optimize jamming patterns to evade countermeasures, and generate sophisticated social engineering attacks against satellite operators
• Supply chain attacks: Compromising components or software during satellite manufacturing — a satellite may contain chips, firmware, or software from dozens of suppliers across multiple countries. The SolarWinds attack demonstrated the potency of supply chain compromises in terrestrial IT; the space supply chain is equally vulnerable
• Quantum computing: Future quantum computers could break the encryption protecting satellite communications. The transition to quantum-resistant cryptography needs to begin now, given the 15+ year lifetimes of satellites
• Proximity operations: As in-orbit servicing and inspection capabilities mature, the possibility of physically approaching and interfering with satellites creates a new category of threat that blurs the line between cyber and kinetic attacks

What Needs to Change

1. Security by design: Cybersecurity must be integrated into satellite design from day one, not bolted on as an afterthought. This includes encrypted command links, secure boot processes, hardware roots of trust, and over-the-air update capabilities
2. Workforce development: The intersection of space engineering and cybersecurity expertise is extremely thin. The industry needs training programs that produce professionals who understand both domains
3. Information sharing: Space operators need to share threat intelligence more openly. The Space ISAC is a start, but participation is limited and many operators are reluctant to disclose incidents
4. Supply chain security: Rigorous vetting of components and software throughout the satellite manufacturing supply chain, including hardware provenance tracking and software bill of materials (SBOM) requirements
5. Regulatory baseline: Mandatory minimum cybersecurity standards for all satellite operations, not just government systems. The current patchwork of voluntary guidelines is insufficient

The stakes are enormous. A successful large-scale cyberattack on satellite infrastructure could disrupt GPS navigation (affecting aviation, shipping, banking, and agriculture), knock out communications for millions of users, blind military ISR capabilities, or compromise the integrity of Earth observation data used for climate monitoring and disaster response. Space cybersecurity is not a space problem — it's an everything problem.

Track Space Cybersecurity on SpaceNexus

SpaceNexus covers the evolving space cybersecurity landscape through our Space Security module, including threat intelligence, regulatory updates, vendor profiles, and incident tracking. Stay informed about the threats targeting space infrastructure and the solutions being deployed to counter them.

Explore Space Security on SpaceNexus