The Space ISAC reported a 118% surge in space-related cyber incidents in 2025. Space is no longer a benign environment; it is a contested, cyber-physical domain where the consequences of a successful attack can be catastrophic and irreversible. A spacecraft is not a server in a data centre. It cannot be physically patched, recalled, or replaced. A vulnerability discovered on-orbit may be unfixable for the entire mission lifetime.
This piece sets out the unique cybersecurity challenge of space systems, the framework that defines the threat landscape, and what good looks like for mission operators and programme managers.
Space systems are not monolithic targets. They comprise three distinct attack surfaces, each with its own threat profile, vulnerability class, and defensive requirements.
The spacecraft itself, the On-Board Computer (OBC), Flight Software (FSW), Command and Data Handling (C&DH), ADCS, propulsion, power, and payload systems. The defining characteristic: it cannot be physically patched in orbit. A hardware vulnerability embedded at manufacture is a vulnerability for the life of the mission.
The Mission Operations Centre (MOC), Ground Support Equipment (GSE), antenna networks, and developer environments. This is the most accessible segment to adversaries — terrestrial, internet-connected, and operated by humans. The Viasat KA-SAT attack in February 2022 was a ground segment attack. The spacecraft were never touched.
The RF communications between ground and space — TT&C uplinks and downlinks, crosslinks between satellites, and payload data links. This segment is inherently broadcast and vulnerable to jamming, spoofing, and interception. Any sufficiently powerful transmitter can attempt to communicate with a spacecraft that lacks cryptographic command authentication.
Space systems present a combination of constraints that have no equivalent in traditional IT or OT environments. Radiation-hardened hardware has limited processing power, and there is little overhead for security software. Mission lifespans of 5–15+ years mean systems designed a decade ago must operate securely today. The shift from bespoke, monolithic satellites to COTS components and mega-constellations dramatically expands the attack surface. Legacy protocols (CCSDS, MIL-STD-1553) were designed for reliability, not security. Physical access for patching is impossible once launched.
Space Attack Research and Tactic Analysis (SPARTA) is the definitive threat framework for space systems, developed by The Aerospace Corporation. Explicitly modelled on MITRE ATT&CK, it covers 9 tactics and 100+ techniques across the full attack lifecycle. The most impactful areas include Initial Access (IA-0001 Supply Chain Compromise, IA-0007 Rogue Ground Station), Execution (EX-0012 Exploit Flight Software — 13 sub-techniques), and Impact (IMP-0003 Denial, IMP-0005 Destruction).
On the same day Russian forces crossed into Ukraine, a cyberattack destroyed ~40,000 satellite modems across Europe via a compromised VPN appliance and AcidRain wiper malware. Attributed to Russian GRU by the US, UK, and EU.
Continuous GPS jamming across the Ukraine conflict zone since February 2022 has affected commercial aviation across the Baltic and Eastern Mediterranean. GPS spoofing in the Black Sea has caused ships to report false positions.
The Space ISAC reported approximately 25 space-sector organisations targeted by ransomware in 2024, many via supply chain vectors.
Effective space cybersecurity is a programme of work integrated across the mission lifecycle: security-by-design from concept through decommission; SPARTA-based threat modelling at the architecture phase; ground segment penetration testing before and during operations; supply chain security assessments for all hardware, software, and development environments; Zero Trust Architecture for ground-to-space communications; and real-time monitoring of Indicators of Behavior (IoB) in spacecraft telemetry.
Space is not the future of cyber threats; it is the present. The adversary is already mapping your mission. The question is not whether you are a target; it is whether you are ready.
Periculo provides Space Cybersecurity services, including SPARTA-based threat modelling, ground segment penetration testing, supply chain security assessments, and cybersecurity posture reviews.