Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
Satellites Will Be Newest Cyberwar Front
As space transforms into a new battleground, experts foresee an escalating cyberwarfare landscape targeting satellites. The ongoing developments in satellite technology have spurred a race to build effective cyber defenses to counteract threats posed by foreign cyber warriors, espionage networks, and increasingly sophisticated hacker groups.
However, there is a significant hurdle: conventional cybersecurity measures largely falter in the harsh realities of space. The extreme environment in orbit is characterized by unique hardware configurations that leave little tolerance for delay or uncertainty—factors integral to traditional cybersecurity tools. In this context, the techniques utilized for intrusion detection and response must adapt to the distinct on-orbit network settings associated with the new mega-constellations, exemplified by systems like Starlink and Amazon’s Low Earth Orbit (LEO) satellites.
Experts have indicated that even the essential indicators of compromise (IOCs) — fundamental tools in cyber defense — struggle to adapt to the orbital environment. This realization has prompted initiatives among several government and private organizations, including the Department of Homeland Security’s (DHS) Science and Technology Division, the Aerospace Corporation, and multiple contractors affiliated with the U.S. Space Force. Their combined efforts aim to create cybersecurity solutions capable of identifying and, in some cases, counteracting malicious cyber actions embedded within onboard software.
Sam Visner, a prominent figure previously with the U.S. government and now chairing the Space Information Sharing and Analysis Center, emphasizes the urgency of these developments: “The convergence between the space domain and the cyber realm is accelerating.” Traditional norms and ethical practices, which previously safeguarded against attacks on satellites, are at risk. In an era when the U.S. and other powers have openly tested anti-satellite technologies, Visner laments the dilution of established boundaries. “Though physical assaults on space systems have been deterred by norms, the threat of cyberattacks continues to grow,” he asserts, citing the alarming precedent set during the Russian invasion of Ukraine, highlighted by their cyber assault on the U.S. commercial satellite Viasat.
Visner strongly advises the commercial space sector to bolster its defenses against these cyber threats. “There’s an urgent need for innovative technological measures that can detect intrusions, mitigate them, and discern anomalous operations,” he says, emphasizing the development of resilient space system architectures capable of withstanding cyber incursions.
The challenge is amplified by the constraints faced by satellite engineers. Due to the limited size, weight, and power capacity of devices intended for orbital deployment, the onboard operating systems are critical and need deterministic outputs. These systems tend to be conservative in adopting new, untested security measures due to inherent risks.
Ernest Wong, leading the technical efforts for space systems at DHS’s Science and Technology Division, points out the “onboard detection gap” that currently plagues satellite operation. Today, satellite operators primarily use telemetry—signals communicated from the satellites back to their ground stations—to identify potential cyber incidents.
One notable complication arises from the wide variety of different hardware and software utilized in orbit. “Unlike terrestrial enterprise networks that generally rely on Windows or Linux systems, satellites and other spacecraft operate on diverse platforms, each with unique flight software and architectural frameworks,” Wong explains. This complexity leads to challenges in recognizing the telltale signs of an ongoing attack.
Indicators of behavior (IOBs) are emerging as a useful counterpart to traditional IOCs. IOBs focus on deviations from normal operational behavior rather than being tied to specific malware, thus providing a framework for detecting both known threats and anticipated unknown exploits.
In partnership with the Aerospace Corporation, DHS has designed a cybersecurity tool dubbed SpaceCOP, which targets the commercial satellite sector’s need for intrusion detection capabilities. Ten commercial partners are currently testing SpaceCOP, with plans to make the software open-source later this year.
The roadmap for cyber protection in space includes not only enhancing existing software but also automating defensive responses to threats. Given the scale of new LEO mega-constellations—consisting of thousands of satellites—relying on human intervention alone is inadequate. Wong stresses that “some level of automation will be essential to manage defensive operations effectively.”
U.S. Space Force contractor Proof Labs is pioneering an AI-based initiative known as the Cyber Resilience On-Orbit program. This advanced tool employs machine learning to detect unusual behaviors in satellites from the ground, training itself with high-fidelity synthetic telemetry data organized by BigBear.ai using models furnished by Redwire Space Systems. Anticipated for release to military and civilian sectors, this development promises enhanced oversight and threat detection.
Currently, the only cybersecurity tool actively deployed in orbit is Silent Shield, developed by Deloitte and launched aboard their satellite, Deloitte-1. Designed to function out-of-band, Silent Shield monitors satellite outputs and performance without interfering with operational systems, thereby ensuring a safeguard against cyber intrusions.
Deloitte’s team has initiated a series of increasingly complex cyberattacks against Deloitte-1 to evaluate Silent Shield’s effectiveness, which has thus far successfully identified all attacks. With additional satellites—Deloitte-2 and -3—having been launched this year, the firm aims to illustrate how cyber defenses can be integrated into existing satellites already functioning in space, showcasing that upgrades can be managed via software updates.
As the realm of cyber warfare expands into the cosmos, it is imperative that the cybersecurity landscape evolves to meet emerging threats, ensuring the security of the invaluable space assets upon which modern society increasingly depends.