Space systems are now considered critical infrastructure, and often with a dual commercial and military use – increasingly making them cyber-attack vectors. This makes stringent cyber-security ever more important, particularly within the current geopolitical context of the full-scale Russian military aggression against Ukraine and the Iran war. Satellites play a major role in them both. They provide real-time intelligence, communication, and targeting data.
Countries from the U.S. to North Korea are making moves to adopt space weapons to attack enemy satellites. These weapons are reported to include undersea deterrence, artificial intelligence, and electronic warfare – AI-driven cyber-attacks that aim to disrupt and render satellites and ground-based systems useless. However, there is more than one attack method being deployed.
Attack vectors
Toby Harris (UK), Chair of the SDA Working Group at UKspace, says the main cyber-threats currently involve cyber-intrusion where data is both attacked and accessed, spoofing, and distributed denial of service (DDoS) attacks, which are mainly focused on the ground segment.
There are attacks upon supply chain vulnerabilities too, as well as the use of malware, which is the same as any other cyber-security issue on, say, a PC. He adds: “There is also command hijacking – part of spoofing – to take control of satellites, but I think that’s very rare, and in general the threats are increasingly focused on disruption, denial, and deception.”
“There is an element of trying to get access to data, whether on board the satellite or ground segment. The most common is to prevent normal operations. DDoS is one of the more common ways of doing it by bombarding a computer system to deny service. It can disrupt satellite operations indirectly. It’s often conflict driven. The Israel-Iran conflict in 2025, there was a huge surge in cyber-attacks. There are more satellite systems in space, making them a more tempting target.”
In terms of how much the threat has grown since 2024, Sylvester Kaczmarek, CEO of OrbiSky, says there isn’t a single dataset that covers the complete satellite stack. He remarks: “The safer summary is that ENISA-linked reporting points to a 300 percent rise over five years, Zayo saw DDoS frequency rise 106 percent from H2 2023 to H1 2024, and Space ISAC continued to assess the overall space threat environment as high in 2025.”
New IEEE standard approved
Dr. Gregory Falco, Assistant Professor at Cornell University’s Dept. of Mechanical and Aerospace Engineering, and Director at Aerospace Adversary Lab, is also the chair of the IEEE Standard Association’s Space System Cybersecurity Working Group. He says its new IEEE Standard for Space System Cybersecurity Design (IEEE P3536) for designing more secure space systems and satellites was approved by IEEE SA Standards Board on 26th March 2026.
“The real protection happens by designing a way that will rule out certain types of attacks from happening. We have an international standard approved, and this is an important step for the international technical community to design away the vulnerabilities of our satellites,” he argues.
He says there is increased interest in attacking and defending space systems, including satellites, from cyber-attacks because commercial satellite constellations are going up, such as Starlink and Amazon Leo, making them a big target. They become even greater objects of interest when they are used in conflicts.
While DDoS attacks are most common, Laurynas Mačiulis, CEO of Astrolight, says jamming satellite signals and links can’t on their own cause catastrophic damage unless control of a satellite is lost. He explains why: “The interference signal would cover a specific area on the ground, making communications on the ground impossible. You would still be able to control the satellite.”
“In the case of a low earth orbit (LEO) satellite with electronic warfare capability that can block certain frequencies, communication to the satellite could be blocked. However, it’s not so easy as we’re typically talking about a constellation of satellites. Yet it’s still possible to disrupt certain areas or satellites at a certain time.”
Catastrophic failure possible
However, Christopher Badgett, VP of Technology at Kratos, says catastrophic failure becomes possible if compromised Telemetry, Tracking and Command (TT&C) channels allow attackers to alter propulsion commands, trigger uncontrolled maneuvers, or the disablement of collision‑avoidance logic, potentially leading to debris‑generating events.
“Permanent damage can result if attackers send unauthorized commands—such as forcing the satellite to slew aggressively, operate outside thermal limits, or disable protective modes,” he explains. Navigational errors occur when attackers spoof or corrupt GNSS timing, modify attitude control data, or disrupt star-track inputs. Even minor deviations can cascade into orbital drift or incorrect pointing for sensors.
As to why ADCS, TT&C and payload systems are attacked, Kaczmarek says they are the parts of the system that matter most operationally and economically. He explains that Attitude Determination and Control Systems (AD&C) govern pointing, stability, and maneuver execution, while TT&C is the command path and operational nervous system. Payload systems carry the mission value, whether that is communications, imagery, navigation, or sensing.
“If an attacker wants to disrupt a mission, they go after control, but if they want intelligence, leverage, or revenue impact, they go after payload and data,” he reveals. However, Mačiulis argues that Space Domain Awareness (SDA) can help to prevent attacks. That’s because there is a need to track satellites that are considered to be a security risk – especially military ones.
“It’s important to understand what threats a satellite poses, the equipment it has, and to track objects to understand the capabilities, but this doesn’t help with active protection,” he warns. One of the main protective actions is to isolate that satellite when electronic warfare erupts in space, and to have a means of communication that is resistant to its attacks.
Lasers: Securing communications?
To this, his company has created a solution that uses lasers rather than radio waves as he claims lasers are more secure. “That’s because it’s very directional. It can’t intercept it or jam it. It’s possible to block it, but it’s near impossible to do so,” he claims.
Harris reveals that nation states are the most common ‘bad actors’ launching these attacks for strategic and military purposes. “There are also hacktivists who want to cause disruption or to make a point, but it depends on how much money they have, and how much infrastructure they have access to,” he notes.
“Realistically ground stations are more likely to be attacked. Nation states are most likely to be responsible for attacks on satellites, which can also be used as nodes to launch an attack. It’s hard to take control of them. If you do, you can cause it to fail, turn payloads on/off, interrupt communications, disable navigation signals and in general cause lots of intermittent problems.”
Cyber-security by design
Falco concludes by suggesting that the new standard will help to design away cyber-security issues and vulnerabilities. It contains the steps necessary to ensure that best practices are followed in protecting satellites, space and ground systems.
Further to publishing his paper, ‘Why is Space Cybersecurity Unique?’, he admits it’s very much a learning curve. He welcomes the interest in space cyber-security from the many converging parties – from computer scientists and control theory specialists to mechanical engineers, but underlines that there is no copy and paste cyber-security solution.
However, he says space cyber-security is going to get much more attention than it previously had because of the Iran war as there is a focus on, for example, Starlink as a target, and because of the US’s investment in Golden Dome. They are making space an important theatre for operations, and so cyber-security is fundamental to securing satellites and critical Infrastructure.