Securing space tech: Why we need to address cyber risks in orbit

The global space economy is evolving rapidly. It's projected to grow from $630 billion in 2023 to $1.8 trillion by 2035. Weekly breakthroughs – human spaceflights, new rocket systems and complex robotic missions to the Moon – mark a new era of exploration and connectivity. Technology plays a key role in accelerating space developments, but it also increasingly exposes ground stations, satellites and user terminals to emerging cyber risks.

Space assets are vital to modern society. Communication satellites enable global telecommunications, internet access and television. Companies such as Astranis, Amazon Kuiper and SWISSto12 are building satellites that will help connect remote regions beyond the reach of traditional communications networks. These satellites also serve as crucial backups to undersea cables, enhancing the resilience and redundancy of communication networks worldwide.

Navigation and timing satellites, such as those in the global positioning system (GPS), are equally indispensable, supporting over 6.5 billion devices globally — a number expected to grow to 10 billion by 2030. GPS applications include precision farming in agriculture, which boosts yields and reduces waste, and real-time fleet tracking and route optimization in logistics.

Beyond connectivity and coordination, space technologies are driving innovation across industries, from data centres in space to more reliable cloud services. Emerging innovations, like manufacturing drones and robotic systems, have the potential to revolutionize logistics, agriculture and healthcare. Space-based advancements in materials science enable the creation of new materials in microgravity, while other emerging innovations, such as space-based solar power and asteroid mining, could provide clean energy and rare materials for terrestrial industries.

Yet, as dependence on space infrastructure increases, so do the risks. The number of cyberattacks targeting satellites, ground stations and space agencies is rising with potentially severe consequences.

Recent incidents have underscored the vulnerability of space systems to cyber threats and the widespread impact these threats can have. Disruptions to GPS, for instance, could misguide aircraft, ships, autonomous vehicles and even military systems, causing large-scale chaos across industries reliant on satellite-enabled communication and logistics.

One of the most recent incidents occurred in March 2025, when Poland’s space agency, POLSA, had to disconnect its network from the internet to contain a breach and secure data. The agency’s operations were disrupted and were only fully restored after three days.

The potentially far-reaching consequences of such attacks were demonstrated by the 2022 cyberattack on Viasat’s KA-SAT network. Viasat’s satellite network was targeted by a sophisticated cyberattack that disabled tens of thousands of modems across Europe, severely disrupting communications, especially in Ukraine. The attack also impacted Germany, with 5,800 Enercon wind turbines malfunctioning, and caused prolonged outages in several other European countries, including France, Hungary, Greece, Poland and Italy.

These incidents illustrate not just the growing threat, but the deep-rooted vulnerabilities embedded in how space systems are built and managed.

Achieving cyber resilience in space systems is complex, constrained by physical, technical and geopolitical realities, alongside traditional barriers, such as cost. Space systems face several unique challenges in achieving cyber resilience, including the following three major issues:

Once deployed, satellites are physically inaccessible, making it difficult to patch vulnerabilities or respond quickly to cyber incidents. Unlike terrestrial systems, they must be managed remotely, leaving them exposed to evolving threats. Vast distances between satellites and ground stations also introduce latency, complicating real-time threat detection and response.

Traditional satellites were designed for lifecycles of 10–20 years, space infrastructure often relies on outdated legacy hardware and software with limited computational power, which are difficult to patch or upgrade. This makes it challenging to implement advanced security protocols, such as encryption or real-time threat detection. While newer satellite constellations are shifting to smaller satellites with shorter lifecycles, space systems also often lack standardized cybersecurity frameworks — leading to inconsistent protection across platforms.

Space is a complex, borderless environment containing a wide range of operators with different priorities, regulations and cybersecurity practices, complicating coordinated cyber defence. Each of these actors also relies on a set of interconnected supply chains supporting space systems, from manufacturing to launch and operations. Each node in these supply chains could introduce cyber vulnerabilities, especially through third-party vendors.

Amid these challenges, governments and regional and international bodies are advancing policies to strengthen space sector cyber resilience. The UK and Australia have formally designated space infrastructure as critical infrastructure, triggering mandatory cybersecurity standards and increased governmental oversight. In the U.S., the proposed Space Infrastructure Act could influence global cybersecurity norms, given the US leadership in space and ownership of nearly 70% of active satellites. Other national initiatives, such as NASA’s collaboration with NIST, and the UK Space Agency Cyber Security Toolkit aim to boost resilience and industry standards.

International bodies are also taking steps to strengthen space cybersecurity. For example, the International Telecommunication Union (ITU) sets standards for space communication networks, while the UN’s Office for Outer Space Affairs (UNOOSA) promotes global cooperation. Organizations, like the Space ISAC, facilitate collaboration across the space industry on cyber threat intelligence sharing and updated standards from the International Organization for Standardization and the International Electrotechnical Commission support secure practices for space organizations. At the regional level, the EU Cybersecurity Act certifies critical technologies, including space systems.

While regulations and public sector initiatives are key in advancing cyber resilience in space, efforts from all stakeholders are needed to ensure a more cyber-resilient future for the space industry. Space systems must be designed with cybersecurity in mind from the outset, incorporating strong encryption, redundant communication paths and advanced monitoring capabilities. Additionally, emerging technologies, like quantum key distribution (QKD) and advancements in quantum computing, offer promising solutions to protect communications between satellites and ground stations from cyber threats.

Building effective cyber resilience in space, however, requires more than technological advancements. Given the complexity of the ecosystem, collaboration between governments, the private sector and academia is essential. By these stakeholders collaborating, three key opportunities arise:

• Raise awareness – Educate and create awareness among decision-makers to reinforce cyber resilience as a strategic priority within the space sector.

• Mobilize action – Foster discussions to mobilize action and commitment for building cyber resilience within the sector.

• Develop insights and tools – Share insights, best practices and tools to strengthen cyber resilience across the sector.

Space is no longer a faraway technology domain, but an integral facet of daily life on Earth. It is crucial that we act now to ensure that space remains a secure domain for exploration, innovation and societal progress.