Cybersecurity & The New Space Race

Promotion

While the term “space age” may have once conjured images of an “out there” intergalactic realm of spinning satellites gathering data – a world largely disconnected from our daily lives – times have changed. Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world.

In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? According to Danny Palmer in an article for ZDNET, “satellites and space-based services that they provide are crucial to how we operate as a modern society.” A recent World Economic Forum article predicted that “future generations of smartphones…may well have satellite messaging capabilities for emergency communications where there is no terrestrial connectivity.”

The challenges faced by cybersecurity are no longer out of this world or even out of reach. They are stitched into the fabric of our daily routines, creating significant challenges for cybersecurity that Palmer predicts are, along with space-age technological innovations, “likely to grow.” If “cybersecurity in space is going to be arguably more important than it is on Earth,” how are industries and governments responding, and what does it mean that ensuring the security of the new space race may happen on the ground, and not in the sky?

Unique Vulnerabilities For Satellites

Until a decade ago, satellites weren’t launched by private companies, and the space race was largely the domain of governments, as well as a few select companies like Boeing and others, which were tightly contractually regulated. Computers and networks were not a part of the average person’s daily life, but now, appliances, laptops, smart watches, and other devices with connectivity are sold in the private sphere and used widely.

The explosion in private investments in space satellites and space technology from the commercial sector (Elon Musk, Jeff Bezos and Richard Branson, for example) has changed the cybersecurity landscape, creating unique and complex vulnerabilities. The complicated security aspect is often overlooked as there are no evolving standards nationally or internationally. Whereas satellites historically received data like TV signals from Earth and then amplified and mirrored them back to Earth, software-defined satellites can be reconfigured in space. While this increases vulnerability, it also means dynamic responses can be designed to respond to emergent threats.

Satellites are “more vulnerable than people realize,” according to an article by Brandon Bailey. As satellites have become “more digitized and software-driven, the attack, surface has expanded.” Just like the internet of things (IoT), an expanded surface area means more security risks, and satellites are a combination of embedded hardware and software operation in the physically isolated environment of space, which is already challenging to monitor or regulate. The more devices originate from more diverse sources, the more chances for sabotage. The fallout from an attack could be substantial and catastrophic. For example, blocking communications with a satellite could cut off vital communications and essential services – knocking out the electrical grid, for example, or allowing hackers to infiltrate other critical infrastructures on the ground, creating havoc and conflict on a wide scale.

As noted in IDST, because “the supply chain for hardware and software is depending on multiple component parts,” it makes security liability particularly complicated, especially when some of those parts are purchased overseas from different suppliers. “Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators and commercial users begin and end?” This will be an ongoing question as the space race develops.

Cyber-Resilience: The New Cyberecurity In Space

In addition to considering the traditional cybersecurity protocol of identity, protect, detect, recover, and respond, the new “cyber-resilient” definition also includes the ability to adapt, withstand, recover from, and adapt to stressors, attacks, or system compromises, some of which haven’t been seen before and cannot be anticipated until they occur.

Specifically, true cyber-resilience on spacecraft might require AI and/or other kinds of machine learning to build this necessary resilience.

Brad Stone, Booz Allen Hamilton’s CIO, states that, “for space cyber defense, you need to understand the mission, the ecosystem, and what threats make this environment different – whether in the systems themselves or the processes used to manage those systems.” A few points of emphasis: “location matters” as defense and intelligence space systems gather information using geographical coordinates. All connections within the “ecosystem” of satellites, ground systems, control centers, and connected devices must be checked, in addition to “ageing” software that leave potential weakness in supply chains and leave satellite systems open to attack; finally, jamming (OT attack) and pinging an uplink antenna (IT attack) – both strategies that attack the ground systems and not the satellites themselves – are an ongoing threat.

An article published by the World Economic Forum asks, “Will the battle for space happen on the ground?” This seems to be the most likely scenario, as space services have become more and more interdependent with networks on Earth. These services “support essential services such as military, utilities, aviation and emergency communications, and therefore get drawn into geopolitical conflicts on the ground. This was evident in February 2022, just as the Russian invasion of the Ukraine began, when satellite modems required a hard reset to repair compromised satellites in order to deliver vital communications to Ukrainian refugees in Slovakia.

According to RUSI (The Royal United Services Institute; the UK’s leading defense and security think tank), “It does sound a bit ‘Star Wars’ to say, but if you were to take control over a satellite, you could make it do what you want it to.”

Other threats include the possibility of planting an APT (Advanced Persistent Threat) into a satellite. Although anti-satellite weapons (ASAT) are limited in scope, with a handful of countries having orbital space capabilities, they remain real threats. In addition, regulatory frameworks have been unable to keep pace with technological evolution; hardware and satellite manufacturers, software developers, operators and commercial users must be in sync and close communication to offset cyber vulnerabilities. In other words, “security by obscurity” is no longer an option, because “as space systems have continued to grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space cyber. As private companies are increasingly involved in space technologies, the risk for criminal cyberattacks increases as well.

What Is The Role Of The U.S. Space Force?

The same cyber considerations that impact the private sector are also concerns for the Space Force, the United States’ new service about to enter its fourth year. To date, the military is one of the leaders of cybersecurity in space, planning initiatives across the space community to address cybersecurity for space systems, even in light of the absence of approved cybersecurity standards in this particular realm. With the goal of creating what’s known as “peace in orbit,” the new U.S. Space Force department is dealing with a primary battlespace that is not material, but digital, according to Josh Luckenbaugh, writing in National Defense.

Space Force, still only four years old, is concerned with how to assess cyber risks, as well as anticipate and prevent them in an ever-evolving environment. Lt. Gen. Stephen Whiting, quoted in an article from Space News, states that “the military is more comfortable dealing with physical security threats, whereas cybersecurity is a different problem that requires a nontraditional approach.” In order to increase knowledge of how to measure cyber risks, the Space Force is investing in defensive approaches to cybersecurity, versus just waiting to respond. Whiting goes on to explain that “the Space Force is now looking to add more squadrons of cyber specialists to support military units that operate communications, surveillance and navigation satellites.” Russia’s tactics in the Ukraine, when in February of 2022 they attempted to penetrate Ukrainian communications satellites in advance of the invasion underscore how these cyberweapons in space could be used to do terrible damage before, during and after on the ground conflicts.

Space Force operators recently participated in a new training exercise called “Black Skies,” overseen by STARCOM (Space Training and Readiness Command); this exercise allowed operators to experience “a mix of live fire and constructive” training. An upcoming “Red Skies” training will focus on orbital warfare to train soldiers on combatting threats in space, followed by other trainings to improve readiness and future cyber-resilience.

Cyber professionals have been commissioned directly into the Space Force industry, so one light at the end of this cybersecurity tunnel is yet more employment opportunities in the field of cybersecurity for trained professionals. Space Force will also seek to collaborate with industry partners, “setting up a commercial front door at Space Systems Command.”

See What CYRIN Can Do

At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We continue to evolve and develop solutions with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required.

These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN


Take a test drive and see for yourself!


You Might Also Read: 

The Back Door Threat To Cybersecurity:

 

« European & American Hackers Attack China
Cyber Security Strategies Need To Evolve Alongside The Enterprise »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.

Trofi Security

Trofi Security

Trofi Security provides Information Technology and Information Security services to organizations in both the public and private sectors.