Abstract

The emergence of the “New Space” era has transformed space into a critical domain for global security, commerce, and digital infrastructure. While this shift has driven innovation, it has also introduced unprecedented cybersecurity challenges. The increasing reliance on space-based services, coupled with the digitalization of satellite systems, has expanded the attack surface for cyber threats, making Anti-Satellite (ASAT) cyber operations a growing concern. This paper explores the convergence of cyberspace and space security, analyzing the vulnerabilities of modern satellite systems, the risks posed by supply chain attacks, and the implications for global stability. Additionally, it examines the European Union’s strategic response, including the European Union Space Strategy for Security and Defence (EUSSD), strengthened legislative frameworks, and enhanced cooperation among European agencies. As cyber-ASAT threats evolve, safeguarding space infrastructure will require coordinated international efforts, robust cybersecurity policies, and proactive mitigation strategies to ensure long-term space resilience.

BY EMANUELE CHIZZONI -imsISS

& PIETRO GOLA -EIT DIGITAL MASTER SCHOOL-CYBERSECURITy

In 1921, General Giulio Douhet predicted that air power would disrupt the balance between land and sea, making national borders less relevant [1]. Today, the emergence of space and cyberspace as domains of conflict has further blurred these boundaries [2]. Indeed, if traditionally space was dominated by state-run activity, since the early 2000s the "New Space" era has ushered in rapid commercialization, expanding the sector to include over 70 entities—ranging from nations and international organizations to private companies [3]. This surge in satellite deployments has accelerated digitalization, making space-based communications and internet connectivity integral to modern life. Thus, it is not surprising that today satellites support critical sectors such as transportation, finance, military operations and scientific research, erasing the distinction between civil and military domains [4].  Nevertheless, as space assets become increasingly digital, the convergence of cyberspace and space is intensifying. While cyber threats to space systems are not new, the transition from analog to digital—featuring IP protocols, software-defined radios, digital payloads, and onboard data processing—has vastly expanded the attack surface [5]. Furthermore, nearly every stage of a satellite’s lifecycle now depends on digital technologies, increasing its vulnerability to cyber threats. This fusion of digitalization and space liberalization introduces new and unforeseen risks. Unlike traditional space actors, commercial space companies emphasize transparency to drive innovation and collaboration. Furthermore, being profit driven commercial companies will sometimes choose for the “good enough options” potentially disregarding security concerns throughout the building process. Moreover, this inadvertently exposes critical systems to potential attackers, amplifying cybersecurity risks in an interconnected digital ecosystem. Thus, it is crucial for states that rely on commercial space companies to regulate the sector and enhance resilience through the private companies working within the space service supply chains.

The Growing Complexity of Satellite Systems: Rising Vulnerabilities to Cyberattacks

The space industry has evolved from the state-controlled “Old Space” era to the dynamic, commercialized “New Space” ecosystem. During the Cold War, space activities were almost exclusively controlled by national governments, with initiatives driven by security priorities, scientific advancements, and geopolitical competition [6]. This period saw high-cost, long-term projects such as the Apollo program, large and durable satellites, and risk-averse financial models [7]. Strict technology controls ensured space remained an exclusive domain of a few superpowers.  Nevertheless, with the Cold War’s end, the New Space era began taking shape in the late 1990s and early 2000s, fueled by technological advances and commercialization [8]. The miniaturization of satellites, cost-effective launch solutions, and reusable rockets, pioneered by companies like SpaceX, opened space access to private firms and smaller nations [9]. Unlike Old Space’s focus on national prestige, New Space prioritizes cost efficiency, shorter development cycles, and commercial applications such as mega-constellations, space tourism, and in-orbit servicing. While this shift has spurred innovation, it has also introduced new risks. Indeed, governments increasingly depend on commercial space services for critical functions, including geospatial intelligence and secure communications. The Ukraine conflict highlights this reliance, with companies like SpaceX (Starlink), Maxar, and ICEYE playing key roles in military and intelligence operations [10].  Moreover, this trend extends globally, with countries like Italy exploring commercial providers for secure communications [11].

However, the rapid commercialization and digitalization of space have significantly heightened cyber vulnerabilities. Previously isolated, satellite systems become interconnected with terrestrial networks, expanding the attack surface. This network isolation was further compromised with the rise of web-based services and large satellite constellations, where millions of earth stations now connect directly to the internet’s IP (Internet Protocol) space [12]. Thus, it is clear that as space becomes an integral part of the broader digital infrastructure and increasingly interwoven with terrestrial networks, this interconnectedness has significantly expanded the attack surface, rendering both satellite and ground segments more vulnerable to cyber threats [13].

Therefore, as space becomes an integral part of global digital infrastructure, the effectiveness of cyberattacks in anti-satellite (ASAT) operations has grown. Indeed, the growing frequency and sophistication of cyberattacks on space infrastructure are particularly alarming in the context of rising geopolitical tensions. A stark example of this threat was the 2022 Russian cyberattack on ViaSat’s KA-SAT network, aimed at disrupting Ukraine’s ability to leverage space-based capabilities [14]. This attack served as a wake-up call for European Union member states, as its impact extended far beyond Ukraine, causing widespread disruptions across Europe, affecting thousands of civilian customers and critical infrastructure.

Nevertheless, this case is the last of a long list, as cyber weapons have long been recognized as an integral part of the expanding ASAT arsenal. The first publicly documented cyberattack on a space asset dates back to 1998, when the German ROSAT satellite was compromised [15]. NASA’s investigation attributed the breach to a cyber intrusion at the Goddard Space Flight Center, allegedly carried out by Russian actors [16]. Since then, cyberattacks on operational space assets have steadily increased, fueling international security concerns [17]. Furthermore, between 2008 and 2016, the Russian-led Turla group exploited satellite systems to steal sensitive information from Western embassies, government institutions, and military entities [18]. This attack targeted organizations across forty countries, including the United States and several European nations such as France, Germany, Latvia, Poland, Serbia, and Spain  [19].

China has also engaged in cyber operations against space systems. In 2014, Chinese actors infiltrated the U.S. weather satellite system, raising significant security concerns [20]. Later, the cybersecurity firm Symantec reported additional attacks by Chinese hackers on two private U.S.-based satellite companies [21].

Moreover, since the 2010s, cyberattacks on space infrastructure have not only increased in volume but also in complexity, targeting both commercial and state-owned systems across a broad attack surface. These attacks originate from a diverse array of threat actors, ranging from state-sponsored groups to independent cybercriminals due to the easily availability. Research by Pavour and Martinovic recorded 113 cyberattacks on space systems between 1957 and 2022 [22]. More recent data from market intelligence firm CyberInFlight indicates a total of 337 cyberattacks since the 1970s, with 90 incidents recorded in 2023 alone [23]. Notably, 30 of these attacks occurred in January 2024, underscoring the accelerating pace of cyber threats to space infrastructure [24]. However, these figures likely underestimate the true scale of the threat, as many cyber incidents remain underreported [25].

How The European Union Is Enhancing The Cyber Resilience Of Space Infrastructure

The European Union’s strategy to strengthen the cyber resilience of space infrastructure is built on three pillars: (1) the adoption of the European Union Space Strategy for Security and Defence (EUSSD), (2) the expansion of cybersecurity legislation to include the space sector, and (3) enhanced cooperation through key European agencies and initiatives.

The EU Space Strategy for Security and Defence. The foundation for a cybersecurity strategy for space assets was laid in the Strategic Compass for Security and Defence (SCSD), which recognized the EU’s growing reliance on space-based services and the threats posed by cyberattacks. To address these concerns, the EU introduced the EUSSD in 2022, marking a significant step in integrating security and defense into its space policy. The EUSSD outlines a comprehensive threat landscape, emphasizing cyber threats as a primary vulnerability [26]. Moreover the Commission, in collaboration with member states, aims to identify and secure essential space services critical to the economy and national security.

Strengthening the Legislative Framework. Previously, cybersecurity regulations under the EU Space Program applied only to flagship programs like Copernicus, Galileo, and EGNOS. However, under the EUSSD, the EU has broadened its legislative framework to cover private-sector space assets as well. The NIS2 Directive now categorizes the space sector as critical, while the CER Directive extends cybersecurity requirements to space-related ground infrastructure [27, 28]. The Cyber Resilience Act further integrates space systems into the EU’s cybersecurity framework, setting minimum resilience standards and coordinating preparedness strategies [29]. These efforts will be reinforced by the upcoming EU Space Law, designed to build upon and unify existing regulations [30].

Enhancing Cooperation Through European Agencies. To strengthen cybersecurity cooperation, the EU has established the EU Space Information Sharing and Analysis Centre (ISAC) under EUSPA, fostering collaboration between industry and public entities [31]. Additionally, the European Space Agency (ESA) has launched the Cyber Security Operations Center (C-SOC) and the Security Cyber Centre of Excellence (SCCoE) at ESEC to monitor threats and enhance security for ESA and its partners [32]. ESA and the European Defence Agency are also deepening their collaboration on cyber resilience through shared capabilities, training programs, and information exchange with key EU cybersecurity actors such as ENISA and the European Cybersecurity Competence Centre (ECCC) [33].  EUMETSAT contributes by implementing robust cybersecurity measures, such as access control, intrusion detection, and real-time satellite monitoring [34]. Meanwhile, PESCO plays a role through cyber-related projects, including the Defence of Space Assets (DoSA) initiative, which prioritizes resilience against cyber threats [35].

Therefore it can be posited that by integrating cybersecurity into its space strategy, enhancing regulations, and fostering collaboration, the EU is taking proactive steps to secure its space infrastructure against emerging threats.

Conclusions

The rapid evolution of the “New Space” era has redefined the role of space in global security, commerce, and daily life. However, this transformation has also introduced critical cybersecurity vulnerabilities, particularly in the face of rising cyber-ASAT threats. The increasing digitalization of satellite systems, the growing reliance on commercial space services, and the interconnected nature of global networks have expanded the attack surface, making space assets more susceptible to cyberattacks. Supply chain vulnerabilities, outdated security frameworks, and the open nature of commercial space operations further exacerbate these risks.

As demonstrated by the European Union’s strategic approach, addressing these challenges requires a comprehensive and coordinated response. Strengthening regulatory frameworks, enhancing international cooperation, and investing in robust cybersecurity measures are essential to securing space infrastructure. Moving forward, both public and private stakeholders must work together to develop resilient, adaptive defenses against emerging cyber threats, ensuring the long-term security and stability of the space domain.

References

1 Douhet G.“Il Dominio dell’Aria e altri scritti” (2002) Aeronautica Militare, Ufficio Storico. Transalted by the authors.

2 Carlo, A. (2021). “Cyber Threats to Space Communications: Space and Cyberspace Policies”. In: Froehlich, A. (Ed.). Outer Space and Cyber Space: Similarities, Interrelations and Legal Perspectives. (55−66). Cham: Springer. (Studies in Space Policy). DOI: 10.1007/978-3-030-80023-94.

3 Quintana, E. (2017) “The New Space Age”. The RUSI Journal, 162(3), pp: 88-109. DOI: https://doi.org/10.1080/03071847.2017.1352377

4 Meloni A., Atzori L. (2017) “The role of Satellite Communications in the Smart Grid”. In: IEEE Wireless Communications, 2(2), pp. 50–56.

5 Poirier, C. (2022). “The War in Ukraine Froma A Space Cybersecurity Perspective” .ESPI Report 84. European Space Policy Institute: Vienna, Austria.

6 Paikowsky, D. (2017). “What Is New Space? The Changing Ecosystem of Global Space Activity”. DOI: 20.10.1089/space.2016.0027.

7 Ibid.

8 Ibid.

9 Quintana, E. (2017) “The New Space Age”. The RUSI Journal, 162:3, 88-109, DOI: 10.1080/03071847.2017.1352377

10 Höyhtyä, M., & Uusipaavalniemi, S. (2023). “Hybrid CoE Working Paper 21: The space domain and the Russo-Ukrainian war: Actors, tools, and impact”. Hybrid Center of Excellence.

11 Reuters. (2025). “Italy in talks over $1.5 billion SpaceX security services deal, Bloomberg News reports”. Reuters. Available at: https://www.reuters.com/technology/italy-plans-15-bln-spacex-telecom-security-services-deal-bloomberg-news-reports-2025-01-05/

12 Martinez, Larry F., (2024) “The Greatest Transformation: How Cyber Is Defining Security in the Space Domain”, in Saadia M. Pekkanen, and P.J. Blount (eds), The Oxford Handbook of Space Security, Oxford Handbooks (online edn, Oxford Academic, 22 Feb. 2024). DOI: https://doi.org/10.1093/oxfordhb/9780197582671.013.33,

13 Khan, S. K, Shiwakoti, N., Diro, Molla, A., Gondal, I., and Warren, M. (2024). Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions. International Journal of Critical Infrastructure Protection. DOI: 47.100724.10.1016/j.ijcip.2024.100724.

14 Poirier, C. (2022). “The War in Ukraine From A Space Cybersecurity Perspective” .ESPI Report 84. European Space Policy Institute: Vienna, Austria.

15 Pasco, X. (2015) “Various Threats of Space Systems”, in Handbook of Space Security. Pp. 673– 674.

16 Fritz, J. (2013) “Satellite Hacking: A Guide for the Perplexed”, Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies 31. Available at: https://librarysearch.bond.edu.au/discovery/fulldisplay/alma9930726583002381/61BOND_INST:BOND

17 UK HM Government (2014) National Space Security Policy (UKSA/ 13/ 1292, 2014), 2

18 Nakashima, E. (2015) “Russian Hacker Group Exploits Satellites to Steal Data, Hide Tracks”. Washington Post. Available at: https://www.washingtonpost.com/world/national-security/russian-hacker-group-exploits-satellites-to-steal-data-hide-tracks/2015/09/08/c59fa7cc-5657-11e5-b8c9-944725fcd3b9_story.html

19 Tanase, S. (2015) “Satellite Turla: APT Command and Control in the Sky”. Kaspersky Lab. Available at: https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/

20 Rosenfeld, E. (2014) “Chinese Hack US Weather Systems, Satellite Network” CNBN. Available at: https://www.cnbc.com/2014/11/12/chinese-hack-us-weather-systems-satellite-network-washington-post.html

21 Henry, C. (2018) “Satellite Industry Doing Surprisingly Well Against Cyber Threats, Experts Say”. SpaceNews. Available at: https://spacenews.com/satellite-industry-doing-surprisingly-well-against-cyber-threats-experts-say/

22 Pavur, J. and Martinovic, I (2022) “Building a launchpad for satellite cyber-security research: lessons from 60 years of spaceflight”, Journal of Cybersecurity, Volume 8, Issue 1. DOI: https://doi.org/10.1093/cybsec/tyac008

23 Poirier, C. (2024) “Understanding Cybersecurity In Outer Space” CSS Analysis In Security Policies. CSS, ETH Zurich

24 Ibid.

25 Ibid.

26 European Commission. (2023). “Joint communication to the European Parliament and the Council: European Union Space Strategy for Security and Defense” (JOIN(2023) 9 final). Brussels.

27 European Parliament & Council of the European Union. (2022). “Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)”. (Text with EEA relevance). Official Journal of the European Union.

28 European Parliament & Council of the European Union. (2022). “Directive (EU) 2022/2557 on the resilience of critical entities and repealing Council Directive 2008/114/EC”. (Text with EEA relevance). Official Journal of the European Union.

29 European Parliament & Council of the European Union. (2024). “Regulation (EU) 2024/2847 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)”. (Text with EEA relevance). Official Journal of the European Union.

30 European Commission. (2023). “Joint communication to the European Parliament and the Council: European Union Space Strategy for Security and Defense”. (JOIN(2023) 9 final). Brussels.

31 European Union Agency for The Space Program. “EU Space ISAC”. EUSPA Official Website. Available at: https://www.euspa.europa.eu/eu-space-programme/eu-space-and-security/eu-space-isac

32 Telespazio DE. “Cyber Safety and Security Operational Centre (C-SOC)”. Available at: https://www.telespazio.de/en/focus-detail/-/detail/csoc-focus

33 European Space agency. Official Website. Available at: https://esoc.esa.int/content/european-agencies-team-cyber-resilience

34 European Cybersecurity Competence Center and Network. Official Website. ECCC. Available at: https://cybersecurity-centre.europa.eu/document/download/df57be3e-4a20-43d7-a9c2-f1f2e4241a40_en?filename=ECCO%20Community%20Group%20on%20Space%20-%20Webinar%2028%20May%202024%20%281%29.pdf

35 Permanent Structured Cooperation. Official Website. Available at: https://www.pesco.europa.eu