The Future of Cyber Resilience in Orbit—and How Operators Can Lead It

As the field of cybersecurity continues to gain importance in the space industry, the widespread adoption of physical enforcers of digital space, in space, is on the horizon.

• Deloitte: This July, Deloitte launched Deloitte-1, equipped with "Silent Shield," an intrusion detection system designed to monitor and detect cyberattacks on space assets in real-time using an out-of-band monitoring approach that does not introduce new vulnerabilities. The company plans to deploy a nine-satellite constellation over the next 18 months to scale cybersecurity monitoring across the growing cluster of space infrastructure. The satellite will also serve as a testing range for cyber defense capabilities and Radio Frequency (RF) collection.                            
• Aerospace Corporation: In 2022, the Aerospace Corporation launched SpaceCOP, an intrusion detection system deployed on the Slingshot-1 CubeSat. This system utilizes Machine Learning (ML) to detect cyberattacks and anomalies on satellites in real time by analyzing novel cyber telemetry sources not available in standard satellite downlink channels. The system was validated through the Cybersecurity Space Mission Assurance Experiments (Cyber SMAX) government program and successfully identified subtle suspicious activities and simulated cyberattacks that traditional satellite monitoring would have missed.

Satellites in Geostationary Earth Orbit (GEO) have far longer mission time frames than those in Low Earth Orbit (LEO), and almost none of them have received security updates in their life spans, given that they were designed and launched decades before cybersecurity standards were established. Additionally, they lack the necessary technical capacity, including processing power and memory, for complex remote software patching or updates. Even with the newer satellites that have been launched, the nature of physical isolation in space means that they suffer from significant detection latency. When cyberattacks occur, operators must wait for satellite telemetry to be downlinked, a process that can sometimes take hours, depending on the satellite's orbital window. Afterward, they are transmitted through ground networks, reach security teams, and are then analyzed. During periods when satellites are outside terrestrial communication coverage ("blind zones"), there is zero visibility into onboard events. This reactive posture means security breaches can persist for extended periods undetected. These challenges have led to the traditional cybersecurity approach for satellites being viewed as “hardened but static systems,” which are difficult to update once they are in orbit.

One of the key approaches that emerged in response to these challenges is the lack of focus on securing the satellite. Instead, emphasis is placed on securing the ground stations, uplinks, and downlinks, using firewalls, access controls, encryption between ground and satellite, and perimeter defenses. Another approach is operating under the assumption that all components and communications within the satellite are trustworthy. As a result, many satellites lack features such as message authentication, integrity checks, or subsystem compartmentalization. This means that if any of the onboard components or the ground station that sends commands is compromised, malicious commands, signal spoofing, or unauthorized firmware updates may travel freely across the data bus, putting the entire satellite at risk. This same assumption leads to conventional satellites lacking onboard intrusion detection, anomaly detection, or autonomous defensive capabilities. They operate as isolated systems receiving commands from ground control, with no ability to identify malicious commands, detect tampering, or respond autonomously to threats.

Compounding these technical limitations is a deeper cultural factor. For decades, much of the space sector operated under a “security by obscurity” mindset. Satellite architectures were proprietary, systems were difficult to access, under the belief that if the system’s vulnerabilities and inner workings were kept secret, the risk of them being found and exploited would be low. However, once obscurity is compromised, the system is left vulnerable. This belief, shared by many government-affiliated industries, contributed to cybersecurity being underprioritized, underfunded, and often viewed as secondary to mission assurance. As space becomes increasingly commercial, interconnected, and software-defined, this mindset has proven to be increasingly outdated and dangerous.

The evolution of cybersecurity in space has accelerated rapidly over the past decade, beginning with early experimentation platforms like the European Space Agency’s (ESA’s) Operations Satellite (OPS-SAT), which provided one of the first openly accessible in-orbit testbeds for validating defensive techniques and understanding how real satellites behave under cyber stress. Building on this pioneering experiment, the Aerospace Corporation deployed SpaceCOP aboard the Slingshot-1 CubeSat in 2022 as part of the Cyber SMAX government program, using ML and novel cyber telemetry sources to detect simulated cyberattacks and anomalies in real time with remarkable effectiveness. The field reached a new milestone in March 2025 when Spire launched Deloitte-1, the first operational satellite dedicated to cybersecurity, carrying the Silent Shield intrusion detection system and functioning as an in-orbit cyber range for live attack simulations and defensive training. Together, these missions represent the evolution of space cybersecurity from theoretical vulnerability assessments to operational in-orbit detection, prevention, and defense capabilities, marking a fundamental shift in how the space industry protects its rapidly expanding constellation infrastructure.

This acceleration of space cybersecurity is underpinned by multiple drivers. The Space Information Sharing and Analysis Center reported that the number of cyberattacks on space assets in 2025, so far, has surged 118% from 117 in 2024. Additionally, the mega-constellation boom has created an exponentially larger attack surface, with ABI Research anticipating over 12,000 LEO satellites to be in orbit by the end of 2025 and more than 40,000 satellites across all orbits by 2031. The last driver is the geopolitical militarization of space, which has made satellite security a national defense priority for many. The convergence of critical infrastructure dependence, government defense spending, commercial space expansion, and legitimate cyberthreat acceleration is creating a durable, multi-billion-dollar market for dedicated space cybersecurity capabilities, positioning it as one of the fastest growing sub-sectors within aerospace and defense.

The outlook for this segment is promising, with strong indicators that firms are actively expanding their cybersecurity satellite initiatives and that the market is positioned for substantial growth. Deloitte is leading this charge by planning to launch a full 9-satellite constellation over the next 18 months beyond Deloitte-1, establishing a dedicated space cybersecurity infrastructure business. Last year, Lockheed Martin launched SmartSat, a software-defined satellite architecture that allows over-the-air software patches and updates to spacecraft already in orbit. Lockheed Martin claims that SmartSat enables satellites to “Better detect and defend against cyber threats autonomously, while on-board cyber defenses can be updated regularly to address new threats.”

Northrop Grumman, in the same year, unveiled KI-81, a flexible, high-throughput device encryption that can be attached to a satellite. Its purpose is to provide secure communication within large, interlinked LEO satellite constellations, which are critical for protecting mesh networks from cyberthreats. Against this backdrop, the commercial space sector is entering a period of accelerated demand for advanced cybersecurity, driven by the rapid rise of private operators, the mainstream adoption of software-defined spacecraft, and the increasing integration of space systems with terrestrial digital infrastructure. As commercial missions become more complex and more critical to national and economic resilience, operators are reassessing cybersecurity as a core mission assurance, rather than a compliance exercise.

The future of satellite cybersecurity lies in multi-layered, in-orbit resilience, with Space Domain Awareness (SDA) playing a central role. By integrating real-time cyberthreat detection with SDA platforms, operators gain continuous visibility into satellite operations, anomalies, and orbital behaviors, enabling threats to be identified and mitigated before they propagate. SDA allows satellites to correlate telemetry across multiple assets, detect suspicious activity, and prioritize responses across the constellation, adding a level of situational awareness that is impossible with ground-station-only defenses. When combined with redundancy across ground stations, onboard systems, and inter-satellite links, this approach ensures that no single point of failure can compromise mission continuity.

Unlike traditional strategies focused solely on securing ground infrastructure, this model empowers satellites to detect, isolate, and respond to threats autonomously—even during periods when they are out of terrestrial communication coverage. For commercial, government, and defense operators, integrating SDA with adaptive cyber defenses transforms satellites from static, reactive assets into self-aware, self-defending infrastructure, capable of evolving with emerging threats while maintaining continuous operational resilience across the entire orbital network.