The Expanding Attack Surface in Orbit
As Europe accelerates its deployment of satellite constellations for communications, Earth observation, and navigation, the attack surface for orbital assets has grown exponentially.
Modern satellite systems are no longer isolated hardware platforms; they are networked, software-defined systems that receive over-the-air updates, process data on-board, and communicate with ground segments through increasingly complex protocol stacks. This connectivity, while operationally essential, introduces cyber vulnerabilities that adversaries are actively researching and, in some documented cases, exploiting.
Our collaboration with the European Space Agency has provided direct insight into the threat models that drive mission-critical security architectures.
Lessons from Joint Threat Modelling
Through multiple ESA-funded projects, our teams have conducted structured threat modelling exercises against representative satellite architectures, mapping adversary capabilities against each segment of the space system:
- Ground control — where traditional IT security practices must be adapted to unique operational constraints
- Communication links — the command and telemetry interface, consistently the highest-value target
- On-board processing — where a single compromise can cascade into loss of mission control
Layered authentication, encrypted command channels, and on-board anomaly detection have emerged as non-negotiable baseline controls. Equally important is the resilience of ground segment infrastructure.
Toward a European Space Security Framework
The lessons drawn from these collaborations point toward the need for a unified European framework for space system cybersecurity. While individual missions implement bespoke security measures, the absence of a common standard creates interoperability gaps and inconsistent risk acceptance across programmes.
Industry and agency stakeholders are now converging on baseline security requirements spanning the full mission lifecycle:
- Design and integration — threat modelling from the earliest architecture decisions
- Launch and commissioning — secure boot and initial key provisioning
- Operations — continuous monitoring and anomaly detection
- Decommissioning — secure disposal of cryptographic material and access credentials
This framework-driven approach, informed by real-world threat intelligence and operational experience, will be essential as Europe’s space ambitions continue to scale.