To Trust or Zero Trust: Satellite Cybersecurity

Cybersecurity in the satellite & space industry has become a popular topic of discussion since the attack on ViaSat earlier this year. But cyber experts have been raising concerns about cyber threats on critical infrastructure for years, such as power grids, petrochemical plants, nuclear reactors, water systems, and satellites, to name a few. Large scale attacks such as Not Petya, the colonial pipeline and the SolarWinds cyberattack sent shockwaves around the world. The political and economic damage left afterwards urged governments to take precautions and extend cybersecurity measures across multiple industries, including the space industry.

Changing Landscape

NSR's Satellite and Space Cybersecurity Markets (SSCS) report forecasts cumulative revenues of $39.1B over the next decade, the majority being driven by SATCOM, which generates 93% of all revenues. Cybersecurity is not a new phenomenon in the satellite and space industry, but the question “How to incorporate cybersecurity on satellites and in space?” typically has received more emphasis than the question “Will this cybersecurity solution suffice to ensure the safety of the satellite and the ground segment?”. The current level of satellite cybersecurity is minimal as a large portion of the satellite industry is still making use of traditional cybersecurity that encompasses perimeter defense, access control and accountability. In addition, many of the in-orbit satellites and ground equipment still rely on legacy systems that are not secure against cyber-attacks. But also new space systems are vulnerable to attacks, as was shown recently how a security researcher hacked a Starlink dish to access the dish's software. If a researcher can hack a Starlink satellite dish with an investment of only $25 USD, the extent of a cyber-attack conducted by a state hacker can be far more reaching. It also shows that cyber criminals are constantly finding new ways to attack their targets. Altogether, the launch of thousands of satellites over the next decade will increase the attack surface tremendously and bring new cyber vulnerabilities to the space industry.



SATCOM is the largest addressable market and dominates cybersecurity revenues with 93%, generating cumulative revenues of 34.9B by 2031. We have also seen multiple examples of spoofing and jamming attacks on navigation satellites, eavesdropping attacks on Earth Observation satellites, or malware attacks on the ground segment. The latter is only one example of the many possibilities to get unauthorized access to the ground or space segment. So even if the attack on ViaSat was not as big of a surprise to cyber experts, it was a big wakeup call for the satellite industry, bringing the vigilance it previously lacked.



Just because we have seen most cyber-attacks on SATCOM satellites, less attacks on Earth Observation satellites or none reported on IOS/SSA, it does not mean the last three applications are exempt from being a target of cybercrime. In most cases, the purpose behind an attack still is to obtain sensitive data, deceive someone into obtaining wrong information, or create a temporary malfunction. The consequences of such attacks on the satellite ground segment or space segment can vary from revenue losses to physical damage to a satellite.

Navigation satellites have the highest per satellite cybersecurity spending, starting with approximately 10% of the overall satellite manufacturing cost. IOS/SSA is also making large investments to provide safety of satellites for its large majority of government customers, generating cumulative manufacturing revenues of $2.2B. Otherwise, SATCOM earns it high cybersecurity manufacturing revenues of $3.9 B by 2031 due to the quantity of satellites in Non-GEO. And Earth Observation satellites generate the least cybersecurity manufacturing revenues, with NSR forecasting cumulative revenues of $311.5 M by 2031 because most security efforts are on the end data front.

The Solutions

There is no single solution that solves all cyber threats against satellites, but there are numerous approaches that add a layer of security to the satellite and the network. The level of protection that exists today is mostly focused on mitigating attacks on the ground segment or the satellite link. But attacks can also be targeted at the infrastructure, the supply chain, individuals, and the satellite payload. This explains why the solutions are scattered and why security integration needs to happen on different levels: encryption, multi factor authentication, satellite hardware, software, and building awareness.

Because there is not a “one-solution-fits-all”, governments across the globe have been looking for the best cybersecurity methods. The U.S. Government has set forth a Federal “Zero Trust Architecture”, which is less of a standardized roadmap but a mindset to “never trust, always verify”. It continuously questions the security and vulnerability of each device inside and outside of the network. Probably a combination of ZTA with all the above solutions would be most efficient. But even then, 100% cyber resiliency would not be guaranteed. The winning team would be those who can predict the details of a next cyber-attack, which is very difficult with today’s proliferation of technological developments that include new cyber threats.

The Pitfalls

Many cyber attacks go unreported because decision makers don’t want their clients and investors to lose confidence in the organization. But also, a lot of cybercrime goes undetected due to lack of awareness. Most satellite operators do not have the knowledge or had cybersecurity training to recognize such attacks, not to mention the many different forms of cybercrime such as social engineering, malware, software threats, and the growing number of devices that expand the attack surface. One needs limitless eyes to detect anomalies on satellite hardware and the network. Nowadays, some detections can be done with advanced threat protection services, artificial intelligence, and machine learning algorithms. But these cybersecurity solutions are still expensive, with an average price for monitoring between $500 and $2,000 per month for a medium-sized network. Especially for space startups that are just trying to bring their product to market, such expenses are a deal breaker.

The implementation of space cybersecurity is going faster in some parts of the world than in others, with the U.S. and China leading investments and developments of laws and regulations. The European Union does not have satellite cybersecurity laws in place yet, hence many organizations that do have the financial capabilities to invest in cybersecurity are still waiting for regulations to dictate what to do, resulting in slow security integration.

This mixture of lack of awareness and financial capabilities with a laissez faire attitude are drivers for attackers to step up their game. Especially in times of conflict, cybercrime increases but security integration does not.

The Bottom Line

Cybersecurity in the space industry is not a newer concept than it is in other industries, but operators lack the knowledge and the capabilities to tackle cyber threats. The invasion of Ukraine has led to an increase in cyber-attacks inside and outside the space industry. Hence, space cybersecurity finally received the attention it deserves on different fronts: satellite cyber threats, security integration, costs, and regulations. Although there is no universal cybersecurity solution, the principle of Zero Trust Architecture currently seems to be the most reliable. Meanwhile, the space industry needs to continue its research for best security practices on the ground but also in space, in parallel with the most recent technological developments and newest cyber threats.