Skip to main content

Let's talk about space, baby!

· 15 min read
Paige Haines
Paige Haines
Cyber Capability, Education, and Training Consultant
Space Thumbnail

So, what’s the deal with space and cyber security?

A group of researchers from UC San Diego and the University of Maryland found that nearly half of geostationary satellites transmit unencrypted data, exposing sensitive consumer, corporate, and even military communications. The study, titled “Don’t Look Up” [1] was presented at the Association for Computing Machinery conference in Taiwan on October 13th, 2025. This experiment was executed using an $800 satellite receiver over three years, they captured everything from private calls and texts to in-flight Wi-Fi traffic, without ever actively intercepting communications. You and I could simply purchase a consumer-grade dish potentially listen in.

“Satellites beam data down to the Earth all around us, all the time… roughly half of geostationary satellite signals… have been left entirely vulnerable to eavesdropping,” reported Wired [2]. The researchers picked up T-Mobile calls and texts, AT&T Mexico internet traffic, and critical infrastructure communications. Some companies like T-Mobile, Walmart, and Mexico's state utility CFE responded quickly by adding encryption, others have yet to secure their systems.

The Scale of the Problem

The researchers' findings were a little alarming. In just one nine-hour recording session, they collected 2,700 T-Mobile phone numbers and portions of users' calls and texts. The captured data included:

  • Telecom Data: T-Mobile, AT&T Mexico, and Telmex transmitted unencrypted backhaul data between remote cell towers and core networks. The researchers discovered that AT&T Mexico transmitted raw data including users' internet traffic and calling/texting metadata, along with decryption keys that could potentially be used to decipher other sensitive information.
  • Military and Law Enforcement Communications: The team intercepted unprotected data from U.S. military sea vessels and detailed communications from Mexican law enforcement and defense agencies, including locations and mission details for aircraft and troops.
  • Critical Infrastructure: Mexico's state-owned electric utility and other industrial systems were found transmitting internal operational data, like equipment failures and work orders, without encryption.
  • Corporate and Consumer Data: The team picked up in-flight Wi-Fi data, unencrypted corporate emails, ATM network information, and inventory details from companies including Walmart Mexico and Santander.

What strikes me the most in this experiment is the fact that researchers were only able to capture signals from about 15% of satellites currently in operation from their San Diego location. That is a small pool of satellites, making it a very lucrative eavesdropping opportunity. As Johns Hopkins University professor Matt Green noted, "It's crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible."

Understanding the Threat Vectors

Satellite systems face a diverse and evolving threat landscape (just like many of our own earthly systems) that extends well beyond passive eavesdropping. What do these threat vectors look like?

Eavesdropping and Passive Interception

The UC San Diego research exposed the most fundamental vulnerability: eavesdropping, both passive and active. The broadcast nature of satellite communications makes them especially susceptible, as satellite channels are wireless broadcast media, making it easy for your average John or Jane Cyber from down the road with an $800 dish to intercept the signal. Unencrypted data can be observed fully passively, so there is no way to know if someone has set up a dish to listen.

Jamming Attacks

Jamming is an intentional transmission of a high-power radio frequency signal equal to or very close to the frequency of the victim device. Navigation satellite systems like the U.S. GPS system and its counterparts in other countries are routinely jammed and spoofed.

The threat has reached such severity that in March 2025, the International Civil Aviation Organization (ICAO), International Telecommunication Union (ITU), and International Maritime Organization (IMO)[3] expressed “grave concern” about the increasing number of cases of harmful interference in the form of jamming and spoofing affecting the Radio Navigation Satellite Service (RNSS). These attacks are actively threatening civilian aviation, maritime navigation, and telecommunications infrastructure all over the world!

Spoofing and Signal Manipulation

Spoofing signals imitate genuine satellite data, tricking receivers on ships or aircraft into calculating false positions or providing faulty guidance. The sophistication of spoofing attacks varies considerably:

  • Basic spoofing involves transmitting fake signals at higher power than authentic ones to trick receivers into tracking false satellites
  • Advanced spoofing can include nulling attacks, where the spoofer must be aware of its spatial relation to the victim receiver for precise delivery of nulling signals, though this type of attack remains largely theoretical.

In 2019, GPS spoofing led a British oil tanker into Iranian waters where it was captured [4]. In 2022, signal jamming that resulted in loss of accurate positioning data contributed to an Azerbaijan Airlines flight crash [5].

Cyber Intrusions and Hacking

Hacking involves gaining unauthorised access to data in a system or computer, yet hijacking is a method an attacker uses to prevent the legitimate controllers from accessing the space system. The 2022 KA-SAT network attack [6] during Russia's invasion of Ukraine demonstrated the devastating potential of sophisticated cyber assaults on satellite infrastructure, disrupting services across Europe.

China's intentions for space warfare include the use of cyberattacks and electronic jamming to impact U.S. satellite systems, according to senior U.S. intelligence officials. PLA military writings reveal plans to jam foreign military GPS signals and to confuse, or "spoof," satellites with false location data.

Supply Chain Vulnerabilities

Complex, globally distributed supply chains for both software and hardware components create systemic cyber risk exposure across the space systems lifecycle. The SolarWinds compromise [7] demonstrated how trusted software updates can serve as entry points for adversaries. On the hardware side, reliance on components sourced from foreign or adversarial suppliers introduces integrity and espionage risks.

Current Mitigation Efforts and Standards

Despite the mounting number of attacks ongoing, there are efforts underway to secure satellite infrastructure. Multiple government agencies, industry bodies, and international organisations are developing comprehensive frameworks to address space cyber security.

In May 2022, the NSA updated its Cybersecurity Advisory for securing very small aperture terminal (VSAT) networks, "Protecting VSAT Communications." [9] The NSA's VSAT recommendations emphasise treating encryption as a mandatory implementation. In addition, the NSA is working with the commercial sector and operators to embed NSA-approved cryptography to protect critical communications and align with the Committee on National Security Systems (CNSS) policy. This includes developing quantum-resistant cryptography, with NSA's goal to be quantum-resistant by 2033 [10].

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued comprehensive guidance in March 2022 [11], recommending that satellite operators consider a range of solutions to address this issue. They suggested implementing independent encryption across all communications links leased from, or provided by, SATCOM providers and using secure methods for authentication, including multi-factor authentication where possible. In addition, they suggested a comprehensive vulnerability management strategy and patching practices, and monitoring network logs for suspicious activity.

Industry Collaboration and Information Sharing

Here at home, in November 2024, Deloitte enabled the global expansion of Space ISAC's Watch Center with a new hub in Australia, providing a global view of real-time threat intelligence and additional cyber security safeguards [18]. This partnership was strengthened in July 2024 when Space ISAC signed a Memorandum of Understanding with the Australian Cyber Collaboration Centre (Aus3C), marking a significant milestone in expanding Space ISAC's global reach and fostering international collaboration in space cyber security.

Space ISAC has emerged as a critical hub for threat intelligence sharing and collaborative defense and in April 2025, Space ISAC partnered with NASA SCaN on a space security information sharing initiative, representing a groundbreaking step in fortifying the security of space operations [12]. The Space ISAC watch center distributes specialised intelligence contributed by threat intelligence and cyber security teams at its member companies, cross-referenced and collated by trained ISAC analysts. They also launched a UK Global Hub in April 2025 to promote global threat monitoring and space security through cross-border collaboration and intelligence sharing.

In the European Union, as of January 2025, the NIS2 Directive classifies space as a sector of "high criticality," requiring satellite operators to meet cyber security obligations—including incident reporting and secure supply chain practices. The newly established EU Space ISAC (Information Sharing and Analysis Centre)[13] serves as a hub for threat intelligence and shared learning, with ENISA holding an observer role.

Technical Solutions Under Development

Understandably, the highest priority is encrypting sensitive data transmitted between satellites and ground stations using advanced standards like NSA-grade encryption to ensure the highest level of security. However, this implementation imposes additional overhead to an already limited bandwidth, decryption hardware may exceed the power budget of remote, off-grid receivers, and satellite terminal vendors can charge additional license fees.

Quantum cryptography is another technical solution being active considered by international organisations. With quantum computing threatening to break current encryption methods, the space sector is actively developing quantum-resistant solutions. For example, AROBS Polska was selected by the European Space Agency (ESA) to develop the Post-Quantum Cryptography Algorithms for Satellite Telecommunication Applications (PQC ASTrAL) project, integrating post-quantum cryptographic algorithms standardised in August 2024 by U.S. NIST [14].

Multiple initiatives are developing satellite-based quantum key distribution systems. ESA's EAGLE-1 Mission is set to launch in late 2026/early 2027 [15], while SealSQ successfully launched six QKD satellites in 2025, marking a significant commercial milestone. [16]

That being said, most satellites will likely use a combination of traditional asymmetric algorithms for performance reasons, with the option to switch to post-quantum algorithms should there be evidence that quantum computing has reached the performances required to break the traditional encryption.

Regulatory Developments

We have taken significant steps to address space cyber security within our broader critical infrastructure framework. The Cyber Security Act 2024 (Cth), passed on 25 November 2024, represents Australia's first standalone cyber security legislation [17]. The Act mandates minimum security standards for smart devices, which may include satellite communication devices, requiring manufacturers and suppliers to comply with standards of encryption, authentication, and risk mitigation when products are sold in Australia.

The Security of Critical Infrastructure Act 2018 (SOCI Act), with reforms implemented in 2021-2022 and further updates through the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024, now explicitly includes space technology as one of 22 critical infrastructure asset classes across 11 sectors. The reforms, which commenced on 20 December 2024, clarify existing obligations for critical infrastructure owners and operators to protect data storage systems holding business-critical data, and introduce stricter risk management requirements where businesses can be directed by the regulator to address deficient elements in their risk management programs [20].

However, experts have raised concerns about the adequacy of these measures. While space technology is now recognised as critical infrastructure, it is not addressed in isolation with sector-specific cyber security standards tailored to the unique aspects of space systems. Legal commentators note that Australia relies on a collection of existing, general-purpose laws including the Telecommunications Act, Cybercrime Legislation Act, and Radiocommunications Act, rather than developing specialised frameworks like those implemented by key allies [19]. Australia faces unique vulnerabilities in satellite security. Despite low satellite ownership figures, Australia is a global leader in the use of satellites for broadband connections, ranking third among OECD countries in total broadband satellite subscriptions. With services like NBN's Sky Muster (86,254 subscribers as of June 2024) and Starlink (more than 250,000 Australian customers in mid-2024) serving approximately 300,000 users, this heavy reliance makes Australia particularly exposed to satellite-related cyber security vulnerabilities [21].

The 2023-2030 Australian Cyber Security Strategy, released on 22 November 2023, provides the roadmap for Australia to become a world leader in cybersecurity by 2030, focusing on building six "cyber shields" including enhanced critical infrastructure protection. However, by 2030, satellite numbers are estimated to reach 27,000 to 65,000, generating more than $1.5 trillion in commercial revenue, and without specific classification and specialised standards for space technology assets, concerns remain about Australia's preparedness for sophisticated attacks targeting systems that govern national security and commercial sectors [22].

Conclusion

Satellites are the backbone of modern communication, navigation, weather forecasting, and countless other critical services. Despite how long they've been around, the UC San Diego research starkly demonstrates that many communication links remain poorly protected. Any disrupted or intercepted communications could impact national security, business operations, and individual privacy on a global scale.

The CSIS report identifies a "normalization of deviance" in the counterspace arena, where "cyberattacks, jamming and spoofing activities, and unfriendly behaviors in space have now become commonplace and rarely trigger an escalatory or retaliatory response."

Efforts to improve space cyber security are ongoing and accelerating. Industry and government bodies are implementing stronger encryption, hardening protocols, and collaborating to monitor satellite networks. The encrypted satellite telemetry upgrade market, valued at $1.53 billion in 2024, is projected to grow at about 10.2% CAGR through 2033 [23], driven by rising demand from defense and satellite operators as well as the commercial sector.

Space may seem distant, but all those little signals bouncing from satellites to Earth have a real impact on our daily lives. Securing this infrastructure is a necessity for protecting our space-curious civilisation. Following the UC San Diego researchers' disclosure, some companies like T-Mobile, Walmart, and KPU moved quickly to encrypt their communications, yet others have yet to act at all.

Space cyber security must be built into every aspect of satellite design, operation, and regulation, because in space, no one can hear you scream, but everyone can hear your unencrypted data.

References