Comparative assessment of satellite-system vulnerabilities, regulatory readiness, hostile cyber activity and resilience requirements, 2026–2031

Baseline Date: 16 July 2026
Forecast Period: July 2026–December 2031
Geographic Scope: Italy, European Union, United States and People’s Republic of China
Principal Intelligence Question: How will the expansion, commercialization and digital integration of space infrastructure change the probability and strategic consequences of cyberattacks against satellite services between 2026 and 2031?


Executive Summary — BLUF

  • Cyber operations against space systems are already an operational security problem, not a hypothetical future threat.
  • The most accessible attack surface is generally not the satellite in orbit but the interconnected ecosystem of ground stations, user terminals, software, cloud services, suppliers and command links.
  • Commercial expansion is increasing the number of assets, operators, interfaces and dependencies faster than governments can harmonize security requirements.
  • The most likely 2026–2031 trajectory is a rise in jamming, spoofing, credential theft, supply-chain compromise, destructive attacks on user equipment and disruption of ground-segment services.
  • A coordinated attack on several satellite providers remains less likely but could produce disproportionate effects across telecommunications, transport, finance, energy and military command systems.
  • Italy has begun building dedicated institutional capacity through cooperation between ACN and ASI and through a Cyber Security Operations Center for ASI infrastructure, but sector-wide implementation remains incomplete.
  • The European Union has placed space ground infrastructure within the high-criticality scope of NIS2 and is developing more sector-specific resilience requirements through the proposed EU Space Act.
  • The United States possesses the most developed public technical guidance, but federal oversight findings continue to identify inconsistent implementation across spacecraft acquisition and risk-management processes.
  • China is expanding both space infrastructure and national cyber-defense capabilities, but limited public technical disclosure prevents an independently verifiable assessment of the resilience of individual Chinese space systems.
  • Key Judgment: A strategically consequential space-cyber incident is likely during 2026–2031, with moderate confidence; the principal uncertainty concerns whether it remains localized or cascades across multiple critical sectors.

Key Judgments

Ground infrastructure will remain the primary attack vector

Assessment: Threat actors are more likely to compromise satellite operators through ground networks, administrative systems, cloud environments, supply chains and user terminals than by directly penetrating a spacecraft.

Probability: Very likely, 80–94%
Confidence: High

The ground segment combines conventional information technology, operational technology, identity-management systems, remote-access services, third-party software and command-and-control functions. NIST therefore treats satellite ground operations and hybrid satellite networks as interconnected cyber ecosystems rather than isolated spacecraft. NIST IR 8401: Cybersecurity Framework Profile for Satellite Ground Segment — National Institute of Standards and Technology — December 2022 — Verified source; NIST IR 8441: Cybersecurity Framework Profile for Hybrid Satellite Networks — National Institute of Standards and Technology — September 2023 — Verified source.

Indicator that would alter the judgment: Verified evidence of scalable remote exploitation of multiple spacecraft flight systems without prior compromise of terrestrial infrastructure.

Space-cyber incidents will increasingly create effects outside the space sector

Assessment: The strategic importance of satellite cybersecurity derives primarily from the terrestrial services that satellites enable, including communications, positioning, navigation, timing, weather monitoring, Earth observation and selected government and military functions.

Probability: Almost certain, 95–99%
Confidence: High

The European Union classifies space ground infrastructure as a sector of high criticality under NIS2 because disruption can propagate across borders and sectors. NIST similarly identifies hybrid satellite services as supporting communications, positioning, navigation, timing, remote sensing, weather monitoring and other critical-infrastructure functions. Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union — European Parliament and Council — December 2022 — Verified source; A Guide to Securing Commercial Satellite Operations — European Union Agency for Cybersecurity — March 2025 — Verified source.

Indicator that would alter the judgment: Demonstrated deployment of effective terrestrial alternatives that substantially reduce dependence on space-based services.

Disruption and degradation are more likely than permanent orbital takeover

Assessment: Between 2026 and 2031, hostile actors will more frequently seek to interrupt services, corrupt data, disable terminals, steal credentials or impose recovery costs than to assume sustained control of satellites.

Probability: Likely, 65–79%
Confidence: Moderate

Service disruption is operationally easier, politically more deniable and often sufficient to achieve coercive, criminal or military objectives. Plausible techniques include denial-of-service operations against portals, exploitation of remote-management systems, destructive malware, jamming, spoofing, credential compromise and manipulation of terrestrial data-processing chains. Permanent control of a spacecraft ordinarily requires deeper technical knowledge, persistent access and the ability to evade operational safeguards.

Indicator that would alter the judgment: Multiple authenticated incidents in which attackers retain spacecraft command authority for extended periods.

Commercial growth will widen the attack surface faster than regulation can fully standardize it

Assessment: The continued deployment of commercial constellations, small satellites and multi-operator networks will create additional interfaces, suppliers and software dependencies through at least 2031.

Probability: Very likely, 80–94%
Confidence: High

ESA reported that approximately 4,556 spacecraft were placed into orbit during 2025, an increase of 58% over 2024, with the United States accounting for most deployments because of large commercial constellations. ESA’s orbital statistics, updated in June 2026, recorded approximately 16,000 functioning satellites and about 45,910 regularly tracked space objects. These figures correct the lower and internally inconsistent launch estimates contained in the source text supplied for this report. ESA Report on the Space Economy 2026 — European Space Agency — 2026 — Verified source; Space Environment Statistics — European Space Agency — June 2026 — Verified source.

Indicator that would alter the judgment: Binding international technical standards that become enforceable across launch, licensing, manufacturing, operations and end-of-life phases.

Italy is moving from general cyber protection toward dedicated space-sector security

Assessment: Italy has established the institutional foundation for stronger space cybersecurity, but the effectiveness of the model will depend on operational integration, supply-chain enforcement and incident exercises.

Probability of continued institutional strengthening: Very likely, 80–94%
Confidence: High

In 2025, the Agenzia Spaziale Italiana assigned the development of a dedicated Cyber Security Operations Center intended to protect its missions and infrastructure. ASI and the Agenzia per la Cybersicurezza Nazionale also initiated structured cooperation covering the space and aerospace sectors. L’Agenzia Spaziale Italiana affida a Starion Italia la realizzazione del Cyber Security Operations Center — Agenzia Spaziale Italiana — June 2025 — Verified source; ACN–ASI: al via la collaborazione cyber nel settore spazio e aerospazio — Agenzia per la Cybersicurezza Nazionale — July 2025 — Verified source.

Indicator that would alter the judgment: Delays in operationalizing the ASI security center or absence of mandatory cyber requirements across commercial operators and suppliers.

Europe will progressively replace fragmented national controls with more harmonized requirements

Assessment: EU regulation will increasingly impose common resilience, reporting, governance and security-by-design expectations on space operators.

Probability: Likely, 65–79%
Confidence: Moderate

The NIS2 Directive already establishes cybersecurity governance and incident-management obligations for covered space ground-infrastructure operators. The European Commission’s proposed EU Space Act, introduced in June 2025, seeks a harmonized framework addressing safety, resilience and sustainability. The proposal should not be treated as enacted law until the legislative process is complete. EU Space Act — European Commission — June 2025 — Verified source.

Indicator that would alter the judgment: Material dilution, delay or fragmentation of the EU Space Act during negotiations and implementation.

U.S. technical guidance is advanced, but implementation remains uneven

Assessment: The United States has developed detailed space-cyber frameworks, yet oversight findings show that formal guidance does not guarantee consistent application across agencies and acquisition programs.

Probability that implementation gaps persist through 2028: Likely, 65–79%
Confidence: High

NIST has produced profiles for commercial satellite operations, ground segments and hybrid satellite networks. Nevertheless, the U.S. Government Accountability Office concluded in June 2025 that NASA had not fully implemented required risk-management steps across selected major projects. GAO had previously found that NASA needed to update cybersecurity requirements used in spacecraft contracts. Cybersecurity: NASA Needs to Fully Implement Risk Management — U.S. Government Accountability Office — June 2025 — Verified source; NASA Cybersecurity: Plan Needed to Update Spacecraft Acquisition Policies and Standards — U.S. Government Accountability Office — May 2024 — Verified source.

Indicator that would alter the judgment: Independent confirmation that risk-management controls are consistently integrated into spacecraft procurement, authorization and continuous monitoring.

China’s expanding capabilities will not be matched by equivalent public transparency

Assessment: China will continue strengthening space infrastructure, cybersecurity defense, situational awareness and cyber-sovereignty mechanisms, but open-source analysts will remain unable to verify the security posture of specific Chinese orbital systems.

Probability: Very likely, 80–94%
Confidence: Moderate

Chinese government documents emphasize critical-infrastructure defense, cybersecurity monitoring, emergency response, disaster backup and attribution capabilities. They also present cyber sovereignty and national control of digital infrastructure as strategic priorities. These sources establish official policy direction, not independently tested technical effectiveness. China’s Arms Control, Disarmament and Nonproliferation in the New Era — State Council Information Office of the People’s Republic of China — November 2025 — Verified source; China’s Law-Based Cyberspace Governance in the New Era — State Council Information Office of the People’s Republic of China — March 2023 — Verified source.

Indicator that would alter the judgment: Publication of independently auditable technical standards, incident data or implementation assessments covering Chinese civil and commercial space systems.


Navigational Index

Pillar I — Space Infrastructure as a Contested Strategic System

  1. The expansion of the orbital economy
  2. Dependence of terrestrial critical infrastructure on space services
  3. Cyberattack surfaces across space, ground and user segments
  4. Criminal, state-sponsored and hybrid threat actors
  5. The KA-SAT incident as an operational warning
  6. Cyber conflict, attribution and escalation thresholds

Pillar II — National and Regional Resilience Architectures

  1. Italy: ACN, ASI, national cyber law and space governance
  2. European Union: NIS2, ENISA and the proposed EU Space Act
  3. United States: NIST frameworks, NASA governance and commercial networks
  4. China: cyber sovereignty, BeiDou and strategic opacity
  5. Supply-chain security and commercial operator responsibilities
  6. Insurance, procurement and corporate-liability exposure

Pillar III — 2026–2031 Threat Evolution and Strategic Risk

  1. Criminal monetization of satellite-system vulnerabilities
  2. State-sponsored pre-positioning and wartime disruption
  3. GNSS jamming, spoofing and integrity attacks
  4. Artificial intelligence and autonomous cyber operations
  5. Four strategic scenarios for 2026–2031
  6. Indicators, warning thresholds and government response options

Scope, Definitions and Method Note

Scope

This report examines malicious cyber activity affecting satellites, space-enabled services, ground stations, control networks, user terminals, supply chains and terrestrial data-processing infrastructure. It compares the institutional and strategic posture of Italy, the European Union, the United States and China.

The assessment focuses on deliberate cyber activity by:

  • financially motivated criminals;
  • state-sponsored groups;
  • military and intelligence services;
  • ideologically motivated actors;
  • insiders;
  • supply-chain infiltrators;
  • proxy groups operating with varying levels of state direction.

Exclusions

The report does not provide:

  • operational instructions for compromising satellites;
  • classified capability assessments;
  • unsupported attribution of specific attacks;
  • detailed vulnerability information that could facilitate exploitation;
  • a comprehensive assessment of kinetic anti-satellite weapons;
  • a complete legal opinion on Italian or international liability;
  • invented estimates of undisclosed incidents.

Cybersecurity, electronic warfare and kinetic counterspace capabilities overlap, but they are not interchangeable. Jamming and spoofing may involve electromagnetic rather than conventional network intrusion. They are included where they affect the confidentiality, integrity, availability or authenticity of space-enabled services.

Critical Definitions

Space segment: Satellites, payloads, onboard processors, flight software and inter-satellite links.

Ground segment: Mission-control centers, antennas, telemetry systems, cloud platforms, data-processing environments, administrative networks and remote-access infrastructure.

User segment: Receivers, satellite terminals, modems, applications and devices that consume or transmit space-enabled services.

Hybrid satellite network: A system in which government, commercial and other space and terrestrial components jointly provide a service.

Cyberattack against a space system: Malicious activity intended to gain unauthorized access, disrupt operations, manipulate data, degrade service, destroy digital assets or obtain persistent control over any component supporting a space-enabled capability.

Analytical Methods

The initial assessment uses:

  • key-assumptions checking;
  • capability–intent analysis;
  • attack-surface mapping;
  • causal-chain analysis;
  • comparative institutional assessment;
  • indicators and warnings;
  • preliminary competing-hypothesis analysis;
  • bounded scenario forecasting;
  • red-team review.

A numerical Monte Carlo simulation has not been conducted in this initial section. The available public evidence does not provide a sufficiently comparable dataset for incident frequency, successful intrusion rates, latent access or cross-sector loss distributions across all four jurisdictions. Creating numerical outputs without such inputs would produce false precision.

Source Limitations

Public reporting significantly understates unsuccessful attacks, undetected compromises, classified incidents and vulnerabilities corrected without disclosure. China publishes strategic policies but limited system-level evidence. Commercial operators may restrict incident details because of security, legal, insurance or reputational concerns. Government attribution may also reflect sensitive intelligence that cannot be independently examined.


Master Abstract

Space infrastructure has become an indispensable component of the terrestrial economy, but its security cannot be understood by examining satellites in isolation. Modern space services emerge from an interconnected architecture that links spacecraft, ground stations, cloud platforms, software suppliers, telecommunications carriers, user terminals and public-sector networks. A successful attacker does not necessarily need to compromise a satellite’s flight computer. The same strategic effect may be achieved by disrupting a mission-control environment, stealing operator credentials, corrupting data, disabling user terminals or interrupting the terrestrial networks through which commands and services flow. NIST consequently treats commercial satellite systems and hybrid satellite networks as interdependent cyber ecosystems whose risk extends across organizational and technical boundaries. The European Union has reached a similar regulatory conclusion by placing covered space ground infrastructure among the high-criticality sectors governed by NIS2. Introduction to Cybersecurity for Commercial Satellite Operations — National Institute of Standards and Technology — February 2023 — Verified source; NIS2 Directive: Securing Network and Information Systems — European Commission — January 2026 — Verified source.

The rapid expansion of orbital activity is intensifying this exposure. ESA reported that 4,556 spacecraft entered orbit during 2025, while its June 2026 statistics estimated that approximately 16,000 functioning satellites remained in space. Expansion is concentrated in commercial constellations, particularly in low Earth orbit, where high launch cadence, standardized hardware, software reuse and networked operations can produce both resilience and systemic concentration. Large constellations reduce dependence on individual satellites, but they also create extensive identity systems, automated management platforms, software-update mechanisms and user-terminal populations. A vulnerability affecting a shared component can therefore scale across many assets. The strategic question is no longer whether every individual satellite can be made invulnerable; it is whether an operator can prevent a local compromise from propagating across a fleet, maintain minimum service during disruption, authenticate commands and updates, isolate compromised segments and restore trusted operations. ESA Report on the Space Economy 2026 — European Space Agency — 2026 — Verified source; ESA’s Annual Space Environment Report — European Space Agency — May 2026 — Verified source.

The 2022 attack against the KA-SAT network remains the clearest publicly acknowledged example of the strategic consequences of compromising a satellite-service ecosystem during an armed conflict. The European Union formally attributed the malicious activity targeting the Viasat-owned network to the Russian Federation and stated that the attack occurred approximately one hour before Russia’s invasion of Ukraine. The operation produced communications disruption affecting public authorities, businesses and users in Ukraine and several EU member states. This case supports three analytical conclusions. First, satellite communications are viable targets for pre-conflict or opening-phase cyber operations. Second, attacks on commercial infrastructure can generate military and civilian effects simultaneously. Third, spillover is not necessarily constrained by national boundaries or by the attacker’s principal theater of operations. The available official EU declaration supports the attribution and strategic effects, but it does not independently establish every technical detail reported in subsequent commercial or private-sector reconstructions. Claims concerning the exact malware deployment chain, precise modem totals and individual downstream effects must therefore be attributed separately rather than merged into a single established narrative. Russian Cyber Operations Against Ukraine: Declaration by the High Representative on Behalf of the European Union — Council of the European Union — May 2022 — Verified source.

The threat population is broader than state intelligence and military organizations, although capabilities differ substantially. Criminal groups can target satellite companies through ransomware, extortion, credential theft, business-email compromise and exploitation of exposed terrestrial services. Ideologically motivated groups can conduct denial-of-service operations, leak data or exploit weak accounts for propaganda. Insiders and contractors may possess privileged access that bypasses perimeter controls. State-sponsored actors are more likely to combine long-term reconnaissance, supply-chain access, zero-day exploitation, electronic warfare and strategic timing. The most dangerous scenario is therefore not simply “a hacker controlling a satellite from a laptop,” but an actor obtaining persistent access to one or more administrative, engineering or operational systems and preserving that access until geopolitical conditions make disruption valuable. The probability of success depends on architecture, segmentation, authentication, encryption, software assurance, workforce practices, monitoring and recovery capacity. Treating all attackers as equally capable would obscure the difference between opportunistic cybercrime and a prepared campaign against national space infrastructure.

Italy’s response is developing within a wider national and European security architecture. In June 2025, ASI announced the assignment of a dedicated Cyber Security Operations Center intended to support the protection of agency missions and infrastructure. In July 2025, ACN and ASI initiated formal cooperation to strengthen coordination and joint cybersecurity initiatives across the space and aerospace sectors. These steps indicate recognition that generic enterprise-security controls are insufficient for mission environments requiring command integrity, high availability, specialized telemetry and long asset lifecycles. Italy also operates under the national implementation of NIS2 and the broader national cyber framework. However, the existence of institutions and formal cooperation does not by itself establish operational maturity. The decisive variables will be whether requirements extend to contractors and lower-tier suppliers, whether space-specific incident exercises are performed, whether command networks are segregated from ordinary administrative environments, whether operators can function in degraded modes and whether vulnerabilities can be corrected in assets whose hardware may remain in orbit for many years. L’Agenzia Spaziale Italiana affida a Starion Italia la realizzazione del Cyber Security Operations Center — Agenzia Spaziale Italiana — June 2025 — Verified source; ACN–ASI: al via la collaborazione cyber nel settore spazio e aerospazio — Agenzia per la Cybersicurezza Nazionale — July 2025 — Verified source.

The European Union is constructing a layered model in which horizontal cybersecurity rules are complemented by space-specific regulation and technical guidance. NIS2 establishes risk-management, governance and incident-reporting duties for covered entities, including specified operators of ground-based infrastructure supporting space services. ENISA’s 2025 guidance addresses commercial satellite operations and emphasizes the cross-border and cross-sector consequences of failure. The proposed EU Space Act is intended to establish a more harmonized framework for safety, resilience and sustainability, although it remains necessary to distinguish the Commission proposal from binding final law. The EU’s principal advantage is its ability to impose common market-access and compliance expectations across multiple jurisdictions. Its principal weakness is implementation complexity: responsibilities are divided among EU institutions, national cyber authorities, space agencies, telecommunications regulators, defense organizations and private operators. Between 2026 and 2031, European resilience will depend less on producing additional high-level strategies than on aligning technical standards, supervisory practice, procurement controls and cross-border incident response. A Guide to Securing Commercial Satellite Operations — European Union Agency for Cybersecurity — March 2025 — Verified source; EU Space Act — European Commission — June 2025 — Verified source.

The United States possesses the most extensive publicly accessible body of space-cyber technical guidance among the jurisdictions examined. NIST has developed profiles covering commercial satellite operations, satellite ground segments and hybrid networks. These documents emphasize asset identification, access control, protective technology, anomaly detection, incident response, recovery and communication among government and commercial participants. The U.S. model nevertheless faces a recurring implementation problem. Space responsibilities are distributed across civil, military, intelligence, regulatory and commercial organizations, while federal programs may use contractors operating under different acquisition and security requirements. GAO’s 2024 and 2025 findings concerning NASA demonstrate that the existence of risk-management frameworks does not ensure complete integration into contracts, project authorization and continuous monitoring. This gap will become more consequential as government agencies rely more heavily on commercial connectivity, imagery and data services. The resulting security model is therefore hybrid not only in technical architecture but also in authority, ownership and accountability. Cybersecurity: NASA Needs to Fully Implement Risk Management — U.S. Government Accountability Office — June 2025 — Verified source.

China presents a different analytical problem. Official policy documents demonstrate sustained emphasis on cyber sovereignty, critical-infrastructure protection, situational awareness, emergency response, disaster recovery and attribution. China is also expanding the international use of space-enabled systems, including the BeiDou Satellite Navigation System, as part of broader economic, technological and diplomatic relationships. These factors indicate that Chinese decision-makers treat cyber and space infrastructure as components of national power and strategic autonomy. Public sources, however, provide insufficient information for an independent assessment of implementation quality across Chinese civil, military and commercial satellite operators. Official statements may establish priorities and declared capabilities but cannot by themselves verify system resilience. The resulting information asymmetry is strategically important: Western systems are often subjected to public audits and legislative scrutiny, exposing deficiencies but also enabling correction, while Chinese opacity conceals both potential strengths and weaknesses. China’s Arms Control, Disarmament and Nonproliferation in the New Era — State Council Information Office — November 2025 — Verified source; Forum on China–Africa Cooperation Beijing Action Plan 2025–2027 — Ministry of Foreign Affairs of the People’s Republic of China — September 2024 — Verified source.

From 2026 to 2031, the most plausible threat trajectory is an increase in persistent but mostly sub-catastrophic interference. Operators should expect recurring attempts to steal credentials, compromise suppliers, manipulate data, exploit remote-management interfaces and disrupt service availability. GNSS jamming and spoofing will remain particularly attractive because they can affect transportation, military operations and timing-dependent infrastructure without requiring spacecraft compromise. More sophisticated actors may pre-position access within commercial providers or shared infrastructure for activation during crises. The highest-impact alternative is a coordinated campaign affecting several providers or service layers simultaneously—for example, communications, positioning and Earth-observation support during a military emergency. Such a campaign would be technically demanding and politically escalatory, but it could exceed the recovery capacity of institutions designed to manage isolated incidents. The central policy requirement is therefore systemic resilience, not merely perimeter defense: segmentation, cryptographic command authentication, secure software updates, supplier assurance, multi-provider redundancy, terrestrial fallback, rehearsed recovery and cross-border crisis coordination.

The legal assertions contained in the supplied source text require substantial qualification. Italy’s Law No. 90 of 2024 strengthened national cybersecurity and criminal-law provisions, but it does not automatically convert every cyberattack against a satellite company into organized-crime prosecution. Jurisdiction, prosecutorial competence, aggravating circumstances and corporate liability depend on the offense, target, effects, organizational conduct and applicable procedural rules. Similarly, the Outer Space Treaty establishes international responsibility for national activities in outer space, including activities by non-governmental entities, and requires authorization and continuing supervision. It does not create a universal regime of “absolute liability” for every failure of private cybersecurity supervision. Liability for damage caused by space objects is addressed more specifically by the 1972 Liability Convention, and its application to purely digital or service-level harm remains legally complex. Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space — United Nations — January 1967 — Verified source; Convention on International Liability for Damage Caused by Space Objects — United Nations — March 1972 — Verified source.

The five-year outlook is consequently defined by a widening gap between dependence and demonstrable resilience. Space services will become more deeply embedded in government, defense and commercial operations. At the same time, the technical ecosystem will become more distributed, automated and commercially interconnected. Regulation in Italy, Europe and the United States will improve baseline governance, but implementation will remain uneven, particularly among small operators, subcontractors, legacy systems and rapidly deployed constellations. China will continue developing national capabilities while disclosing limited technical evidence. The probability of a globally catastrophic cyber event remains lower than the probability of repeated regional or sectoral disruption, but the systemic consequences of a successful multi-provider attack will rise. Assessment: at least one publicly acknowledged, strategically consequential cyber incident affecting space-enabled services is likely during 2026–2031. Confidence: moderate. The estimate rests on demonstrated precedent, expanding attack surfaces and growing dependency, but public incident data are insufficient for precise frequency modeling.

Principal Analytical Gap

The most consequential unresolved gap is the absence of a standardized, independently auditable international dataset covering attempted and successful cyber incidents across spacecraft, ground stations, cloud environments, suppliers and user terminals. Existing public reporting combines technically different events, excludes classified incidents, omits undetected compromises and often fails to separate cyber intrusion from electronic interference. This limitation prevents defensible calculation of annual attack probabilities, comparative national vulnerability rates or expected financial losses. A credible international reporting architecture would require harmonized incident definitions, protected disclosure mechanisms, technical attribution standards and anonymized sharing between governments and commercial operators.

Space–Cyber Strategic Exposure Monitor

Orbital Infrastructure Risk: 2026–2031

Comparative analytical dashboard for Italy, the European Union, the United States and China. Values are assessments derived from the accompanying report, not live operational telemetry.

Evidence baseline verified Last evidence review: 16 July 2026

Strategic Risk Meter

Elevated systemic exposure

High dependence on space services, expanding attack surfaces and uneven implementation make consequential disruption increasingly plausible.

Analytical index: dependency 30%, attack-surface growth 25%, demonstrated threat 20%, implementation gap 15%, recovery concentration 10%. It is not an observed incident probability.

Capability–Constraint Matrix

Italy
EU
US
China
Public technical guidance
Developing
Strong
Advanced
Opaque
Institutional coordination
Rising
Fragmented
Broad
Centralized
Commercial exposure
Moderate
High
Very high
High
Public auditability
Moderate
Moderate
High
Low

Qualitative comparison based on verified public policy, guidance, oversight and institutional disclosures.

Attack-Surface Exposure

Ground systemsVery high
Supply chainHigh
User terminalsHigh
Spacecraft commandLower access / high impact

Analytical exposure index, not reported compromise rates.

Scenario Probability Panel

Persistent localized disruption Likely Recurring attacks, jamming, spoofing and ground-network compromises without systemic collapse.
Major regional incident Roughly even chance Cross-border service degradation affecting more than one terrestrial sector.
Coordinated multi-provider attack Unlikely Simultaneous disruption of several commercial or sovereign service layers.
Resilience acceleration Likely Regulation, exercises and redundancy reduce consequences without eliminating attacks.

Evidence Quality Gauge

EU and Italian policyHigh
U.S. governance evidenceHigh
Incident-frequency dataLow
Chinese system resilienceLow

Gauge reflects source availability, corroboration and public auditability—not national capability.

Five-Year Outlook Timeline

2026 Regulatory implementation, architecture reviews and supplier mapping intensify.
2027 More operators integrate space-specific incident response and zero-trust controls.
2028 Shared commercial networks become more central to government and defense continuity.
2029 AI-assisted monitoring improves detection while adversaries automate reconnaissance.
2030 Cross-provider exercises expose unresolved dependencies and recovery bottlenecks.
2031 Strategic advantage depends on service restoration, redundancy and trusted coordination.

Indicators and Warning Signals

  • Repeated compromise of satellite-operator identity or remote-management platforms.
  • Malware designed specifically for satellite terminals, telemetry or mission software.
  • Coordinated GNSS interference across several transport corridors.
  • Intrusions into suppliers serving multiple operators or government programs.
  • Unexplained command anomalies occurring during geopolitical crises.
  • Simultaneous degradation of communications, navigation and observation services.

Decision Implications

  • Protect the entire service chain rather than treating the satellite as the sole critical asset.
  • Require cryptographic command authentication and controlled software-update processes.
  • Segment mission systems from ordinary enterprise and contractor environments.
  • Establish multi-provider and terrestrial fallback for essential services.
  • Exercise cross-border restoration before a crisis rather than only reporting incidents afterward.
  • Include cybersecurity evidence in licensing, procurement, insurance and executive accountability.

Source Methodology Note

Observed values include ESA orbital statistics and formally published institutional actions. Officially reported values describe government or institutional positions and are not automatically treated as independently verified operational facts. Estimated values and dashboard scores are analytical indices derived from the report’s stated methodology. No value represents live telemetry, classified intelligence or a real-time threat feed. Probability language follows calibrated intelligence terminology.

Chapter 1 — Space Infrastructure as a Contested Strategic System

BLUF

Space infrastructure has become a distributed critical-infrastructure system whose terrestrial, orbital and digital components can no longer be separated for security purposes. The rapid expansion of commercial constellations is increasing capacity, redundancy and economic value, but it is also multiplying software dependencies, remote-management interfaces, user terminals, suppliers and shared service providers. The resulting attack surface extends from spacecraft flight software and radio-frequency links to ground stations, cloud platforms, corporate identity systems, telecommunications networks and customer equipment.

The most likely hostile operations through 2031 will not involve cinematic “takeovers” of satellites. They will involve credential theft, supplier compromise, exploitation of terrestrial control systems, disruption of satellite communications, destructive commands sent to user terminals, manipulation of data and interference with positioning, navigation and timing services. These techniques are accessible to actors with markedly different capabilities, ranging from ordinary cybercriminals to state intelligence services.

The 24 February 2022 attack against the KA-SAT network demonstrated that a cyber operation against commercial satellite infrastructure can be synchronized with conventional military action, impair government and military users, affect civilian customers outside the principal theater, and create difficult attribution and escalation decisions. The incident did not disable the KA-SAT satellite itself; it exploited terrestrial network infrastructure and disabled large numbers of customer modems. That distinction is strategically important because it shows that the operational value of a space system may be attacked without physically striking an object in orbit. (Consiglio dell’Unione Europea)


Key Judgments

The orbital economy is becoming a concentrated digital-services economy

Assessment: The growth of the space economy is being driven increasingly by commercial services, large constellations, digital platforms and privately operated infrastructure rather than solely by traditional sovereign missions.

Probability through 2031: Almost certain, 95–99%
Confidence: High

The expansion increases aggregate capacity and can provide redundancy through distributed constellations. It simultaneously concentrates operational dependencies in launch providers, constellation operators, cloud platforms, chipset manufacturers, software libraries, telecommunications gateways and remote-management systems. A constellation containing thousands of satellites may be physically distributed while remaining digitally dependent on a relatively small number of common control and software components.

Indicator that would alter the judgment: Sustained fragmentation of constellation architectures into independently operated, technically diverse systems with limited common dependencies.

Terrestrial critical infrastructure will become more—not less—dependent on space-enabled services

Assessment: Communications, transportation, energy, finance, emergency management, agriculture, environmental monitoring and defense will deepen their reliance on satellite communications, Earth observation and positioning, navigation and timing.

Probability: Very likely, 80–94%
Confidence: High

The principal systemic vulnerability is not that every essential service operates directly through a satellite. It is that satellite-derived communications, location and timing functions are embedded in the synchronization, coordination and situational-awareness layers of terrestrial systems. An outage can therefore propagate indirectly through networks whose operators may not fully understand their upstream space dependencies.

Indicator that would alter the judgment: Large-scale deployment of technically independent terrestrial timing, navigation and communications alternatives with tested continuity arrangements.

Ground systems and user equipment will remain the most frequently exploitable components

Assessment: Most successful cyber operations against space-enabled services will continue to target terrestrial systems rather than spacecraft flight computers.

Probability: Very likely, 80–94%
Confidence: High

Ground segments use conventional digital infrastructure, including servers, identity systems, virtualized environments, cloud services, remote-access tools and corporate networks. User segments may include millions of terminals and receivers outside the operator’s direct physical control. These components are easier to reach, update and replace than satellites, but their accessibility also creates opportunities for attackers.

Indicator that would alter the judgment: Verified evidence that direct exploitation of spacecraft command systems has become repeatable across multiple satellite classes.

State and criminal threat ecosystems will increasingly overlap

Assessment: The distinction between state-sponsored and criminal activity will remain operationally blurred because governments can exploit criminal tools, infrastructure, brokers, proxy groups and tolerated cyber ecosystems.

Probability: Likely, 65–79%
Confidence: Moderate

A ransomware group may possess access that becomes strategically useful to a state. A state service may reuse publicly available malware or criminal infrastructure to improve deniability. Hacktivist branding may conceal government direction, while genuinely independent actors may intervene in a conflict without authorization. Attribution must therefore assess capability, infrastructure, operational timing, victim selection and strategic benefit rather than relying solely on malware labels or public claims.

Indicator that would alter the judgment: Greater government control over domestic criminal ecosystems and enforceable international mechanisms that materially reduce proxy activity.

KA-SAT established a reproducible model for opening-phase disruption

Assessment: The KA-SAT operation demonstrated that hostile access to commercial satellite infrastructure can be activated at the beginning of a conventional conflict to generate military, governmental and civilian effects.

Probability that adversaries study and adapt the model: Almost certain, 95–99%
Confidence: High

The operation’s strategic importance lies less in the specific exploit than in its sequencing, target selection and effects. It attacked a service architecture, not the physical satellite; coincided with the opening of Russia’s full-scale invasion; affected users beyond Ukraine; and required a coordinated political attribution by governments.

Indicator that would alter the judgment: No comparable attempts against commercial or dual-use space services during subsequent major crises.

Attribution and escalation thresholds will remain deliberately ambiguous

Assessment: Governments will avoid establishing automatic thresholds under which a space-related cyberattack necessarily triggers military retaliation or collective defense.

Probability: Very likely, 80–94%
Confidence: High

NATO recognizes that significant cyberattacks and attacks to, from or within space may, depending on their circumstances, reach the level relevant to collective defense. The Alliance nevertheless preserves political discretion and evaluates incidents individually. The EU similarly treats attribution as a sovereign political decision based on all-source information and permits diplomatic responses that do not necessarily require public attribution to a specific state. (nato.int)

Indicator that would alter the judgment: Adoption of explicit public thresholds tying defined cyber effects on space systems to predetermined collective-defense measures.


Strategic Context

The Expansion of the Orbital Economy

The contemporary orbital economy is not simply larger than the space sector of the early twenty-first century; it is structurally different. Earlier space activity was dominated by a limited number of national agencies, military programs and large telecommunications operators. Access to orbit required long development cycles, specialized components and government-scale capital. The present model combines sovereign programs with commercial launch services, standardized satellite buses, mass-produced spacecraft, venture financing, software-defined payloads, cloud-based ground services and large low-Earth-orbit constellations. ESA’s reporting on the space economy identifies continuing growth in launch activity, deployed mass, satellite numbers and both public and private investment. Its 2026 report covers the major economic and activity trends observed during 2025, including launch rates, satellite deployments and rising defense expenditure. (esa.int)

This transformation changes the security logic of the sector. Mass production can improve resilience because the loss of one satellite may be absorbed by the wider constellation. Distributed architectures can reroute communications, replace failed nodes and reduce dependence on a single high-value spacecraft. However, physical distribution does not necessarily produce cyber diversity. Thousands of spacecraft may share the same operating system, cryptographic implementation, hardware component, update mechanism or mission-management platform. A defective or compromised common component can therefore create fleet-level exposure. The cybersecurity challenge resembles that of cloud computing and globally distributed telecommunications: resilience depends not only on the number of nodes, but also on whether the system contains hidden concentrations of authority, code, identity and maintenance access.

The economic expansion also changes who carries national-security risk. Governments increasingly purchase communications, imagery, weather data, launch capacity and other services from commercial providers. Private companies consequently operate infrastructure that may be economically civilian in peacetime but militarily indispensable during crisis. The distinction between civil, commercial and military space assets becomes difficult to maintain when the same constellation serves ordinary customers, emergency services, government agencies and armed forces. This dual-use condition increases strategic value and target attractiveness without necessarily giving operators the protection, intelligence access or continuity resources available to sovereign military programs.

The resulting orbital economy contains several forms of concentration:

  • Launch concentration: A limited number of providers may support a large proportion of deployments.
  • Constellation concentration: A few operators may account for a substantial share of active spacecraft or broadband capacity.
  • Cloud concentration: Ground processing and mission applications may depend on major cloud-service providers.
  • Supplier concentration: Specialized processors, radiation-tolerant components, antennas and software may originate from a limited supplier base.
  • Identity concentration: Centralized credentials and administrative platforms may provide access across multiple missions.
  • Gateway concentration: A comparatively small number of terrestrial facilities may connect widely distributed orbital networks to the internet and telecommunications systems.
  • Data concentration: Earth-observation and operational data may be processed or stored in shared terrestrial environments.

These concentrations do not make systemic compromise inevitable. They mean that conventional indicators such as the number of satellites can overstate resilience when underlying services depend on a smaller set of common technical and organizational nodes. Government risk assessments should therefore measure functional diversity, administrative separation and recovery independence, not merely the number of orbiting assets.

Economic Expansion Versus Security Maturity

The pace of commercial deployment has often exceeded the pace at which uniform cybersecurity requirements can be developed, imposed and audited. Satellite missions can involve operators, manufacturers, launch providers, ground-station companies, cloud services, software vendors, telecommunications partners, terminal manufacturers and downstream application providers located in different jurisdictions. Each participant may apply different security standards, contractual obligations and reporting thresholds. A vulnerability in a lower-tier supplier may not be visible to the principal operator, while a service provider supporting multiple constellations may create a shared point of failure.

NIST describes the space cyber ecosystem as a set of distinct but interdependent segments and applies its Cybersecurity Framework specifically to satellite ground operations and command-and-control functions. Its hybrid-satellite-network work extends this reasoning to systems that combine government, commercial, space and terrestrial components. (nccoe.nist.gov) The EU Space Strategy for Security and Defence likewise defines the space domain broadly to include spacecraft, orbits, launch and ground infrastructure, radio-frequency links, user terminals, information, cyber environments and the underlying industrial sector. (Defence Industry and Space)

Analytical Assessment — High Confidence: The principal security consequence of orbital-economic growth is not simply an increase in the number of targets. It is the creation of an interdependent transnational service environment in which an incident at a terrestrial or commercial node can affect multiple jurisdictions and critical sectors without physically damaging any spacecraft.

Dependence of Terrestrial Critical Infrastructure on Space Services

Space services support terrestrial infrastructure through three principal functional categories: communications, Earth observation, and positioning, navigation and timing. These categories are often discussed separately, but modern critical infrastructure may depend on several simultaneously. A transport operator may use satellite communications for remote connectivity, GNSS for navigation and timing, and Earth-observation products for environmental or route assessment. A military force may use commercial imagery, protected government communications and civilian-compatible navigation receivers. A financial institution may not communicate directly through a satellite but may depend on timing systems, telecommunications carriers or data centers that do.

Satellite Communications

Satellite communications provide connectivity where terrestrial systems are unavailable, damaged, politically restricted or operationally impractical. Their role is particularly significant for maritime operations, aviation, remote energy infrastructure, emergency response, military deployments and geographically isolated communities. In a crisis, satellite networks may become more important precisely because terrestrial networks are degraded. This creates a reversal of ordinary risk assumptions: the service treated as a backup during peacetime may become the primary communication channel during conflict or disaster.

A satellite-communications outage can therefore generate effects beyond loss of internet access. It can impair:

  • command and coordination;
  • emergency-service communications;
  • remote industrial monitoring;
  • maritime safety services;
  • logistics management;
  • military connectivity;
  • diplomatic communications;
  • infrastructure restoration;
  • situational reporting from isolated regions.

The strategic effect depends on service architecture and fallback capacity. A temporary loss affecting ordinary consumers may be economically disruptive but manageable. The same loss during mobilization, disaster response or armed conflict can become operationally decisive.

Positioning, Navigation and Timing

Global navigation satellite systems provide more than geographic location. Their timing signals support synchronization across telecommunications networks, power systems, financial operations, data centers and other digital infrastructure. GAO has repeatedly documented the importance of GPS-derived positioning, navigation and timing to transportation, national security and critical infrastructure. It has also identified risks arising from jamming, spoofing, cyberattack and incomplete understanding of interference incidents. (gao.gov)

This dependency is structurally dangerous because timing functions are often invisible to senior decision-makers. An organization may know that it uses GPS for vehicle navigation but may not recognize that network synchronization or industrial equipment also consumes satellite-derived time. The failure may first appear as a terrestrial software, communications or equipment malfunction rather than as a space-service disruption. Incident responders may consequently misdiagnose the cause, delaying restoration.

The risk extends beyond total service loss. Spoofing can provide apparently valid but false information, making an integrity attack potentially more dangerous than an obvious outage. A system that detects the absence of a signal can enter a fallback mode. A system that accepts a manipulated signal may continue operating while producing incorrect coordinates or timing. Cybersecurity controls must therefore address authenticity and integrity, not only availability.

Earth Observation and Environmental Services

Earth-observation systems support meteorology, agriculture, disaster management, maritime awareness, environmental monitoring, mapping, intelligence and infrastructure planning. The vulnerability is not limited to denial of imagery. An attacker may seek to alter data, delay delivery, compromise processing environments or create uncertainty about authenticity. The effect of manipulated data depends on how directly it informs decisions. False or delayed imagery during a flood, wildfire, military movement or maritime incident may influence resource allocation even when no spacecraft is damaged.

Cascading Risk

The principal national-security issue is cross-sector propagation. Space systems depend on terrestrial electricity, telecommunications, cloud services and supply chains; those terrestrial sectors simultaneously depend on space-enabled communications, timing and observation. The dependency is therefore reciprocal rather than one-directional.

A simplified cascade may proceed as follows:

  • A hostile actor compromises the identity system of a satellite-service provider.
  • The actor disrupts gateway or network-management functions.
  • Remote users lose connectivity.
  • Industrial or government customers shift to backup communications.
  • Backup capacity becomes congested.
  • Data reporting and command cycles slow.
  • Emergency organizations receive incomplete situational information.
  • Restoration teams also lose access to the affected service.
  • Political leaders face pressure to attribute the operation before technical evidence is complete.
  • Countermeasures create additional escalation risk.

Analytical Assessment — High Confidence: The severity of a space-cyber incident should be evaluated according to the terrestrial functions disrupted, the duration of the disruption, the availability of alternatives and the geopolitical context—not according to whether the satellite itself was penetrated.


Verified Evidence Base

Cyberattack Surfaces Across Space, Ground and User Segments

A modern space system should be analyzed as at least four interacting layers:

  • Space segment
  • Communications-link segment
  • Ground segment
  • User and downstream-service segment

A fifth cross-cutting layer—the supply chain and organizational environment—affects all four.

Space Segment

The space segment includes the satellite bus, payloads, flight software, onboard processors, command interfaces, storage, sensors and inter-satellite links. Direct compromise of a spacecraft may allow an attacker to disrupt mission operations, manipulate payload behavior, corrupt data, exhaust limited resources, interfere with attitude control or deny legitimate command access. The impact could be severe because physical repair may be impossible.

Direct spacecraft compromise remains technically demanding in comparison with ordinary enterprise intrusion. Attackers may need specialized knowledge of protocols, timing, orbital operations and mission architecture. Communications windows may be limited, commands may require authentication, and abnormal behavior may be detected by mission controllers. Nevertheless, long satellite lifecycles can preserve outdated hardware and software, while limited computing resources may constrain security tools. A mission designed many years before launch may operate in a threat environment significantly different from the environment assumed during procurement.

Security controls should include:

  • cryptographic command authentication;
  • separation of payload and platform functions;
  • secure boot and trusted software states;
  • authenticated updates;
  • command allow-listing;
  • safe-mode protections;
  • anomaly detection;
  • rate limiting;
  • replay protection;
  • recovery procedures;
  • restricted privileged operations.

Information Gap: Public reporting does not provide a reliable global dataset of confirmed unauthorized spacecraft-command incidents. Absence of public cases must not be interpreted as proof that such access has never occurred.

Communications Links

The communications layer includes telemetry, tracking and command links; payload-data links; feeder links; user links; inter-satellite links; and associated radio-frequency infrastructure. Threats include jamming, spoofing, interception, replay, unauthorized command transmission and exploitation of weaknesses in protocols or cryptographic implementation.

Cyber operations and electronic warfare intersect at this layer but should not be conflated. Jamming attempts to deny or degrade reception through interference. Spoofing seeks to cause a receiver to accept false signals or data. A network intrusion compromises digital systems or credentials. A campaign may combine these techniques. For example, an actor could jam one service while exploiting a terrestrial network to obstruct restoration or manipulate operator awareness.

The accessibility of links depends on frequency, power, antenna requirements, geography and protocol design. Some low-power or commercial systems may be reachable with less expensive equipment than protected military networks. However, claims that any person with a simple portable antenna can readily command a satellite are generally overstated. Reception, transmission, protocol understanding and command authorization are distinct technical problems.

Ground Segment

The ground segment includes mission-control centers, satellite-control facilities, antennas, gateway stations, network-management systems, data-processing environments, corporate information technology, cloud platforms and remote-access infrastructure. NIST IR 8401 places particular emphasis on ground-based command and control because compromise of these functions can affect satellite buses and payloads. (NIST CSRC)

This is usually the most accessible attack surface because it employs technologies familiar to cyber threat actors:

  • internet-facing services;
  • operating systems;
  • databases;
  • virtualized infrastructure;
  • active-directory or cloud identity systems;
  • email;
  • remote administration;
  • application programming interfaces;
  • software-update tools;
  • vendor access;
  • monitoring platforms;
  • ordinary endpoints.

An attacker may not need access to the mission-control console. Compromising a corporate network can provide reconnaissance, credentials, network diagrams or access to trusted personnel. A supplier compromise can introduce malicious code or credentials before deployment. A cloud compromise can affect data processing or customer-facing services even where spacecraft control remains segregated.

The strongest architecture assumes that enterprise compromise will occur and prevents that compromise from reaching mission-critical functions. This requires segmentation, separate identities, controlled transfer mechanisms, privileged-access management, monitored administrative pathways and rehearsed isolation procedures.

User Segment

The user segment includes satellite modems, receivers, terminals, navigation devices, customer-management portals, mobile applications and downstream equipment. It may contain vastly more devices than the space and ground segments combined. Operators may lack physical control over these devices, and customers may delay updates or use insecure configurations.

The user segment is attractive because disruption at scale can deny service without affecting the satellite or central network permanently. A destructive command or malicious update directed through legitimate management channels can render equipment inoperable. Compromised terminals may also be used as entry points, reconnaissance sources or components of botnets.

The KA-SAT incident illustrates this distinction. According to Viasat’s incident overview, the attackers gained access to a management segment of the network and issued commands that overwrote key data in affected modems, leaving them unable to access the network. Viasat reported that the satellite itself and core satellite control infrastructure were not compromised. (Viasat.com)

Supply Chain and Organizational Layer

Supply-chain exposure includes hardware manufacturers, software developers, integrators, ground-station providers, cloud services, telecommunications partners and maintenance contractors. The security of a mission may be limited by its least visible supplier rather than by the operator’s primary security center.

Organizational threats include:

  • excessive privileges;
  • weak contractor offboarding;
  • shared administrative accounts;
  • unmonitored remote support;
  • inadequate separation of development and production;
  • insufficient logging;
  • insider coercion;
  • phishing;
  • credential reuse;
  • delayed vulnerability remediation.

Analytical Assessment — High Confidence: The effective attack surface of a satellite service is substantially larger than the satellite operator’s formally defined network boundary.


Actor Intent and Capability

Criminal, State-Sponsored and Hybrid Threat Actors

Threat actors should be differentiated according to intent, access, resources, tolerance for escalation and desired effects. Treating “hackers” as a single category obscures the strategic character of the risk.

Financially Motivated Criminals

Cybercriminals are most likely to target the commercial and administrative components of space companies using methods already deployed against other industries:

  • ransomware;
  • data theft and extortion;
  • credential theft;
  • business-email compromise;
  • payment fraud;
  • exploitation of exposed remote services;
  • theft of intellectual property;
  • sale of network access.

Their principal objective is profit rather than orbital disruption. However, a criminal intrusion may produce operational effects unintentionally, particularly where enterprise and mission systems are insufficiently separated. Criminal access can also become a strategic commodity. Initial-access brokers may sell credentials without knowing or caring that the buyer intends to conduct espionage or sabotage.

CISA characterizes threats to the space enterprise as ranging from cybercriminals to advanced persistent threats linked to nation-states. (cisa.gov)

State Intelligence and Military Services

State-sponsored actors have broader objectives:

  • espionage against satellite technology;
  • access to government or defense communications;
  • theft of imagery or telemetry;
  • preparation of the environment for conflict;
  • disruption during military operations;
  • strategic signaling;
  • weakening of commercial competitors;
  • influence and psychological operations;
  • testing adversary response thresholds.

States can sustain longer campaigns, use classified intelligence, combine cyber operations with electronic warfare and select timing according to geopolitical objectives. They may prioritize persistent access over immediate disruption, preserving access until a crisis creates greater strategic value.

The KA-SAT operation demonstrates the importance of timing. The EU stated that the attack occurred approximately one hour before Russia began its invasion of Ukraine and attributed it to the Russian Federation. The United States likewise publicly attributed the operation to Russian state-sponsored malicious cyber actors. (Consiglio dell’Unione Europea)

Hacktivists and Ideological Actors

Hacktivists may target space companies because of their government customers, military connections, national identity or symbolic importance. Likely operations include website disruption, data leaks, account compromise and propaganda. Their technical sophistication varies greatly.

Public claims require caution. Groups may exaggerate effects, claim incidents caused by technical failures or present publicly available data as stolen material. Conversely, state-directed actors may adopt hacktivist identities to obscure sponsorship or create the appearance of spontaneous action.

Insiders

Insiders include employees, contractors and administrators with legitimate access. Their threat derives from familiarity with systems, workflows and controls. An insider may steal information, misuse credentials, assist an external actor or circumvent procedures. The insider need not possess spacecraft engineering expertise if their role provides access to identity systems, update processes or network architecture.

The most consequential insider risk may arise from privileged technical personnel whose activity is difficult to distinguish from legitimate maintenance. Effective protection requires separation of duties, approval controls, behavioral monitoring and immutable logging rather than reliance on trust alone.

Hybrid and Proxy Ecosystems

The most analytically difficult category includes actors whose relationship to a state is indirect, temporary or deniable. These may include:

  • government-tolerated criminal groups;
  • contractors;
  • patriotic hackers;
  • intelligence proxies;
  • mercenary cyber operators;
  • access brokers;
  • front companies;
  • technically independent actors whose activities benefit a government.

CISA and partner agencies have repeatedly warned that state and criminal cyber threats may coexist and that criminal actors can operate in environments shaped by state tolerance or strategic demand. (cisa.gov) The EU has also recognized that cyber and hybrid campaigns may require parallel use of cyber-diplomacy and hybrid-response mechanisms. (Consiglio dell’Unione Europea)

Capability–Intent Matrix

ActorTypical capabilityPrimary intentMost plausible targetsEscalation sensitivity
Opportunistic criminalLow to moderateFinancial gainCorporate systems, credentials, exposed servicesLow
Organized ransomware groupModerate to highExtortion and disruptionGround networks, suppliers, data environmentsModerate
Hacktivist groupVariablePublicity, ideology, coercionWebsites, accounts, customer servicesLow to moderate
InsiderAccess-dependentEspionage, sabotage, profitPrivileged systems, data and workflowsVariable
State intelligence serviceHighEspionage and persistent accessGround systems, suppliers, communications and dataHigh
State military cyber unitHigh to very highOperational disruption and strategic effectCommand systems, gateways, user networks, PNT servicesVery high
State-linked proxyModerate to highDeniable state-aligned effectsCommercial and dual-use infrastructureHigh but obscured

Analytical Assessment — Moderate Confidence: State actors will increasingly rely on blended ecosystems because proxy access and commercially available tools reduce cost, complicate attribution and allow governments to calibrate escalation.


The KA-SAT Incident

KA-SAT as an Operational Warning

Established Facts

On 24 February 2022, a cyberattack disrupted the consumer-oriented fixed-broadband service provided through the KA-SAT network. Viasat’s public incident report stated that the attack affected a portion of the network and rendered many customer modems unable to reconnect. The company reported that the attackers exploited a misconfiguration in a virtual private network appliance to obtain access to a trusted management segment used to operate the network. They then issued legitimate but destructive management commands that overwrote data in affected modems. Viasat stated that the KA-SAT satellite, its telemetry, tracking and control systems, and the satellite ground infrastructure were not directly compromised. (Viasat.com)

The European Union declared that the activity occurred approximately one hour before Russia’s invasion of Ukraine, facilitated military aggression and caused indiscriminate communication outages affecting public authorities, businesses and users in Ukraine and several EU member states. The EU attributed the malicious cyber activity to the Russian Federation. (Consiglio dell’Unione Europea) The United States also attributed the operation to Russian state-sponsored malicious cyber actors. (cisa.gov)

Claims Requiring Qualification

Several widely repeated descriptions of the incident go beyond what can be established from the most authoritative public sources.

First, the operation should not be described simply as an attack “on the satellite.” The publicly documented compromise centered on terrestrial management infrastructure and customer modems.

Second, precise totals for affected terminals vary across public accounts and definitions. The safest government-grade formulation is that the incident disabled or disrupted large numbers of modems and affected users in Ukraine and elsewhere in Europe. Any exact total should be attributed to the specific reporting organization and date.

Third, the claim that malicious code called AcidRain was installed directly through the Viasat management system originates from technical analysis outside Viasat’s initial report. Viasat described destructive commands that overwrote modem data but stated that it found no evidence that supply-chain or generic software-update mechanisms were compromised. The relationship between the publicly analyzed AcidRain malware and the full operational chain should therefore be expressed as a technical assessment, not as an uncontested official fact.

Fourth, disruption affecting German wind turbines involved loss of remote communications or monitoring capability rather than physical destruction of thousands of turbines. Electricity generation and remote control should not be treated as identical functions without precise evidence.

Strategic Significance

The incident established six important precedents.

A. Cyber Operations Can Be Integrated with Kinetic Campaign Timing

The proximity of the attack to the invasion indicates that space-enabled communications can be targeted as part of the opening phase of conventional warfare. A cyber operation can seek to create confusion, impair command functions and degrade situational awareness before physical attacks fully reveal the scale of the campaign.

B. Commercial Infrastructure Can Be a Military Objective

A network need not be formally military to support government and defense users. Commercial providers can therefore become operational targets while continuing to serve ordinary civilian customers. This dual-use status increases the risk of collateral and cross-border consequences.

C. User Equipment Can Be the Operational Center of Gravity

The attackers achieved strategic disruption without destroying the spacecraft or assuming orbital command. By disabling user terminals, they attacked the point at which the service became operationally usable. This model may be easier, cheaper and more reversible than direct satellite interference.

D. Cyber Effects Can Cross National Boundaries

A network designed to provide regional service may have shared management systems and user populations distributed across many countries. An operation intended primarily to affect one theater can therefore impair services elsewhere, creating diplomatic consequences and uncertainty about proportionality.

E. Restoration Depends on Logistics as Well as Cyber Response

When terminals are rendered inoperable, recovery may require replacement hardware, distribution, installation and customer support. Cyber resilience consequently depends on inventories, transportation, trained personnel and supplier capacity—not only on incident-response software.

F. Public Attribution Is a Coalition Process

Technical investigation alone did not determine the political response. Governments coordinated public statements and attribution. This required assessment of intelligence, strategic context, diplomatic consequences and confidence in the evidence.

Counterfactual Assessment

Had the attackers compromised core spacecraft command functions rather than customer modems, the event could have produced more persistent consequences but also a clearer and potentially more escalatory attack on space infrastructure. The actual method created substantial disruption while remaining below the destruction associated with a kinetic anti-satellite strike.

Had the network possessed stronger separation of management access, more restrictive command controls and rapid terminal-recovery mechanisms, the effects might have been narrower. Conversely, had the operation simultaneously targeted alternative communications, electricity or logistics systems, recovery could have been materially more difficult.

Key Judgment — High Confidence: KA-SAT demonstrated that the strategically decisive attack surface may lie at the boundary between the operator’s terrestrial management network and distributed customer equipment.


Competing Hypotheses

Why Adversaries Target Space-Enabled Infrastructure

The following hypotheses explain the principal strategic logic likely to drive hostile cyber operations against space services through 2031.

H₁ — Operational Preparation for Conventional Conflict

An adversary compromises space-service infrastructure in advance and activates access during mobilization or the opening phase of hostilities.

Supporting evidence: KA-SAT’s timing relative to the invasion of Ukraine; the military value of communications and PNT disruption.

Inconsistent evidence: Many incidents against space-sector organizations may be ordinary espionage or crime rather than conflict preparation.

Current assessment: Likely in high-tension theaters.
Confidence: Moderate.

H₂ — Persistent Strategic Espionage

The principal objective is to steal technical information, customer data, government communications, operational patterns or intellectual property without disrupting service.

Supporting evidence: Space technology has economic and military value; persistent access is often more useful than immediate sabotage.

Inconsistent evidence: Destructive incidents demonstrate that some actors seek direct operational effects.

Current assessment: Very likely as the most common state objective.
Confidence: High.

H₃ — Coercive Disruption Below the Armed-Conflict Threshold

The attacker seeks to impose costs, signal capability or pressure a government while avoiding physical destruction and maintaining ambiguity.

Supporting evidence: Cyber disruption can be scaled, denied and terminated more easily than kinetic attack.

Inconsistent evidence: Effects may spread unpredictably and trigger a stronger response than intended.

Current assessment: Likely.
Confidence: Moderate.

H₄ — Financially Motivated Exploitation

Criminal actors target operators and suppliers for ransom, data theft or access resale without a strategic geopolitical objective.

Supporting evidence: Ground systems contain conventional enterprise technologies exposed to common criminal techniques.

Inconsistent evidence: Some victim selection and timing may indicate state direction.

Current assessment: Very likely for attempted intrusions; less likely for intentionally strategic space-service disruption.
Confidence: High.

H₅ — Proxy-Based Strategic Action

A government encourages, tolerates or covertly supports nominally independent actors to create effects while preserving deniability.

Supporting evidence: Proxy ecosystems lower costs and complicate political attribution.

Inconsistent evidence: Independent actors may act unpredictably and expose the sponsor to uncontrolled escalation.

Current assessment: Likely.
Confidence: Moderate.

Preliminary ACH Matrix

EvidenceH₁H₂H₃H₄H₅Diagnostic value
Intrusion remains dormant for monthsConsistentStrongly consistentConsistentInconsistentConsistentHigh
Activation coincides with military actionStrongly consistentInconsistentConsistentStrongly inconsistentConsistentVery high
Ransom demand and broad victim selectionInconsistentInconsistentInconsistentStrongly consistentWeakly consistentHigh
Theft of designs without disruptionWeakly consistentStrongly consistentInconsistentConsistentConsistentModerate
Public hacktivist claim with state-aligned timingConsistentInconsistentConsistentWeakly inconsistentStrongly consistentHigh
Destructive action with no financial demandStrongly consistentInconsistentStrongly consistentInconsistentConsistentHigh

No single hypothesis explains all likely activity. The highest-probability environment is one in which espionage, criminal access and contingency preparation occur simultaneously.


Bayesian Update

Effect of the KA-SAT Incident on Strategic Assessment

Prior Assessment

Before February 2022, governments and technical institutions already recognized that satellite systems were vulnerable to cyberattack. However, public evidence of a state-linked operation synchronizing commercial satellite disruption with the start of a major interstate war was limited.

A reasonable qualitative prior for the hypothesis—

H₁: A state will use cyber operations against commercial satellite infrastructure during the opening phase of conventional conflict

—would have been possible but insufficiently demonstrated.

New Evidence E₁

  • The KA-SAT network was attacked on 24 February 2022.
  • The attack occurred immediately before Russia’s full-scale invasion.
  • The operation affected Ukrainian and other European users.
  • The EU and United States attributed the operation to Russia or Russian state-sponsored actors.
  • The attack targeted terrestrial management and user infrastructure rather than requiring destruction of the spacecraft. (Consiglio dell’Unione Europea)

Reliability Assessment

  • Incident occurrence: High reliability.
  • Technical pathway described by Viasat: High reliability for the company’s observed network evidence, with limitations arising from the company’s role as affected operator.
  • Political attribution: High institutional authority, but underlying intelligence is not fully public.
  • Precise tactical intent: Moderate confidence because the timing and effects are highly suggestive but complete operational planning records are unavailable.

Update

Direction: Strong upward update.

Posterior Assessment

It is now likely, with high confidence, that capable states regard commercial satellite communications as viable opening-phase targets in conventional conflict.

This conclusion does not mean that every future conflict will include a comparable operation. It means that planners can no longer treat such an operation as speculative or technically exceptional.


Counter-Adaptation and Red-Team Assessment

How Attackers and Defenders Will Adapt

Adversary Adaptation

Attackers are likely to draw four lessons from KA-SAT.

  • Target service delivery rather than spacecraft control.
    Disabling terminals or management systems can create effects without the technical difficulty or escalation risk of controlling the satellite.
  • Exploit trusted administrative functions.
    Commands issued through legitimate management channels may be more scalable and harder to distinguish from authorized activity.
  • Synchronize cyber operations with physical events.
    A disruption becomes more consequential when response organizations are simultaneously managing military attack, political crisis or infrastructure damage.
  • Create cross-border ambiguity.
    Spillover can divide affected states over attribution, proportionality and response.

Future campaigns may attempt to improve on the model by:

  • compromising backup providers;
  • targeting terminal replacement logistics;
  • interfering with public communications about the incident;
  • manipulating diagnostic data;
  • coordinating cyber intrusion with jamming;
  • attacking identity providers serving several operators;
  • pre-positioning in suppliers before conflict;
  • using wiper malware against cloud or ground environments;
  • exploiting automated constellation-management systems.

Defender Adaptation

Defenders will seek to make the service chain resilient even when one layer is compromised:

  • isolated mission identities;
  • phishing-resistant authentication;
  • hardware-backed command signing;
  • segmented management networks;
  • restrictive command policies;
  • authenticated terminal updates;
  • independent monitoring channels;
  • geographically diverse gateways;
  • backup communications providers;
  • terrestrial PNT alternatives;
  • replacement-terminal stockpiles;
  • cross-border incident exercises;
  • pre-agreed public-attribution procedures.

Red-Team Challenge 1 — Constellation Size Equals Resilience

This assumption is incomplete. Large constellations can tolerate individual satellite failures, but shared software, administration and gateways may create fleet-wide cyber risk.

Red-Team Challenge 2 — Encryption Solves the Problem

Encryption protects confidentiality and can support authenticity, but it does not prevent credential theft, compromised endpoints, malicious insiders, denial of service or abuse of legitimate management systems.

Red-Team Challenge 3 — Military Systems Are the Primary Targets

Commercial systems may be easier to reach and may provide essential military services. Attacking a commercial operator may also complicate political response by blurring the civil-military boundary.

Red-Team Challenge 4 — Public Attribution Produces Deterrence

Attribution can impose reputational and diplomatic costs, but deterrence depends on whether the attacker expects consequences that exceed the anticipated operational benefit. Attribution without meaningful follow-on measures may have limited effect.

Red-Team Challenge 5 — Technical Recovery Ends the Incident

Recovery may restore service while leaving unresolved questions about persistence, stolen data, compromised suppliers, political response and the credibility of future operations.


Cyber Conflict, Attribution and Escalation Thresholds

Technical Attribution, Political Attribution and Legal Attribution

Attribution should be divided into three levels.

Technical Attribution

Technical attribution identifies infrastructure, malware, access pathways, tools, operational patterns and links to previous activity. It answers questions such as:

  • Which systems were used?
  • How was access obtained?
  • What commands or malware produced the effect?
  • Does the activity resemble known campaigns?
  • Which infrastructure or credentials connected the activity to other operations?

Technical evidence can establish relationships but rarely proves state responsibility by itself. Tools can be copied, infrastructure can be rented, and actors can imitate one another.

Political Attribution

Political attribution is a government decision to identify a responsible actor publicly or privately. It may combine technical evidence with intelligence, diplomatic reporting, strategic context and assessments of intent. The EU states that attribution remains a sovereign political decision based on all-source intelligence. It also recognizes that not every diplomatic response requires attribution to a named state or non-state actor. (data.consilium.europa.eu)

Political attribution must balance:

  • confidence in the evidence;
  • protection of intelligence sources;
  • coalition consensus;
  • risk of revealing investigative capabilities;
  • need for public credibility;
  • escalation consequences;
  • legal standards;
  • proportionality of response.

Legal Attribution

Legal attribution asks whether conduct is attributable to a state under international law and whether the operation violates an applicable legal obligation. The legal standard is not identical to the intelligence standard used for political decision-making.

A state may be politically blamed before sufficient public evidence exists for judicial proceedings. Conversely, governments may possess strong classified evidence but decline public attribution because disclosure would compromise sources.


Thresholds of Harm

A cyber operation against a space-enabled service can produce effects across a spectrum.

Level 1 — Reconnaissance and Espionage

  • scanning;
  • credential theft;
  • collection of technical information;
  • persistent access without service disruption.

Likely response: investigation, counterintelligence, remediation and possibly private diplomacy.

Level 2 — Limited Service Disruption

  • temporary denial of customer access;
  • website or portal disruption;
  • localized interference;
  • limited data manipulation.

Likely response: law enforcement, regulatory action, diplomatic protest or sanctions depending on attribution and context.

Level 3 — Significant Critical-Infrastructure Effects

  • sustained disruption to communications;
  • loss of essential PNT services;
  • effects on transportation, energy or emergency response;
  • widespread destruction of terminals;
  • cross-border service impairment.

Likely response: coordinated national and allied measures, potentially including sanctions, cyber countermeasures and collective consultation.

Level 4 — Severe Strategic or Military Effects

  • impairment of national command systems;
  • large-scale civilian harm;
  • prolonged disruption of essential services;
  • collision or physical damage caused through malicious command;
  • operation forming part of a wider armed attack.

Potential response: invocation of national self-defense rights or collective-defense mechanisms, depending on circumstances.

NATO has stated that cyber defense forms part of collective defense and that a cyberattack could, in appropriate circumstances, lead to Article 5 consideration. NATO also recognizes that Article 5 may apply to attacks to, from or within space, while preserving case-by-case political judgment. (nato.int)

Why Governments Preserve Ambiguity

Automatic red lines may improve deterrence by clarifying consequences, but they also allow adversaries to operate just below the declared threshold. Ambiguity preserves flexibility and prevents attackers from calculating a safe maximum level of harm.

However, ambiguity has costs:

  • private operators may not know when government protection applies;
  • allies may interpret the same incident differently;
  • delayed decision-making may weaken deterrence;
  • attackers may miscalculate tolerance;
  • public pressure may force action before attribution is complete.

Analytical Assessment — High Confidence: Escalation will depend primarily on effects, context, intent and cumulative activity rather than on whether the hostile operation technically originated in cyberspace or targeted a space-related system.


Indicators and Warnings

Near-Term Warning Indicators

Governments and operators should monitor for combinations of indicators rather than treating each as independently decisive.

Strategic Indicators

  • increasing military tension involving a state with demonstrated cyber capability;
  • public statements identifying commercial satellite services as military enablers;
  • changes in military doctrine concerning commercial space support;
  • hostile reconnaissance against operators serving a specific theater;
  • coordinated information campaigns questioning the legitimacy of commercial providers.

Technical Indicators

  • repeated authentication attempts against mission or network administrators;
  • compromise of virtual private network or remote-support appliances;
  • creation of unauthorized privileged accounts;
  • unusual commands issued through legitimate management systems;
  • changes to modem or terminal configuration at scale;
  • anomalous telemetry inconsistent with physical conditions;
  • unauthorized software-signing activity;
  • simultaneous events across enterprise and mission networks;
  • supplier compromises affecting several operators;
  • unexplained GNSS anomalies combined with cyber intrusion.

Operational Indicators

  • increased demand for replacement terminals;
  • unexplained loss of remote connectivity across geographically dispersed customers;
  • simultaneous failures among nominally independent providers;
  • congestion in backup services;
  • degradation coinciding with military mobilization;
  • attempted suppression of incident reporting;
  • false public claims intended to confuse attribution.

High-Priority Escalation Indicator

The most serious warning would be evidence of pre-positioned access across more than one satellite-service provider combined with activity against terrestrial backup systems. Such a pattern would indicate preparation for systemic rather than localized disruption.


Five-Year Implications, 2026–2031

Expected Trajectory

2026–2027: Attack-Surface Discovery and Regulatory Consolidation

Operators will conduct more formal mapping of dependencies, suppliers and mission interfaces. Governments will attempt to integrate space services into national critical-infrastructure and cyber-response frameworks. Reported incidents may rise partly because detection and disclosure improve.

2027–2028: Increased Targeting of Shared Commercial Services

As governments and armed forces deepen their use of commercial constellations, threat actors will focus on the administrative and supply-chain systems supporting multiple customers. Identity systems, cloud environments and terminal-management platforms will become especially attractive.

2028–2029: Automation on Both Sides

Defenders will use automated anomaly detection and constellation management to respond at machine speed. Attackers will use automation for reconnaissance, vulnerability discovery, social engineering and simultaneous exploitation. Automation may shorten the period available for human verification during ambiguous incidents.

2029–2030: Cross-Domain Crisis Testing

A major geopolitical crisis is likely to expose whether governments can coordinate cyber defense, electronic-warfare response, commercial continuity and public attribution. Exercises will increasingly test combined loss of satellite communications, PNT and terrestrial infrastructure.

2030–2031: Resilience Becomes a Strategic Differentiator

The most secure states will not necessarily be those with the largest number of satellites. They will be those able to authenticate services, isolate compromise, switch providers, operate through degraded conditions and restore trusted functions rapidly.


Decision Implications

Governments should treat space cybersecurity as a continuity-of-government and critical-infrastructure problem rather than a narrow aerospace-security specialty.

Priority actions include:

  • Map essential services to their satellite communications, PNT and Earth-observation dependencies.
  • Identify shared providers and hidden single points of failure.
  • Separate enterprise compromise from mission compromise through architectural controls.
  • Require cryptographic authentication of commands, software and terminal-management actions.
  • Extend security requirements through all supplier tiers.
  • Establish protected incident-sharing mechanisms for commercial operators.
  • Maintain replacement equipment and terrestrial fallback capacity.
  • Conduct multi-provider, cross-sector exercises.
  • Predefine technical, political and legal attribution processes.
  • Develop response options below the threshold of military force.
  • Coordinate cyber, space, intelligence, law-enforcement and diplomatic authorities.
  • Measure recovery time and functional continuity rather than compliance documentation alone.

Evidence and Confidence Note

The chapter rests primarily on official ESA reporting, NIST space-cybersecurity profiles, CISA advisories, EU strategy documents, NATO policy statements, GAO assessments, the EU’s KA-SAT attribution and Viasat’s incident report. These sources establish the expansion of orbital activity, critical dependence on space services, the architecture of cyber exposure, the existence of state and criminal threats, and the central facts of the KA-SAT disruption. (Consiglio dell’Unione Europea)

Confidence is high regarding the broad attack-surface assessment and the strategic significance of terrestrial dependencies. Confidence is moderate regarding the frequency of future strategically consequential incidents because no comprehensive international incident dataset exists. Confidence is also moderate regarding the precise operational intent and full technical chain of the KA-SAT attack because relevant intelligence and forensic evidence remain non-public.

The following claims should not be treated as fully established without additional primary evidence:

  • a universally agreed exact number of KA-SAT terminals disabled;
  • a fully public reconstruction of every stage of the malicious operation;
  • the direct installation path of any specific wiper family;
  • the precise military consequences for Ukrainian forces;
  • claims that ordinary attackers can readily command orbital assets using basic consumer equipment;
  • estimates of the number of undisclosed state compromises of satellite systems.

Chapter Sources

  • ESA Report on the Space Economy 2026 — European Space Agency — July 2026. Provides official analysis of 2025 launch activity, investment, deployed satellites and sector development. (esa.int)
  • Cybersecurity Framework Profile for Satellite Ground Segment — National Institute of Standards and Technology — December 2022. Defines ground-segment risks and controls with emphasis on satellite command and control. (NIST CSRC)
  • Hybrid Satellite Networks Cybersecurity — National Institute of Standards and Technology. Addresses interconnected government, commercial, space and terrestrial architectures. (nccoe.nist.gov)
  • EU Space Strategy for Security and Defence — European Commission and High Representative — March 2023. Defines the space domain and identifies cyber and counterspace threats. (Defence Industry and Space)
  • Strengthening Cybersecurity of SATCOM Network Providers and Customers — CISA and FBI — March 2022. Provides official warning and mitigation guidance for satellite communications networks. (cisa.gov)
  • Russian Cyber Operations Against Ukraine — Council of the European Union — May 2022. Provides the EU’s formal attribution and strategic characterization of the KA-SAT operation. (Consiglio dell’Unione Europea)
  • KA-SAT Network Cyber Attack Overview — Viasat — March 2022. Provides the affected operator’s technical and operational account. (Viasat.com)
  • U.S. Government Attributes Cyberattacks on SATCOM Networks — Cybersecurity and Infrastructure Security Agency — May 2022. Records the United States’ attribution to Russian state-sponsored actors. (cisa.gov)
  • Cyber Defence — North Atlantic Treaty Organization. Establishes NATO’s case-by-case approach to cyberattacks and collective defense. (nato.int)
  • Collective Defence and Article 5 — North Atlantic Treaty Organization. Addresses the possible application of Article 5 to significant cyber and space-related attacks. (nato.int)
  • Revised Implementing Guidelines of the Cyber Diplomacy Toolbox — Council of the European Union — June 2023. Defines coordinated EU diplomatic-response mechanisms. (data.consilium.europa.eu)
  • GPS Disruptions: DOT Could Improve Efforts to Identify Interference Incidents and Strengthen Resilience — U.S. Government Accountability Office — December 2022. Documents PNT interference risks and reporting limitations. (gao.gov)

Chapter 2 — National and Regional Resilience Architectures

BLUF

Italy, the European Union, the United States and China are building materially different models for protecting space infrastructure, and none yet provides a complete, independently verifiable architecture covering the spacecraft, ground, communications, user and supply-chain segments. Italy is developing a centralized national model around the Agenzia per la Cybersicurezza Nazionale, the Agenzia Spaziale Italiana, national cybersecurity legislation and implementation of NIS2. The European Union is constructing a layered regulatory regime in which NIS2 provides horizontal cybersecurity obligations, ENISA supplies technical guidance, and the proposed EU Space Act would introduce space-specific authorization, resilience and supervisory requirements. The United States has the most developed public technical framework, but authority remains distributed among NIST, NASA, CISA, the FCC, the Department of Commerce, defense institutions and private operators. China combines centralized cyber sovereignty, state-led infrastructure development and the international expansion of BeiDou, but its public disclosures do not permit independent verification of system-level resilience.

Across all four systems, the principal weakness is not the absence of cybersecurity principles. It is the difficulty of converting broad principles into enforceable requirements across long, multinational and technically opaque supply chains. Commercial operators increasingly deliver services that governments regard as critical or military-relevant, yet the allocation of responsibility among operators, manufacturers, cloud providers, software vendors, public authorities and insurers remains incomplete.

Insurance can transfer defined financial losses but cannot restore command authority, replace strategic capability or eliminate state responsibility under international space law. Procurement therefore constitutes a more powerful resilience instrument than insurance alone. Governments that purchase commercial satellite services can impose security-by-design, supply-chain disclosure, incident-reporting, continuity and recovery obligations before vulnerabilities become embedded in operational systems.


Key Judgments

Italy has established a credible institutional foundation, but operational maturity remains unproven

Assessment: Italy has moved beyond generic national cyber policy by creating formal cooperation between ACN and ASI and by commissioning a dedicated Cyber Security Operations Center for ASI missions and infrastructure.

Probability of continued institutional strengthening through 2031: Very likely, 80–94%
Confidence: High

ASI announced in June 2025 that it had assigned the development of its Cyber Security Operations Center, while ACN and ASI announced formal cooperation in July 2025 covering cybersecurity in the space and aerospace sectors. These measures establish dedicated institutional capacity but do not yet publicly demonstrate sector-wide coverage, continuous testing or equivalent controls across all commercial operators and suppliers. (Normattiva)

Indicator that would raise confidence: Publication of binding space-sector controls, exercise results, supplier-assurance requirements and measurable incident-response performance.

NIS2 creates a binding European baseline, but it does not constitute a complete space-security code

Assessment: NIS2 provides enforceable governance, risk-management, supply-chain and incident-reporting duties for covered operators of ground-based infrastructure supporting space services. It does not by itself regulate every spacecraft, satellite manufacturer, user terminal or downstream space-service provider.

Probability that coverage gaps remain through at least 2028: Likely, 65–79%
Confidence: High

Annex I of NIS2 includes operators of ground-based infrastructure that support the provision of space-based services, excluding providers of public electronic communications networks from that specific category where they are covered elsewhere. Its obligations are therefore significant but architecture- and entity-dependent. (Eur-Lex)

Indicator that would alter the judgment: Adoption and effective implementation of the proposed EU Space Act with clear coordination between its space-specific requirements and existing EU cyber legislation.

The proposed EU Space Act could become the most comprehensive civilian space-resilience regime examined

Assessment: If enacted without material dilution, the proposal would move EU policy from horizontal cybersecurity regulation toward a dedicated authorization and supervision framework for space operators.

Probability of eventual adoption in modified form: Likely, 65–79%
Confidence: Moderate

The Commission introduced the proposal on 25 June 2025 around three pillars—safety, resilience and environmental sustainability—and expressly sought a harmonized framework for operators active in or serving the EU market. The proposal remains legislation under negotiation and must not be described as existing binding law. (Defence Industry and Space)

Indicator that would alter the judgment: Prolonged legislative delay, extensive exemptions or unresolved overlap with NIS2 and national licensing systems.

The United States leads in public technical guidance but remains institutionally fragmented

Assessment: NIST has produced the most mature publicly available framework series for commercial satellite operations, ground segments and hybrid satellite networks. NASA and federal oversight reporting nevertheless demonstrate inconsistent implementation within major acquisition and mission programs.

Probability that implementation remains uneven through 2029: Likely, 65–79%
Confidence: High

NIST IR 8270, IR 8401 and IR 8441 provide complementary guidance for commercial operations, command-and-control ground segments and interfaces within hybrid government-commercial networks. GAO reported in 2024 that NASA had not implemented updates to spacecraft acquisition policies and stated in June 2025 that selected major projects had not fully implemented required cybersecurity risk-management steps. (NIST)

Indicator that would alter the judgment: Mandatory adoption of common lifecycle controls across federal licensing, acquisition and commercial service contracts.

China’s model prioritizes sovereign control, infrastructure autonomy and strategic scale over public auditability

Assessment: China treats cyberspace governance and BeiDou as components of sovereignty, national development and strategic autonomy, but public sources reveal substantially more about declared objectives and economic scale than about vulnerabilities, incidents or independent assurance.

Probability that this opacity persists through 2031: Very likely, 80–94%
Confidence: High

Chinese official documents emphasize law-based cyberspace governance, cyber sovereignty, critical-infrastructure security and centralized state authority. BeiDou official reporting presents the system as independently constructed and operated, globally available and increasingly integrated into transportation, energy, emergency management and international markets. (Consiglio di Stato Cinese)

Indicator that would alter the judgment: Publication of independently auditable incident statistics, technical-security assessments and implementation records for civil and commercial systems.

Supply-chain governance will determine whether formal regulation produces operational resilience

Assessment: Cybersecurity requirements focused only on the licensed operator will fail where manufacturers, software suppliers, cloud providers, ground-station companies and maintenance contractors can introduce systemic vulnerabilities.

Probability: Almost certain, 95–99%
Confidence: High

NIST, ENISA, U.S. national policy and NASA supply-chain guidance all treat lifecycle and supplier risk as central to space-system protection. The proposed EU Space Act similarly seeks explicit cybersecurity rules across operators and assets rather than relying solely on general corporate controls. (space.commerce.gov)

Indicator that would alter the judgment: Demonstrated architectures in which supplier compromise cannot propagate into mission-critical operations.

Insurance will remain secondary to procurement, licensing and technical governance

Assessment: Insurance can finance recovery and third-party claims but cannot substitute for system assurance, strategic redundancy or government supervision.

Probability: Very likely, 80–94%
Confidence: High

International space law places responsibility on states for national space activities and creates potential launching-state liability for damage caused by space objects. National systems may use licensing, indemnification and insurance to allocate financial exposure back to operators, but cyber-related service disruption does not always fit cleanly within traditional definitions of physical damage caused by a space object. (unoosa.org)

Indicator that would alter the judgment: Emergence of standardized space-cyber insurance products covering systemic service interruption, regulatory penalties, replacement logistics and cross-border liability at sustainable capacity.


I. Italy: ACN, ASI, National Cyber Law and Space Governance

Institutional Architecture

Italy’s emerging space-cybersecurity architecture is built around several institutions with overlapping but distinguishable roles. ACN is the national authority responsible for cybersecurity coordination, resilience, incident management and implementation of major national and European cyber obligations. ASI manages and supports national civil space activities, missions, research and industrial relationships. Government, defense, intelligence, telecommunications and regulatory institutions also retain sector-specific responsibilities that become relevant when a space system supports military, public-safety or essential civilian functions.

The June 2025 decision to develop a dedicated Cyber Security Operations Center for ASI represented a substantive shift from ordinary agency information security toward mission-focused monitoring and response. ASI described the center as an instrument for protecting agency missions and infrastructure. One month later, ACN and ASI formalized cooperation intended to strengthen cybersecurity initiatives in the space and aerospace sector. These actions establish a potential division of labor in which ASI contributes mission, engineering and industrial knowledge while ACN provides national cyber authority, incident coordination and regulatory expertise. (Normattiva)

The institutional logic is sound because space-cyber incidents cannot be managed effectively by either aerospace engineers or conventional information-security teams acting alone. Mission operators understand telemetry, orbital operations, payload behavior and safe-mode constraints. National cyber authorities understand threat intelligence, national incident coordination, cross-sector dependencies and legal reporting obligations. The resilience architecture must combine both.

The principal unresolved issue is the operational boundary of this cooperation. Public announcements do not yet establish whether the system provides:

  • continuous monitoring of all ASI mission environments;
  • integration with commercial service providers;
  • mandatory reporting by contractors;
  • coordinated vulnerability disclosure;
  • shared threat intelligence;
  • independent penetration testing;
  • simulation of combined cyber and radio-frequency attacks;
  • supply-chain traceability;
  • cross-border response mechanisms;
  • recovery-time requirements.

Assessment — Moderate Confidence: Italy has created an appropriate institutional center of gravity, but the evidence available publicly is insufficient to determine whether the model has achieved full operational integration.

Law No. 90 of 2024

Italy’s Law No. 90 of 28 June 2024 strengthened national cybersecurity, public-administration resilience, incident reporting, cybercrime provisions, public procurement controls and the institutional capacity of ACN. The law entered into force on 17 July 2024. Its structure extends beyond criminal penalties and includes governance, organizational and procurement measures intended to protect strategic national interests. (Normattiva)

The legislation is highly relevant to space infrastructure when a satellite operator, public body, contractor or service forms part of a protected national system or provides essential government functions. It should not, however, be interpreted as a separate “space hacking law.” Its application depends on the affected entity, system, offense, public-service function and relationship to national-security or critical-infrastructure obligations.

Several consequences are operationally important.

Incident Reporting

Covered public entities must report defined categories of cyber incidents under the national framework. Subsequent technical implementation has developed taxonomies and procedures for determining which incidents trigger notification. This obligation matters because rapid national awareness is necessary where disruption of a space-enabled service may affect several ministries or critical sectors simultaneously. (Gazzetta Ufficiale)

Cybersecurity Governance

The law requires stronger internal responsibility and organizational capacity among covered public bodies. Space cybersecurity therefore becomes a management duty rather than an exclusively technical function. Senior leaders must ensure that systems, personnel and reporting processes are adequate to the institution’s exposure.

Public Procurement

The law provides a basis for cybersecurity requirements in public contracts involving information and communications technology used in contexts connected with strategic national interests. Implementing measures require attention to product components and supply-chain characteristics. This is particularly relevant to satellite systems because security may depend on hardware, firmware and software incorporated years before launch. (Gazzetta Ufficiale)

Criminal-Law Strengthening

The law modifies aspects of the criminal response to cyber offenses and aggravates treatment of attacks against sensitive public systems. It does not mean that every intrusion into a private aerospace company automatically falls under anti-mafia jurisdiction or receives the maximum investigative treatment. Those conclusions require analysis of the specific criminal offense, target and procedural rules.

Italy’s NIS2 Implementation

Italy transposed NIS2 through Legislative Decree No. 138 of 4 September 2024, published on 1 October 2024 and in force from 16 October 2024. The decree was current as of 16 July 2026 according to the consolidated official legislative record. (Normattiva)

For covered space-ground operators, the decree creates duties relating to:

  • cybersecurity governance;
  • risk-management measures;
  • incident notification;
  • business continuity;
  • crisis management;
  • supply-chain security;
  • vulnerability handling;
  • cryptography;
  • access control;
  • asset management;
  • management accountability;
  • supervision and enforcement.

The significance of NIS2 is that it shifts cybersecurity from voluntary guidance toward enforceable governance. Management bodies cannot delegate the entire problem to technical staff and then disclaim responsibility. They must approve and oversee measures appropriate to the entity’s risks.

The Italian implementation challenge lies in defining the effective perimeter. A satellite-service architecture may involve an Italian operator, a foreign spacecraft owner, an EU gateway, a non-EU cloud provider and terminals distributed across several jurisdictions. Determining which entity is responsible for which layer requires contractual and regulatory clarity. A ground-infrastructure operator may be covered under NIS2 while a critical software supplier is regulated under a different regime or only through contract.

Italian Space Governance

Italy’s wider space governance has historically involved ASI, the government’s interministerial coordination structures and national registration, authorization and international-responsibility functions. The rapid commercialization of space requires the governance model to address not only scientific and industrial policy but also:

  • private operator authorization;
  • continuing supervision;
  • registration of space objects;
  • collision and debris risk;
  • cybersecurity;
  • foreign ownership;
  • export controls;
  • national-security screening;
  • insurance and financial capacity;
  • incident reporting;
  • termination and disposal;
  • government access during emergencies.

The central legal principle derives from Article VI of the Outer Space Treaty: national activities conducted by non-governmental entities require authorization and continuing supervision by the appropriate state. Cybersecurity should therefore be considered part of continuing supervision where a compromise could impair safe operation, create physical risk or disrupt nationally important services.

Key Vulnerability: A licensing authority may verify an operator’s technical and financial qualifications before launch but lack mechanisms for continuous assessment of software changes, supplier replacements and emerging vulnerabilities during the mission’s operational life.

Decision Requirement: Italy should integrate cyber assurance into the full mission lifecycle rather than treating it as a one-time authorization condition.


II. European Union: NIS2, ENISA and the Proposed EU Space Act

NIS2 as the Horizontal Cybersecurity Layer

NIS2 is the EU’s principal horizontal cybersecurity instrument for essential and important entities. It applies to qualifying entities in listed sectors and expressly includes operators of ground-based infrastructure supporting the provision of space-based services. (Eur-Lex)

The directive’s practical importance lies in five areas.

Management Accountability

Management bodies must approve cybersecurity risk-management measures, oversee implementation and receive relevant training. This reduces the ability of executives to characterize mission-security failures as isolated technical mistakes.

Risk Management

Covered entities must implement technical, operational and organizational measures appropriate to their risk. Relevant domains include incident handling, continuity, backup, disaster recovery, crisis management, supply-chain security, vulnerability management, cryptography, access control and multi-factor authentication.

Incident Reporting

NIS2 creates staged reporting obligations for significant incidents. Early warning supports cross-border awareness, while subsequent notifications provide more complete operational and impact information.

Supply-Chain Security

Entities must consider the security of direct suppliers and service providers. For satellite operators, this should encompass mission software, ground-station services, cloud infrastructure, identity providers, terminal manufacturers and remote-maintenance contractors.

Supervision and Enforcement

National authorities receive supervisory and enforcement powers. Depending on the entity’s classification, authorities may apply ex ante or ex post supervision, require remediation and impose sanctions.

NIS2 nevertheless contains structural limits. Its specific space-sector category focuses on ground infrastructure. Spacecraft manufacturers, payload developers and downstream service providers may be covered through other categories or may fall outside its direct space designation. Small entities may also be excluded unless they meet special criteria. The directive therefore provides a strong baseline but not a complete end-to-end licensing regime for space activity.

ENISA’s Space Threat Landscape

In March 2025, ENISA published a dedicated threat landscape for commercial satellites and accompanying guidance intended to strengthen trustworthy and uninterrupted operation. The report maps satellite lifecycles, assets, actors, threats and security measures across the space, ground, user and human-resources segments. (enisa.europa.eu)

ENISA’s contribution is important for three reasons.

Lifecycle Integration

The report treats security as an engineering and operational requirement extending from concept and design through manufacture, launch, operation and decommissioning. This approach recognizes that many vulnerabilities cannot be corrected economically after deployment.

Commercial Focus

Military space systems may have specialized security requirements and protected intelligence support. Commercial operators often face tighter cost constraints, faster development cycles and reliance on standard components. ENISA therefore addresses the segment most likely to expand rapidly and support public functions without possessing sovereign-level security resources.

Human and Organizational Risk

ENISA includes human resources within its asset taxonomy. This is significant because privileged operators, developers, contractors and administrators can create risks not captured through hardware or network analysis alone.

ENISA guidance is not equivalent to binding legislation. Its value depends on whether regulators, licensing authorities, procurement bodies, insurers and operators translate its recommendations into enforceable and testable controls.

The Proposed EU Space Act

The European Commission proposed the EU Space Act on 25 June 2025. The proposal seeks to harmonize rules concerning the safety, resilience and environmental sustainability of space activities and to reduce fragmentation among national legal systems. The Commission identified a patchwork of national approaches as a source of cost, uncertainty and uneven protection. (Defence Industry and Space)

The proposal is especially important because it seeks to regulate access to the EU market, not merely operators established within the Union. This could permit the EU to influence foreign operators offering space-based services to European customers.

Authorization

The proposal establishes conditions that Union operators would need to satisfy to obtain authorization to conduct space activities. Authorization could therefore become the point at which cyber-resilience requirements are examined before operation.

Resilience

The proposal introduces explicit space-specific cybersecurity rules and a tailored risk-assessment framework. Its impact assessment states that EU action is intended to address growing exposure caused by digitization and to cover infrastructure segments coherently. (Defence Industry and Space)

Third-Country Operators

A market-access model could require non-EU operators serving European customers to comply with defined conditions or demonstrate equivalent protection. This has strategic implications for foreign constellation providers on which Europe may depend during crises.

Supervision

A harmonized framework could reduce the risk that operators select the least demanding national jurisdiction. Effective supervision would nevertheless require technically capable authorities and coordination among member states.

Relationship with NIS2

The most difficult issue is regulatory layering. A covered operator could face:

  • NIS2 obligations;
  • national NIS2 implementation;
  • national space-licensing rules;
  • the EU Space Act;
  • the Cyber Resilience Act for relevant products;
  • data-protection requirements;
  • telecommunications regulation;
  • critical-entity-resilience requirements;
  • defense or export-control obligations.

The goal should not be maximum regulatory volume. It should be clear allocation of responsibility, harmonized reporting and recognition of equivalent controls.

Current Legal Status

As of 16 July 2026, the EU Space Act remained a legislative proposal and must not be presented as directly applicable law. Its final obligations, scope, implementation dates and exemptions may change during the legislative process. (Eur-Lex)

Assessment — Moderate Confidence: The proposal is likely to survive in recognizable form because it responds to genuine fragmentation, but competitiveness concerns may lead to phased obligations, proportionality mechanisms and exemptions for smaller operators.


III. United States: NIST Frameworks, NASA Governance and Commercial Networks

Space Policy Directive 5

The United States established national cybersecurity principles for space systems through Space Policy Directive 5 in September 2020. SPD-5 states that cybersecurity should be integrated across the lifecycle of space systems and emphasizes risk-based engineering, protection of command and control, supply-chain management, authentication, encryption, monitoring and recovery. (space.commerce.gov)

SPD-5 is strategically significant because it defines space systems as cyber-physical systems whose compromise can generate physical and strategic consequences. It also acknowledges that government and commercial operators share responsibility.

The directive’s limitation is institutional. It establishes principles but does not create one unified civilian regulator responsible for all commercial space cybersecurity. Implementation remains distributed among agencies with distinct legal authorities.

NIST’s Space-Cyber Framework Series

NIST IR 8270 — Commercial Satellite Operations

IR 8270 provides an introductory method for applying the NIST Cybersecurity Framework to commercial satellite operations. It maps a high-level commercial architecture and helps operators define cybersecurity outcomes and controls. (NIST)

Its strength is flexibility. Operators can adapt the framework to different missions and risk profiles. Its weakness is that voluntary adoption can produce uneven implementation unless procurement, licensing or insurance makes specific outcomes mandatory.

NIST IR 8401 — Satellite Ground Segment

IR 8401 applies the Cybersecurity Framework to the ground segment, emphasizing command and control of satellite buses and payloads. It recognizes that ground operations are interdependent and exposed to conventional cyber threats. (nvlpubs.nist.gov)

This profile is particularly valuable because many operationally consequential attacks are likely to begin in terrestrial infrastructure. It provides a bridge between conventional enterprise cybersecurity and mission operations.

NIST IR 8441 — Hybrid Satellite Networks

IR 8441 focuses on the interfaces between participants in hybrid networks containing government, commercial, space and terrestrial components. (nvlpubs.nist.gov)

The hybrid-network problem is central to U.S. resilience. Government customers may purchase services from several commercial operators, each of which relies on cloud providers, gateways and suppliers. No individual participant may possess full visibility into the network’s aggregate risk.

Framework Limitation

NIST frameworks define good risk-management practice, but they do not themselves guarantee enforcement, funding or implementation. Their effectiveness depends on contracts, agency policy, market incentives and regulatory adoption.

NASA Governance and Oversight

NASA’s mission portfolio combines unique spacecraft, long development cycles, complex contractor networks and high-value scientific data. Cybersecurity must be integrated into project governance before design decisions become technically or financially irreversible.

GAO reported in May 2024 that NASA had considered but had not implemented updates to spacecraft acquisition policies and standards issued in 2019. NASA’s space-security guidance existed, but GAO characterized aspects of that guidance as optional for spacecraft programs. (gao.gov)

In June 2025, GAO examined selected NASA major projects against seven key cybersecurity risk-management steps. It found incomplete implementation and noted that an earlier recommendation for an implementation plan to update acquisition policies remained unresolved as of May 2025. (files.gao.gov)

These findings demonstrate a recurring governance problem: major space programs optimize simultaneously for mission performance, mass, power, schedule, cost and safety. Cybersecurity may be treated as a later compliance requirement rather than an engineering constraint. Once a spacecraft design is fixed, adding cryptographic hardware, additional processing capacity, isolation mechanisms or secure update paths may be prohibitively expensive.

NASA Supply-Chain Risk

NASA guidance recognizes that global and distributed supply chains can introduce malicious or counterfeit components and services. Agency and federal procurement resources increasingly require suppliers to address cybersecurity supply-chain risk. (sma.nasa.gov)

NASA’s Inspector General has also documented limits on visibility into lower-tier subcontractors in major programs. Prime contractors may control extensive supplier networks, while NASA’s insight can vary according to contract type and purchasing-system oversight. (NASA Office of Inspector General)

Assessment — High Confidence: The U.S. weakness is not lack of knowledge. It is inconsistent conversion of well-developed guidance into mandatory program requirements, acquisition decisions and continuous verification.

Commercial Networks and Regulatory Fragmentation

The United States distributes commercial space authority across several institutions:

  • the FCC licenses spectrum use and many satellite and earth-station communications activities;
  • the Federal Aviation Administration licenses commercial launches and reentries;
  • the National Oceanic and Atmospheric Administration regulates certain commercial remote-sensing activities;
  • the Department of Commerce supports commercial space policy and coordination;
  • CISA provides critical-infrastructure cybersecurity support;
  • NIST develops technical standards and frameworks;
  • defense and intelligence bodies regulate national-security systems;
  • NASA governs its own missions and acquisitions.

This distributed model can promote specialization but also creates regulatory seams. A communications license may examine spectrum, interference and orbital-debris issues without functioning as a comprehensive cybersecurity authorization. A launch license may focus on public safety during launch and reentry rather than long-term software assurance. A government customer may impose stronger security through contract than the operator faces through civilian licensing.

FCC orbital-debris proceedings have addressed operator control, command communications, indemnification and potential insurance questions. These proceedings demonstrate the relationship between licensing, state exposure under international law and private financial responsibility, but they do not create a unified satellite-cybersecurity code. (docs.fcc.gov)


IV. China: Cyber Sovereignty, BeiDou and Strategic Opacity

Cyber Sovereignty

China’s cyber-governance model is grounded in the concept that states possess sovereignty over domestic digital infrastructure, data governance and network regulation. The 2023 white paper on law-based cyberspace governance describes a state-led legal and regulatory system intended to protect national security, public order, critical infrastructure and personal information. (Consiglio di Stato Cinese)

This model differs from the multi-regulator and commercially decentralized U.S. approach. Chinese authorities possess stronger formal capacity to direct operators, impose national standards and integrate cybersecurity with broader national-security policy. Centralization may facilitate rapid implementation where political priorities are clear.

Centralization does not automatically prove technical effectiveness. It can also discourage disclosure of failures, limit external scrutiny and obscure the distinction between regulatory compliance and operational resilience.

China’s official policy language consistently links cyberspace to sovereignty, national security, social stability and state development. A 2025 arms-control white paper stated that China was strengthening cyber defense, situational awareness, emergency response and critical-infrastructure protection. These are official policy claims and should not be treated as independently tested measures of effectiveness. (english.scio.gov.cn)

BeiDou as Strategic Infrastructure

China describes the BeiDou Navigation Satellite System as independently constructed and operated. BDS-3 became a global system in 2020, using a mixed constellation of medium-Earth, geostationary and inclined geosynchronous satellites. (en.beidou.gov.cn)

BeiDou has three strategic functions.

National Autonomy

It reduces dependence on foreign positioning, navigation and timing systems. This provides China with greater control over a service essential to military, transportation, telecommunications, energy and emergency functions.

Industrial Policy

Official Chinese reporting states that the satellite-navigation and positioning industry reached 575.8 billion yuan in output during 2024 and that BeiDou-enabled services had expanded into mobile devices, transportation, connected vehicles and other sectors. (Consiglio di Stato Cinese)

International Influence

China reports that BeiDou products and services are exported to more than 140 countries and regions and integrated into multiple international standards. Official BRI documents describe a space-information corridor and the use of BeiDou in transport and maritime applications. (Consiglio di Stato Cinese)

The international expansion creates both opportunity and dependency. Partner states gain an alternative to GPS and other GNSS services, but integration into critical infrastructure may create long-term technical, commercial and geopolitical relationships.

Next-Generation BeiDou

China announced plans for experimental next-generation BeiDou satellites around 2027, deployment beginning around 2029 and completion targeted for 2035. Official descriptions emphasize mixed-orbit architecture, improved accuracy, trustworthiness, intelligent capabilities and integration with non-satellite PNT methods. (Consiglio di Stato Cinese)

The inclusion of non-satellite PNT is strategically important. It indicates recognition that satellite navigation alone cannot provide complete resilience against jamming, spoofing, cyberattack or physical disruption. A layered PNT architecture can combine satellite signals with terrestrial, inertial, network and local positioning sources.

Assessment — Moderate Confidence: China will use the next-generation system to increase domestic resilience and international market penetration, but public sources do not permit a reliable assessment of command-network security, supplier assurance or incident history.

Strategic Opacity

China’s official disclosures provide detailed information on strategic ambition, service expansion and economic value. They provide significantly less information on:

  • successful cyber intrusions;
  • vulnerabilities;
  • independent audits;
  • supply-chain failures;
  • operator sanctions;
  • mission-assurance testing;
  • resilience exercises;
  • recovery performance;
  • civil-military network separation.

This creates an asymmetry in comparative analysis. U.S. and European audit institutions publicly document deficiencies, making those systems appear more vulnerable in open sources. China’s lack of comparable public findings cannot be interpreted as evidence of fewer vulnerabilities.

Analytical Warning

A simple count of publicly reported incidents would produce a misleading comparison. The correct variable is not reported incidents alone but the combination of:

  • disclosure requirements;
  • independent oversight;
  • press freedom;
  • litigation exposure;
  • regulatory transparency;
  • security classification;
  • commercial reporting incentives.

Key Judgment — High Confidence: China’s principal comparative advantage is centralized mobilization and infrastructure scale; its principal analytical weakness is the inability of external observers to distinguish genuine resilience from controlled disclosure.


V. Supply-Chain Security and Commercial Operator Responsibilities

The Space Supply Chain

A modern satellite service can depend on:

  • spacecraft bus manufacturers;
  • payload manufacturers;
  • chip designers;
  • semiconductor fabrication;
  • cryptographic modules;
  • firmware developers;
  • open-source libraries;
  • launch providers;
  • ground-station operators;
  • antenna manufacturers;
  • cloud-service providers;
  • telecommunications carriers;
  • identity providers;
  • terminal manufacturers;
  • maintenance contractors;
  • data-processing companies;
  • application developers.

The supply chain is not merely a procurement sequence. It is a persistent trust architecture. Suppliers may retain remote access, issue updates, operate infrastructure or process sensitive data throughout the mission.

Principal Risks

  1. Counterfeit or substituted components
  2. Malicious firmware
  3. Compromised software libraries
  4. Undocumented dependencies
  5. Supplier remote access
  6. Foreign ownership or influence
  7. Single-source dependence
  8. Unsupported legacy products
  9. Insecure update infrastructure
  10. Loss of supplier continuity
  11. Cloud or identity-provider concentration
  12. Insufficient subcontractor visibility

NIST’s hybrid-network profile emphasizes interfaces between participants, while ENISA’s space threat landscape integrates suppliers and lifecycle actors into its risk analysis. U.S. national policy likewise directs operators to manage and secure supply chains throughout system development. (nvlpubs.nist.gov)

Operator Responsibilities

A commercial operator should not be expected to eliminate every vulnerability. It should be required to demonstrate that it has identified critical functions, reduced foreseeable risks, limited propagation and prepared for recovery.

A government-grade operator-responsibility model should require:

Governance

  • board-approved space-cyber risk policy;
  • named executive accountability;
  • separation of security and operational approval;
  • regular independent assurance;
  • disclosure of material control failures.

Architecture

  • segregation of enterprise and mission networks;
  • separate privileged identities;
  • cryptographic command authentication;
  • secure boot;
  • authenticated software updates;
  • command allow-listing;
  • safe-mode protection;
  • immutable logging;
  • independent monitoring channels.

Supply Chain

  • component and software inventories;
  • software bills of materials;
  • supplier ownership and control analysis;
  • vulnerability-notification clauses;
  • secure-development evidence;
  • subcontractor flow-down requirements;
  • alternate-source planning;
  • lifecycle-support commitments.

Incident Response

  • rapid notification;
  • preservation of evidence;
  • cross-border coordination;
  • procedures for loss of command trust;
  • terminal-replacement planning;
  • customer communication;
  • predefined government contact points.

Continuity

  • geographically separated ground facilities;
  • alternative communications paths;
  • backup providers;
  • terrestrial PNT alternatives;
  • offline recovery capability;
  • restoration exercises;
  • minimum-service requirements.

Decommissioning

  • credential revocation;
  • secure data disposal;
  • command-key management;
  • post-mission monitoring;
  • safe disposal and passivation.

Responsibility Across Hybrid Networks

In hybrid government-commercial systems, responsibility can become fragmented. A government customer may assume that the commercial provider secures the service. The provider may assume that the customer secures its terminals and user environment. The cloud provider may secure the platform while leaving identity configuration to the operator. The manufacturer may support only the original configuration.

Contracts should therefore allocate responsibility at each interface.

InterfaceMinimum responsibility
Government–operatorSecurity outcomes, reporting, continuity and audit rights
Operator–manufacturerSecure design, support, updates and vulnerability disclosure
Operator–cloud providerIdentity, logging, segmentation, recovery and data location
Operator–ground providerCommand integrity, physical security and incident coordination
Operator–terminal vendorAuthenticated updates, device identity and recovery
Prime–subcontractorFlow-down controls, component provenance and access management
Operator–insurerAccurate risk disclosure, control warranties and incident cooperation

Assessment — High Confidence: The interface contract is as important as the security of either party because many failures occur in unallocated or misunderstood responsibilities.


VI. Insurance, Procurement and Corporate-Liability Exposure

International Responsibility and Liability

The Outer Space Treaty provides that states bear international responsibility for national activities in outer space, including activities by non-governmental entities, and that those activities require authorization and continuing supervision. The Liability Convention establishes liability rules for damage caused by space objects, including absolute launching-state liability for certain damage on Earth or to aircraft and fault-based liability for damage elsewhere in space. (unoosa.org)

These rules were created primarily for physical damage caused by space objects. Cyber incidents can create more difficult questions:

  • Is loss of service “damage” under the convention?
  • Is corrupted data covered?
  • What if cyber manipulation causes a collision?
  • What if a ground-system compromise disables a satellite without physical damage?
  • What if several states qualify as launching states?
  • What if a private operator’s failure enables hostile state action?
  • Can the causal connection between the cyberattack and physical damage be established?

The treaty framework does not provide an automatic answer to every digital harm. National law, contract, tort, telecommunications regulation, data protection and criminal law may be more directly applicable to service interruption or data loss.

Insurance Functions

Space insurance traditionally addresses combinations of:

  • launch failure;
  • in-orbit failure;
  • physical damage;
  • loss of satellite value;
  • third-party liability;
  • business interruption;
  • professional liability;
  • cyber response.

Cyber risk introduces accumulation problems. One vulnerability may affect many satellites, terminals or customers simultaneously. Insurers therefore face the possibility of correlated losses rather than isolated technical failures.

Insurance may support resilience by requiring:

  • disclosure of system architecture;
  • independent security assessment;
  • minimum controls;
  • incident-response planning;
  • supplier information;
  • recovery capability;
  • accurate valuation.

It also has strict limits. Insurance cannot:

  • recover stolen strategic information;
  • restore lost public confidence;
  • replace unavailable satellite capacity;
  • guarantee government access during war;
  • prevent cascading effects;
  • transfer international responsibility away from the state;
  • resolve attribution.

Coverage Ambiguity

A satellite cyber incident may trigger several policies:

  • space hull coverage;
  • cyber insurance;
  • property insurance;
  • business-interruption coverage;
  • errors and omissions;
  • directors and officers liability;
  • political-risk insurance;
  • war-risk exclusions.

Disputes may arise over whether the cause was cyberattack, electronic warfare, hostile state action, armed conflict, software defect or operator negligence. Attribution therefore affects not only diplomacy but also coverage.

Procurement as a Resilience Instrument

Procurement has greater preventive power than post-loss insurance because it can shape system architecture before deployment.

NASA and federal procurement guidance increasingly emphasize secure-by-design software, supplier governance and cybersecurity supply-chain risk-management plans. (nasa.gov)

Government contracts for satellite services should specify:

  • applicable security framework;
  • required architecture;
  • mandatory authentication and encryption;
  • supplier traceability;
  • data-location conditions;
  • vulnerability-remediation timelines;
  • incident-reporting deadlines;
  • government access to logs;
  • audit and testing rights;
  • minimum continuity levels;
  • replacement-terminal capacity;
  • subcontractor obligations;
  • ownership-change notification;
  • foreign-control restrictions;
  • secure termination and data return;
  • remedies for systemic control failure.

Outcome-Based Procurement

A contract should not merely require compliance with a named framework. It should define measurable outcomes.

Weak requirement:

The contractor shall comply with recognized cybersecurity standards.

Stronger requirement:

The contractor shall maintain cryptographically authenticated command pathways, segregate mission control from enterprise identities, report defined incidents within the required period, demonstrate restoration of minimum service during annual exercises, and provide evidence that equivalent requirements flow to critical subcontractors.

Corporate Liability

Corporate exposure can arise through several channels.

Regulatory Liability

Failure to implement applicable NIS2 or national cybersecurity obligations can lead to supervisory measures and administrative sanctions.

Contractual Liability

An operator may breach security, availability, reporting or continuity commitments to government and commercial customers.

Civil Liability

Customers or third parties may claim negligence, economic loss, property damage or personal injury where poor security contributes to harmful effects.

Criminal Exposure

Individual conduct may create criminal exposure where executives, administrators or employees intentionally misuse systems, conceal incidents, falsify evidence or facilitate unauthorized access. Corporate criminal or administrative liability depends on the applicable jurisdiction and offense.

Directors’ and Officers’ Exposure

Senior management may face claims where cybersecurity risks were foreseeable but not governed, funded or disclosed appropriately.

Securities and Disclosure Risk

Public companies may face liability where cyber risks or material incidents are misrepresented to investors or regulators.

International and Licensing Exposure

A state may seek indemnification from an operator where international claims arise from authorized activity. The FCC has considered and adopted licensing approaches addressing indemnification in the orbital-debris and liability context. (docs.fcc.gov)

Human Oversight and Autonomous Systems

The presence of a human operator does not automatically break legal causation or eliminate corporate liability. A nominal human approval can be ineffective where the operator:

  • lacks time to assess the recommendation;
  • cannot understand the system;
  • receives manipulated data;
  • is trained to approve automatically;
  • lacks authority to intervene;
  • cannot access alternative information.

Meaningful human oversight requires:

  • adequate information;
  • technical competence;
  • sufficient decision time;
  • authority to reject;
  • independent verification;
  • recorded reasoning;
  • safe fallback.

For autonomous collision avoidance, constellation management or cyber response, liability analysis should examine the entire design and governance process rather than focusing only on the final human click.

Assessment — High Confidence: “Human in the loop” is not a legal shield unless the human’s role is operationally meaningful and supported by reliable information.


Competing Governance Hypotheses

H₁ — Centralized State Direction Produces Superior Resilience

Supporting evidence: Centralized systems can impose standards rapidly, coordinate national assets and restrict suppliers.

Inconsistent evidence: Centralization can suppress incident disclosure, reduce independent scrutiny and create common national dependencies.

Current assessment: Context-dependent.
Confidence: Moderate.

H₂ — Market-Led Technical Innovation Outpaces Regulation

Supporting evidence: Commercial operators can deploy new architectures and security controls faster than legislative systems.

Inconsistent evidence: Competitive pressure may favor speed and cost over resilience, particularly where customers cannot observe security quality.

Current assessment: Likely for innovation, insufficient for systemic assurance.
Confidence: High.

H₃ — Comprehensive EU Regulation Will Create a Global Standard

Supporting evidence: Market access gives the EU regulatory influence beyond its borders, as demonstrated in other sectors.

Inconsistent evidence: Compliance costs, overlapping rules and slow implementation may reduce competitiveness or encourage foreign service substitution.

Current assessment: Plausible.
Confidence: Moderate.

H₄ — Procurement Will Become the Primary Cybersecurity Enforcement Mechanism

Supporting evidence: Governments can impose detailed mission requirements through contracts even where licensing remains fragmented.

Inconsistent evidence: Contract requirements vary among agencies and may not protect purely commercial customers.

Current assessment: Likely in government-dependent markets.
Confidence: High.

H₅ — Insurance Will Standardize Minimum Cyber Controls

Supporting evidence: Insurers can require assessments and price weak controls.

Inconsistent evidence: Space-cyber losses may be too correlated, uncertain or excluded to support deep insurance capacity.

Current assessment: Possible but secondary.
Confidence: Moderate.


Bayesian Update

Hypothesis

H₄: Procurement and licensing will matter more than voluntary guidance in determining commercial space resilience.

Prior

Before the expansion of formal space-cyber guidance, it was reasonable to assume that industry standards and technical best practice could produce gradual improvement.

Evidence

  • NIST has created detailed commercial, ground-segment and hybrid-network frameworks.
  • GAO nevertheless documented incomplete implementation in NASA programs.
  • NIS2 converts risk-management principles into enforceable management duties.
  • The proposed EU Space Act would link space-specific resilience to authorization and market access.
  • NASA procurement documentation increasingly requires supplier-governance and supply-chain risk measures. (files.gao.gov)

Update

Strong upward update.

Posterior Assessment

It is very likely, with high confidence, that the strongest commercial security improvements through 2031 will occur where technical guidance is reinforced by licensing conditions, procurement requirements, audit rights and executive accountability.


Counter-Adaptation and Red-Team Assessment

Red-Team Challenge 1 — More Regulation Automatically Means More Security

Regulatory volume can increase cost without improving operational outcomes where obligations overlap, definitions conflict or supervision lacks technical expertise. Governments should measure recovery, segmentation and command integrity rather than document production.

Red-Team Challenge 2 — National Systems Can Be Evaluated Through Public Incident Counts

States with extensive audits and disclosure may appear less secure than opaque systems. Comparative assessment must control for transparency.

Red-Team Challenge 3 — Prime Contractors Can Secure the Full Supply Chain

Prime contractors may lack visibility into all lower-tier suppliers, open-source dependencies and foreign-origin components. Contractual flow-down does not guarantee verification.

Red-Team Challenge 4 — Insurance Creates Sufficient Market Discipline

Insurance may exclude war, systemic infrastructure failure or state-sponsored cyber activity. Capacity can disappear after major losses, and insurers may lack access to classified threat information.

Red-Team Challenge 5 — Commercial Redundancy Eliminates Sovereign Risk

Several commercial services may depend on the same cloud provider, launch system, semiconductor supply chain or ground-station network. Apparent provider diversity can conceal common-mode failure.


Indicators and Warnings

Italy

  • publication of space-specific ACN or ASI control requirements;
  • operational status and coverage of the ASI Cyber Security Operations Center;
  • inclusion of commercial space operators in national exercises;
  • binding supplier-assurance requirements;
  • alignment of space licensing with NIS2 supervision.

European Union

  • Council and Parliament positions on the EU Space Act;
  • treatment of third-country operators;
  • final cybersecurity and insurance provisions;
  • coordination with NIS2 and the Cyber Resilience Act;
  • proportionality mechanisms for small operators;
  • creation of common audit or certification procedures.

United States

  • closure of GAO recommendations to NASA;
  • mandatory incorporation of NIST space profiles into contracts;
  • FCC or other licensing action on cybersecurity;
  • federal harmonization of commercial space supervision;
  • expansion of hybrid-network security exercises.

China

  • next-generation BeiDou experimental launches around 2027;
  • new technical standards for trustworthy PNT;
  • integration of BeiDou with terrestrial alternatives;
  • disclosure of cyber incidents or resilience exercises;
  • expansion into foreign critical infrastructure;
  • evidence of security requirements for commercial space companies.

Supply Chain and Insurance

  • mandatory software and component inventories;
  • government access to subcontractor data;
  • cyber exclusions in space-insurance policies;
  • growth of parametric interruption coverage;
  • insurer requirements for command authentication;
  • claims disputes involving state attribution or war exclusions.

Five-Year Implications, 2026–2031

2026–2027: Regulatory Translation

Italy and other EU states will continue translating NIS2 into supervisory practice. The EU Space Act will remain under negotiation or begin phased implementation depending on the legislative timetable. U.S. agencies will face pressure to convert guidance into acquisition requirements. China will continue preparing the next generation of BeiDou.

2027–2028: Supplier Assurance

Regulators and government customers will focus increasingly on component provenance, software dependencies, cloud concentration and remote supplier access. Smaller operators will face growing compliance costs.

2028–2029: Market-Access Effects

European requirements may begin influencing foreign providers seeking access to EU customers. Government procurement will increasingly differentiate operators according to demonstrated resilience rather than price and capacity alone.

2029–2030: Insurance Repricing

A major incident could produce stricter exclusions, higher premiums and demands for independent assurance. Operators without tested recovery systems may become difficult to insure or finance.

2030–2031: Governance Divergence

Three broad models are likely to consolidate:

  1. European regulated-market model: Harmonized authorization, resilience and supervisory duties.
  2. U.S. federated public-private model: Advanced standards combined with agency-specific procurement and licensing.
  3. Chinese sovereign-infrastructure model: Centralized direction, strategic autonomy and limited public auditability.

Italy will remain embedded in the European model while retaining national-security and industrial-policy priorities.


Decision Implications

Governments should:

  • Make cybersecurity a condition of space authorization and continuing supervision.
  • Harmonize NIS2, space licensing and critical-entity requirements.
  • Require common incident definitions across operators.
  • Incorporate NIST and ENISA outcomes into procurement contracts.
  • Establish audit rights over critical subcontractors.
  • Require cryptographic command and update authentication.
  • Test recovery from loss of terminals, gateways and cloud access.
  • Map common dependencies across nominally competing providers.
  • Require meaningful human oversight for autonomous mission decisions.
  • Develop insurance standards without treating insurance as proof of resilience.
  • Establish financial-security or indemnification mechanisms proportionate to risk.
  • Protect small operators through shared services without lowering essential controls.
  • Coordinate regulators with intelligence and defense authorities.
  • Assess foreign operators before integrating them into critical services.
  • Maintain sovereign fallback for essential communications and PNT.

Evidence and Confidence Note

The Italy assessment is supported by official legislation, ACN and ASI announcements, and Italy’s official NIS2 transposition. The evidence confirms institutional development and binding cyber obligations but does not establish the operational performance of Italy’s space-specific monitoring architecture. (Normattiva)

The EU assessment is supported by the enacted NIS2 Directive, ENISA’s 2025 space threat landscape and the Commission’s proposed EU Space Act. Confidence is high regarding current NIS2 obligations and moderate regarding the future Space Act because the proposal can change before adoption. (Eur-Lex)

The U.S. assessment is supported by NIST, the Office of Space Commerce, GAO, NASA and FCC material. Confidence is high that technical guidance is mature and implementation is fragmented. (space.commerce.gov)

The China assessment is based largely on official Chinese government and BeiDou publications. These sources reliably establish declared policy, system expansion and economic scale but cannot independently demonstrate cybersecurity effectiveness. Confidence is therefore high regarding strategic direction and low-to-moderate regarding operational resilience. (Consiglio di Stato Cinese)

Insurance analysis remains constrained by limited public data on cyber-specific space policies, claims and exclusions. No defensible estimate can presently be made of global available coverage for a systemic multi-operator space-cyber event.


Chapter Sources

  • Law No. 90 of 28 June 2024 — Italian Republic — June 2024. National cybersecurity, resilience, cybercrime and procurement legislation. (Normattiva)
  • Legislative Decree No. 138 of 4 September 2024 — Italian Republic — September 2024. Italian transposition of NIS2. (Normattiva)
  • ASI Cyber Security Operations Center Announcement — Agenzia Spaziale Italiana — June 2025. Establishes dedicated ASI cyber-monitoring development. (Normattiva)
  • ACN–ASI Cooperation Announcement — Agenzia per la Cybersicurezza Nazionale — July 2025. Formal cooperation in space and aerospace cybersecurity. (Gazzetta Ufficiale)
  • Directive (EU) 2022/2555 — European Parliament and Council — December 2022. Binding EU cybersecurity baseline covering qualifying space ground-infrastructure operators. (Eur-Lex)
  • Space Threat Landscape — ENISA — March 2025. Lifecycle, asset and threat analysis for commercial satellites. (enisa.europa.eu)
  • Proposal for an EU Space Act, COM(2025) 335 — European Commission — June 2025. Proposed safety, resilience and sustainability framework. (Eur-Lex)
  • Space Policy Directive 5 — United States — September 2020. National cybersecurity principles for space systems. (space.commerce.gov)
  • NIST IR 8270 — National Institute of Standards and Technology — July 2023. Commercial satellite cybersecurity framework application. (nvlpubs.nist.gov)
  • NIST IR 8401 — National Institute of Standards and Technology — December 2022. Ground-segment cybersecurity profile. (nvlpubs.nist.gov)
  • NIST IR 8441 — National Institute of Standards and Technology — September 2023. Hybrid satellite network cybersecurity profile. (nvlpubs.nist.gov)
  • NASA Cybersecurity: Plan Needed to Update Spacecraft Acquisition Policies and Standards — U.S. Government Accountability Office — May 2024. Documents acquisition-policy gaps. (gao.gov)
  • Cybersecurity: NASA Needs to Fully Implement Risk Management — U.S. Government Accountability Office — June 2025. Assesses selected major NASA projects. (files.gao.gov)
  • China’s Law-Based Cyberspace Governance in the New Era — State Council Information Office — March 2023. Official cyber-governance and sovereignty framework. (Consiglio di Stato Cinese)
  • China’s BeiDou Navigation Satellite System in the New Era — State Council Information Office — November 2022. Official BeiDou strategy and development framework. (Consiglio di Stato Cinese)
  • Next-Generation BeiDou Development Announcement — State Council of the People’s Republic of China — November 2024. Sets experimental, deployment and completion milestones. (Consiglio di Stato Cinese)
  • International Space Law: United Nations Instruments — UN Office for Outer Space Affairs — 2025 edition. Treaty responsibility and liability framework. (unoosa.org)

Chapter 3 — 2026–2031 Threat Evolution and Strategic Risk

BLUF

The principal space-cyber threat through 2031 will be the convergence of financially motivated intrusion, state pre-positioning, radio-frequency interference, supply-chain compromise and AI-assisted operations against the terrestrial systems that make orbital services usable. Most incidents will remain below the threshold of armed conflict, but their cumulative effects will increase operational uncertainty, recovery costs and political pressure on governments.

Criminal actors will primarily monetize access through ransomware, data theft, extortion, fraud, intellectual-property theft and the sale of privileged credentials. They are unlikely to seek spacecraft control as an end in itself, but an intrusion into a satellite operator, terminal provider, cloud platform or contractor can produce operational disruption disproportionate to the attacker’s original financial objective. FBI reporting identifies ransomware and data breaches among the most frequently reported threats affecting critical infrastructure; reported loss figures materially understate total harm because they generally exclude business interruption, equipment replacement and many remediation expenses. (ic3.gov)

State-sponsored actors present the higher strategic risk because they can obtain access during peacetime and preserve it for activation during crisis or war. The publicly documented Volt Typhoon campaign demonstrates a broader pattern of pre-positioning inside critical-infrastructure networks to enable future disruption of operational functions. Public evidence does not establish an equivalent campaign against a named satellite constellation, but the operating logic is directly relevant to ground stations, telecommunications gateways, cloud environments and other terrestrial components of space-enabled services. (cisa.gov)

GNSS interference will be the most persistent and geographically visible form of hostile space-service degradation. EASA reports that jamming and spoofing have increased markedly since February 2022, especially around the Baltic Sea, Black Sea, Mediterranean, Middle East, Arctic and other conflict-sensitive regions. Its July 2026 update added new operational, communications and training measures, demonstrating that interference has become a continuing aviation-safety condition rather than an isolated wartime anomaly. (EASA)

Artificial intelligence will improve both attack and defense, but it will not remove the need for human command authority, independent verification and deterministic safety constraints. AI can accelerate vulnerability discovery, social engineering, malware adaptation, anomaly detection and incident triage. It can also be manipulated through poisoned data, adversarial inputs, model compromise and deceptive telemetry. NIST’s 2025 adversarial-machine-learning taxonomy identifies evasion, poisoning, privacy and misuse attacks and emphasizes that no single mitigation eliminates the risk. (nvlpubs.nist.gov)

Key Judgment: A publicly acknowledged, strategically consequential disruption of a space-enabled service is likely between July 2026 and December 2031, with moderate confidence. A coordinated attack producing prolonged multi-sector failure remains unlikely but plausible, with low-to-moderate confidence, because the required access, timing and coordination would be difficult but not beyond a capable state.


Key Judgments

Criminal monetization will concentrate on terrestrial access rather than direct spacecraft control

Assessment: Cybercriminals will target corporate identities, cloud services, ground networks, customer databases, engineering environments and terminal-management systems because these assets can be converted more readily into ransom, extortion payments, stolen data or resaleable access.

Probability: Very likely, 80–94%
Confidence: High

The space sector contains the same exploitable technologies and organizational weaknesses found in other critical industries: remote access, identity systems, virtualization, cloud storage, email, contractor accounts, internet-facing appliances and software supply chains. CISA’s 2024 recommendations to space-system operators identify long deployment timelines, evolving cyber threats and the need for lifecycle protection across interconnected space infrastructure. (cisa.gov)

Indicator that would alter the judgment: Repeated criminal campaigns demonstrating reliable monetization through direct manipulation of spacecraft rather than terrestrial systems or data.

State pre-positioning will become the most dangerous latent threat

Assessment: The highest-impact adversaries will seek persistent access before conflict, avoid detection and preserve the ability to disrupt services at a politically or militarily advantageous moment.

Probability: Likely, 65–79%
Confidence: Moderate

CISA and international partners assessed that PRC-linked Volt Typhoon actors were pre-positioning within U.S. critical-infrastructure information-technology networks to facilitate potential disruption of operational technology. This does not prove that the same actors possess access to space systems, but it demonstrates a state-backed operational model applicable to satellite ground infrastructure and dependent telecommunications networks. (cisa.gov)

Indicator that would raise the probability: Discovery of long-dormant access within multiple satellite operators, gateways or suppliers without an immediate espionage or financial objective.

GNSS disruption will become normalized around conflict zones and strategic corridors

Assessment: Persistent jamming and spoofing will increasingly affect civil aviation, maritime operations, logistics and timing-dependent systems even when those sectors are not the direct intended targets.

Probability: Almost certain, 95–99%
Confidence: High

EASA reports a notable increase in GNSS interference since February 2022 and identifies affected regions around active conflicts and strategically sensitive borders. EASA and IATA stated in June 2025 that reported incidents had increased across Eastern Europe and the Middle East, prompting a broader resilience plan. (EASA)

Indicator that would alter the judgment: Sustained reduction in reported interference combined with widespread deployment of resilient multi-source navigation and timing systems.

Integrity attacks will create greater decision risk than obvious outages

Assessment: Spoofed navigation data, manipulated telemetry or corrupted Earth-observation products may create more dangerous consequences than a detectable loss of service because operators can continue acting on false information.

Probability: Likely, 65–79%
Confidence: High

GAO defines spoofing as replacement of legitimate GPS signals with manipulated signals capable of supplying incorrect positioning, navigation and timing information. Its February 2025 assessment found that federal agencies still needed additional efforts to address GPS cybersecurity risks. (files.gao.gov)

Indicator that would alter the judgment: Universal implementation of authenticated navigation services, independent integrity monitoring and automatic rejection of inconsistent data.

AI will compress the time between reconnaissance, exploitation and operational effect

Assessment: AI-enabled tools will allow both sophisticated and less-skilled actors to process larger volumes of technical information, tailor social engineering and automate parts of vulnerability analysis.

Probability: Very likely, 80–94%
Confidence: Moderate

This judgment concerns acceleration and scale, not autonomous strategic competence. NIST’s work identifies expanding adversarial-machine-learning attack classes and warns that AI systems deployed in high-stakes environments remain susceptible to manipulation throughout their lifecycle. (nvlpubs.nist.gov)

Indicator that would alter the judgment: Evidence that regulatory controls, restricted access to capable models and secure engineering materially constrain operational misuse.

Fully autonomous offensive campaigns will remain exceptional through 2031

Assessment: AI will assist human-directed cyber operations, but end-to-end autonomous campaigns capable of selecting strategic targets, obtaining access, maintaining persistence and calibrating escalation without meaningful human oversight will remain rare.

Probability: Likely, 65–79%
Confidence: Moderate

Cyber operations require contextual judgment, adaptation to unique environments and management of political consequences. AI can automate bounded technical tasks, but uncertainty, deception and the risk of uncontrolled effects make unconstrained autonomy strategically hazardous.

Indicator that would alter the judgment: Independently verified use of autonomous agents conducting sustained multi-stage operations against real critical infrastructure with minimal human direction.

Government response will remain effects-based and deliberately flexible

Assessment: NATO and national governments will continue evaluating cyber and space incidents according to consequences, intent, context and cumulative activity rather than announcing automatic thresholds.

Probability: Very likely, 80–94%
Confidence: High

NATO states that a significant cyberattack may, depending on its circumstances, lead to consideration of Article 5 and that attacks to, from or within space may also fall within collective-defense deliberations. The decision remains political and case-specific. (nato.int)

Indicator that would alter the judgment: Publication of predetermined thresholds automatically linking defined space-cyber effects to collective military response.


I. Criminal Monetization of Satellite-System Vulnerabilities

1. The Criminal Business Case

Criminal actors do not need to understand orbital mechanics to profit from the space economy. They need access to assets that have economic value or operational importance. A commercial satellite operator may hold customer records, payment information, proprietary engineering data, government contracts, access credentials, network diagrams, cryptographic material and commercially sensitive Earth-observation products. Its continuity may also be essential to customers who cannot tolerate prolonged loss of service.

The principal criminal revenue models are likely to include:

  • ransomware and service-restoration payments;
  • theft and sale of commercially valuable data;
  • extortion based on threatened disclosure;
  • theft of credentials and privileged access;
  • sale of access to state-linked or criminal buyers;
  • payment diversion and invoice fraud;
  • theft of intellectual property;
  • manipulation of market-sensitive information;
  • fraud involving navigation, tracking or communications services;
  • disruption-for-hire against commercial competitors.

FBI reporting for 2025 recorded more than 3,600 ransomware complaints and reported losses exceeding $32 million. The FBI expressly cautioned that these figures generally exclude lost business, time, wages, files, equipment and many third-party remediation expenses and therefore understate aggregate economic harm. (ic3.gov) The figures are not space-sector statistics, but they establish the wider criminal environment in which satellite operators and their suppliers operate.

A space company may be especially vulnerable to extortion because service availability can carry contractual, public-safety or national-security consequences. Attackers may therefore threaten not only to encrypt corporate information but also to reveal customer relationships, technical weaknesses or evidence of inadequate security controls.

Ransomware Against Space-Sector Enterprises

Ransomware directed solely at ordinary office systems may still disrupt mission operations by affecting:

  • staff communications;
  • engineering documentation;
  • configuration records;
  • software-development environments;
  • customer support;
  • procurement;
  • logistics;
  • terminal activation;
  • billing;
  • incident coordination;
  • access to cloud-hosted data.

The risk becomes more severe where enterprise and mission systems share identity services, administrative tools or backup infrastructure. An attacker who compromises a corporate domain may obtain credentials or network knowledge needed to move toward operational systems, even where direct access is initially unavailable.

Criminal groups increasingly combine encryption with data theft. This creates pressure even when the victim can restore from backups. The joint 2025 advisory concerning Scattered Spider describes extensive social engineering, identity compromise, data exfiltration, extortion and ransomware deployment against large organizations and their help desks. The group has also sought information about defensive investigations by accessing corporate communications. (ic3.gov)

For a satellite operator, a comparable campaign could target:

  1. help-desk personnel;
  2. contractor identities;
  3. cloud-administration accounts;
  4. customer-service platforms;
  5. software-development repositories;
  6. terminal-management credentials;
  7. incident-response communications.

The ability to monitor defenders can allow an intruder to adapt while remediation is underway. Operators should therefore assume that ordinary collaboration platforms may be compromised during a major incident.

Access Brokerage and the Strategic Resale Problem

An initial-access broker may compromise a network for resale rather than exploitation. This creates a market in which criminal access can migrate toward actors with strategic intentions.

A financially motivated intruder may sell:

  • VPN credentials;
  • privileged cloud accounts;
  • remote desktop access;
  • session cookies;
  • contractor identities;
  • exposed application interfaces;
  • access to software-build environments;
  • technical documentation;
  • customer or government relationship data.

The purchaser may be another criminal group, an intelligence service, a proxy or an intermediary whose ultimate sponsor is unknown. The original intrusion may therefore appear opportunistic while the eventual use becomes strategic.

Analytical Assessment

The boundary between criminal monetization and state preparation is not defined by the initial compromise. It is defined by who ultimately acquires the access and how it is used.

This creates three government requirements:

  • rapid reporting of privileged-access compromises;
  • preservation of evidence concerning attempted resale or transfer;
  • intelligence sharing capable of linking apparently unrelated criminal intrusions to state collection priorities.

Data Theft and Market Manipulation

Space-sector data can have economic value beyond the operator’s internal systems. Earth-observation products, maritime tracking, agricultural assessments, infrastructure monitoring and communications metadata can influence commercial decisions.

A criminal actor may seek to:

  • sell non-public imagery;
  • exploit knowledge of delayed or degraded services;
  • manipulate logistics or commodity information;
  • reveal confidential government customers;
  • blackmail customers whose communications were exposed;
  • trade securities using knowledge of a material incident;
  • disrupt a competitor’s customer confidence.

The integrity of data is therefore as important as confidentiality. A sophisticated criminal scheme may alter information rather than steal it, particularly where the victim cannot easily determine which records remain trustworthy.

Criminal Probability Assessment

Criminal pathway2026–2031 probabilityConfidenceExpected impact
Enterprise ransomware against a space-sector companyVery likelyHighModerate to severe
Theft of customer or engineering dataVery likelyHighModerate to severe
Sale of privileged accessLikelyModeratePotentially severe
Destructive attack on terminal fleets for extortionPossibleLow-to-moderateSevere
Direct criminal takeover of spacecraft commandVery unlikelyModeratePotentially catastrophic
Manipulation of space-derived data for financial gainPossibleLowModerate to severe

These are analytical ranges, not incident-frequency forecasts. No comprehensive international dataset supports precise numerical modeling.


II. State-Sponsored Pre-Positioning and Wartime Disruption

Pre-Positioning as a Strategic Method

Pre-positioning means establishing persistent access before a crisis and retaining the option to use it later. The immediate objective may not be intelligence collection or disruption. It may be to create a latent capability.

The Volt Typhoon advisory provides a well-documented example outside the dedicated space sector. CISA and partner agencies assessed that the actors were maintaining access within U.S. critical-infrastructure networks to enable potential disruption of operational functions during a future crisis or conflict. The actors used legitimate tools and “living off the land” techniques intended to reduce detection. (cisa.gov)

Applied to space infrastructure, the same logic would prioritize access to:

  • ground-station administration;
  • satellite-network management;
  • telecommunications gateways;
  • identity systems;
  • cloud environments;
  • software-build pipelines;
  • configuration repositories;
  • terminal-management platforms;
  • supplier remote-access channels;
  • backup and recovery systems.

The attacker may avoid touching spacecraft functions because any visible anomaly could expose the intrusion. Persistent access to less sensitive systems may provide sufficient intelligence to prepare a later campaign.

Operational Objectives During Conflict

A state-sponsored campaign may seek one or more of the following effects:

Degrade Military Communications

Commercial satellite networks increasingly support deployed forces, logistics, intelligence distribution and emergency communications. Disrupting these services can reduce command tempo without attacking a formally military satellite.

Delay Mobilization

Interference with navigation, transportation, ports, energy systems or telecommunications can slow movement and decision-making.

Deny Situational Awareness

Compromising Earth-observation processing, weather data or communications can reduce awareness of battlefield or disaster conditions.

Overload Response Capacity

Simultaneous incidents across space and terrestrial infrastructure can fragment scarce technical and political attention.

Create Distrust

Manipulated data can cause operators to question valid information, reducing effective capacity even after the attacker loses access.

Impose Political Pressure

Cross-border civilian effects can divide alliances over attribution and proportionality.

Conceal Other Operations

Jamming or service disruption can obscure physical movements, cyber intrusion or influence campaigns.

Wartime Campaign Architecture

A sophisticated campaign could unfold in phases.

Phase 1 — Strategic Reconnaissance

  • identify providers serving government and military customers;
  • map suppliers and shared infrastructure;
  • collect employee and contractor information;
  • identify backup providers and recovery logistics;
  • monitor regulatory and incident-reporting relationships.

Phase 2 — Initial Access

  • exploit internet-facing systems;
  • compromise trusted suppliers;
  • steal identities;
  • obtain access through brokers;
  • compromise cloud or telecommunications infrastructure.

Phase 3 — Persistence

  • create hidden identities;
  • establish alternate access routes;
  • compromise backups;
  • manipulate logging;
  • collect credentials and technical documentation;
  • avoid operational disruption.

Phase 4 — Crisis Activation

  • disable terminals;
  • interrupt gateways;
  • corrupt data;
  • obstruct restoration;
  • combine network attacks with jamming or spoofing;
  • target public communications.

Phase 5 — Strategic Exploitation

  • issue misleading attribution narratives;
  • threaten further disruption;
  • exploit alliance disagreements;
  • monitor recovery;
  • retain access for repeated use.

The Hybrid Campaign Problem

Cyber disruption may be one element of a broader campaign including:

  • electronic warfare;
  • physical sabotage;
  • disinformation;
  • diplomatic coercion;
  • legal claims;
  • economic pressure;
  • kinetic strikes;
  • proxy operations.

NATO has emphasized that cyberspace is persistently contested and that malicious cyber activities can form part of hybrid campaigns. The Alliance retains the ability to respond using capabilities beyond the cyber domain. (nato.int)

A government that examines each incident separately may fail to identify cumulative strategic intent. Five individually limited incidents—against a satellite operator, port, electricity provider, telecommunications carrier and government identity system—may collectively indicate preparation for a larger campaign.

Decision Rule

Warning thresholds should evaluate patterns across sectors, not only the severity of a single incident.


III. GNSS Jamming, Spoofing and Integrity Attacks

Why GNSS Is Structurally Exposed

GNSS signals travel from distant satellites and reach receivers at low power. This makes them vulnerable to interference near the receiver. Jamming attempts to block or degrade legitimate signals. Spoofing introduces false signals or manipulated information that a receiver may accept as genuine. GAO has repeatedly identified both techniques as threats to transportation, military operations and other critical functions. (gao.gov)

GNSS dependence extends beyond navigation. Timing derived from satellite systems supports:

  • telecommunications synchronization;
  • electricity-grid monitoring;
  • financial timestamping;
  • data-center operations;
  • transportation;
  • emergency response;
  • industrial control;
  • military coordination.

CISA’s time-resilience guidance advises network operators and senior technology officials to understand enterprise timing dependencies and test resilience rather than assuming continuous GPS availability. (cisa.gov)

Jamming

Jamming creates an availability failure. Effects can include:

  • loss of navigation;
  • degraded approach or routing information;
  • alarms and equipment reversion;
  • inability to synchronize systems;
  • interruption of tracking;
  • increased workload;
  • use of less precise backup methods.

Jamming can be localized, regional or mobile. It may be intentional or caused by unauthorized personal devices, military activity or technical malfunction.

Since February 2022, EASA has observed increased jamming and spoofing, particularly around conflict zones and strategically sensitive regions. Its 2024 safety bulletin stated that both the intensity and sophistication of such events had increased. (EASA)

The strategic attraction of jamming lies in its relative simplicity and deniability. It can create effects without penetrating a network or compromising a satellite. Attribution may depend on geographic, spectrum and intelligence analysis rather than digital forensics.

Spoofing

Spoofing is potentially more dangerous because the system may continue operating with false information.

Possible consequences include:

  • incorrect aircraft position;
  • false maritime location;
  • manipulated system time;
  • misleading vehicle or asset tracking;
  • corrupted survey or agricultural data;
  • erroneous synchronization;
  • concealment of movement;
  • misdirection of autonomous platforms.

EASA distinguishes spoofing from jamming and has updated operational guidance because false signals can affect onboard navigation and require alternative procedures. (EASA)

A receiver may display plausible but incorrect data. Operators can therefore lose confidence not only in the compromised signal but also in the wider navigation system. The resulting uncertainty may persist after the interference stops.

Integrity Attacks Beyond GNSS

The integrity problem extends to:

  • satellite telemetry;
  • command acknowledgments;
  • Earth-observation data;
  • weather products;
  • collision-warning messages;
  • orbital elements;
  • terminal status;
  • cyber alerts generated by automated systems.

An attacker who modifies data can cause an operator to take harmful action without possessing direct command access. Examples include:

  • reporting a spacecraft as healthy when it is degraded;
  • generating false indications of compromise;
  • delaying valid collision warnings;
  • altering geolocation metadata;
  • manipulating imagery-processing outputs;
  • creating false terminal outages to conceal a real intrusion.

Core Principle

Availability failures interrupt decision-making; integrity failures corrupt decision-making.

Government resilience measures must therefore include independent validation sources, authenticated data paths and rules for operating when information cannot be trusted.

GNSS Resilience Architecture

A credible national approach should combine:

  • multi-constellation receivers;
  • authenticated signals where available;
  • inertial navigation;
  • terrestrial timing;
  • network timing;
  • local positioning systems;
  • atomic clocks for critical nodes;
  • interference detection;
  • antenna and receiver improvements;
  • operational procedures;
  • reporting and geolocation of interference;
  • trained human fallback.

The objective is not to make interference impossible. It is to prevent one compromised signal source from becoming an uncontrolled system-wide failure.

EASA and IATA’s 2025 plan emphasized improved reporting, prevention, mitigation and coordination, while EASA’s July 2026 update added operational phraseology, training and capacity measures. (EASA)


IV. Artificial Intelligence and Autonomous Cyber Operations

AI-Enabled Offensive Operations

AI can assist hostile cyber activity by accelerating:

  • target research;
  • identification of exposed infrastructure;
  • analysis of technical documentation;
  • phishing personalization;
  • translation;
  • password and credential analysis;
  • vulnerability triage;
  • malware variation;
  • command-and-control adaptation;
  • processing of stolen data;
  • evasion of fixed detection rules.

The primary near-term effect will be productivity enhancement. Skilled actors can examine more targets, while less-skilled actors can perform tasks that previously required specialist knowledge.

AI will not automatically provide reliable spacecraft expertise. Space systems often use mission-specific architectures, proprietary protocols, unusual constraints and long-lived technologies. A model trained on public information may generate inaccurate assumptions. Human expertise will remain necessary to validate operational effects.

AI-Enabled Defensive Operations

Defenders can use AI for:

  • anomaly detection;
  • correlation of telemetry and cyber logs;
  • prioritization of alerts;
  • malware classification;
  • identity-behavior analysis;
  • detection of unusual commands;
  • automated containment;
  • restoration planning;
  • vulnerability discovery;
  • simulation and red teaming.

DARPA’s AI Cyber Challenge was established to advance AI-enabled systems capable of identifying and fixing software vulnerabilities, demonstrating official interest in autonomous or semi-autonomous defensive cyber capabilities. The strategic value for space systems lies in reducing response time where large constellations generate more data than human teams can examine manually.

However, automated defense can create new failure modes. A model may:

  • block valid commands;
  • misclassify normal anomalies;
  • accept poisoned training data;
  • overreact to deceptive telemetry;
  • suppress evidence;
  • propagate a defective response across an entire fleet.

Adversarial Machine Learning

NIST identifies several broad attack classes relevant to space operations.

Evasion

An attacker modifies input so that a deployed model produces an incorrect classification. In a satellite context, deceptive telemetry or manipulated network behavior could evade anomaly detection.

Poisoning

An attacker corrupts training data, feedback or updates so that the model learns incorrect behavior.

Privacy Attacks

An attacker extracts sensitive information from the model or its training data.

Misuse

A capable model is intentionally used for malicious tasks.

NIST’s 2025 taxonomy states that AI risks span the data, model and deployment lifecycle and that available mitigations have limitations. (nvlpubs.nist.gov)

Autonomous Decision Risk

AI autonomy should be divided into levels.

Level A — Advisory

The system identifies anomalies and recommends action. A human decides.

Level B — Supervised Automation

The system executes predefined actions under human monitoring.

Level C — Bounded Autonomy

The system may act independently within tightly defined limits, such as isolating an account or switching to a backup link.

Level D — Mission Autonomy

The system changes operational plans, modifies constellation behavior or executes cyber countermeasures with limited human involvement.

Level E — Strategic Autonomy

The system selects targets or responses with potential cross-border or escalatory consequences.

Levels A–C are likely to expand through 2031. Levels D and E require much stronger assurance because an attacker may manipulate inputs or exploit the system’s decision logic.

A 2026 NIST research result argued that a fixed set of guardrails cannot be universally robust against adaptive adversarial prompts, reinforcing the need for continuous monitoring and updating rather than reliance on static controls. (NIST)

Minimum Controls for AI in Space-Cyber Operations

Governments and operators should require:

  • documented authority boundaries;
  • deterministic safety constraints;
  • independent validation data;
  • authentication of model updates;
  • separation of training and operational environments;
  • adversarial testing;
  • fallback to non-AI operation;
  • human override;
  • immutable decision logs;
  • limits on self-modification;
  • monitoring for data poisoning;
  • prohibition on unsupervised external counterattack;
  • staged deployment;
  • scenario testing against deceptive telemetry.

Key Judgment — High Confidence: AI should be permitted to accelerate detection and bounded containment but should not independently authorize actions with material orbital-safety, cross-border or escalation consequences.


V. Four Strategic Scenarios for 2026–2031

The following scenarios are mutually differentiated analytical pathways. Their probability ranges are judgmental and should not be interpreted as outputs from a Monte Carlo simulation. The available public evidence does not support reproducible numerical simulation of global space-cyber incident frequency.

Scenario 1 — Persistent Friction

Probability

Likely: 50–65%
Confidence: Moderate

Core Condition

Cybercrime, espionage, jamming and limited disruption continue to increase, but no attack causes prolonged systemic failure across multiple space-service layers.

Causal Chain

  • Commercial space deployment expands.
  • Operators improve security unevenly.
  • Criminals target corporate and customer systems.
  • States conduct espionage and limited pre-positioning.
  • GNSS interference remains common around conflict zones.
  • Most incidents are contained or services are restored.
  • Governments avoid major escalation.

Expected Effects

  • recurring ransomware and data theft;
  • localized communications outages;
  • intermittent GNSS interference;
  • increased insurance and compliance costs;
  • more government warnings and exercises;
  • gradual improvement in resilience;
  • continued underreporting of incidents.

Strategic Implication

The space economy remains functional, but the cost of maintaining trust and continuity rises. Small operators face disproportionate pressure.

Early Indicators

  • rising incident reports without major service collapse;
  • frequent but geographically bounded GNSS interference;
  • improved cross-border reporting;
  • wider adoption of zero-trust architecture;
  • no evidence of coordinated multi-provider compromise.

Disconfirming Indicators

  • discovery of broad pre-positioned access;
  • synchronized failure of several providers;
  • physical damage resulting from cyber manipulation;
  • formal invocation of collective-defense procedures.

Scenario 2 — Pre-Positioned Crisis Activation

Probability

Possible: 20–35%
Confidence: Moderate

Core Condition

A state activates previously established access during a major geopolitical crisis to degrade commercial and government space-enabled services.

Causal Chain

  1. Long-term access is established through suppliers or ground infrastructure.
  2. The actor maps backup systems and government dependencies.
  3. Political or military tensions escalate.
  4. Cyber disruption is combined with jamming and information operations.
  5. Communications, PNT or observation services degrade.
  6. Spillover affects civilian infrastructure and allied states.
  7. Governments face attribution and escalation decisions.

Expected Effects

  • degraded military and emergency communications;
  • disruption of maritime or aviation navigation;
  • congestion of backup systems;
  • replacement-terminal shortages;
  • emergency regulatory measures;
  • sanctions or counter-cyber operations;
  • alliance consultation.

Strategic Implication

Commercial operators become direct participants in national defense continuity, regardless of their formal civilian status.

Early Indicators

  • dormant privileged accounts;
  • access to multiple providers;
  • intrusion into recovery or backup environments;
  • targeting of government-commercial interfaces;
  • increased reconnaissance before a crisis;
  • simultaneous cyber and RF anomalies.

Disconfirming Indicators

  • access is rapidly eradicated;
  • independent providers remain functional;
  • interference lacks strategic timing;
  • evidence supports criminal rather than state intent.

Scenario 3 — Systemic Space-Service Shock

Probability

Unlikely: 8–18%
Confidence: Low-to-moderate

Core Condition

A coordinated operation or common-mode technical compromise disrupts several providers, service categories or geographic regions for an extended period.

Causal Chain

  1. A shared software, cloud, identity or supplier dependency is compromised.
  2. The compromise propagates across multiple operators.
  3. Communications and PNT services degrade simultaneously.
  4. Terrestrial sectors activate backup plans.
  5. Backup capacity proves insufficient or shares the same dependency.
  6. Public confidence declines and governments impose emergency controls.
  7. Recovery requires hardware replacement and international coordination.

Expected Effects

  • widespread operational disruption;
  • aviation and maritime restrictions;
  • financial and telecommunications timing problems;
  • delayed emergency response;
  • market losses;
  • insurance disputes;
  • intense attribution pressure;
  • possible military escalation.

Strategic Implication

Space infrastructure becomes recognized as a systemic financial and national-security risk comparable to major telecommunications or cloud concentration.

Early Indicators

  • compromise of a common supplier;
  • identical anomalies across unrelated operators;
  • synchronized authentication failures;
  • loss of trusted software-signing systems;
  • widespread terminal malfunction;
  • evidence of backup compromise.

Disconfirming Indicators

  • architecture diversity limits propagation;
  • operators isolate affected systems rapidly;
  • terrestrial alternatives maintain essential functions;
  • recovery occurs within hours.

Scenario 4 — Resilience Acceleration

Probability

Possible to likely: 35–50%
Confidence: Moderate

This scenario can overlap partially with Persistent Friction because resilience can improve while hostile activity continues.

Core Condition

Governments and industry convert lessons from KA-SAT, GNSS interference and critical-infrastructure intrusion into enforceable technical and continuity requirements.

Causal Chain

  1. NIS2 and space-specific regulation mature.
  2. Procurement requires secure-by-design architectures.
  3. Governments map hidden space dependencies.
  4. Operators deploy segmented identities, authenticated command systems and independent monitoring.
  5. PNT alternatives and multi-provider continuity improve.
  6. Exercises expose and correct recovery weaknesses.
  7. Incidents continue but produce reduced systemic effects.

Expected Effects

  • faster detection;
  • reduced lateral movement;
  • better supplier transparency;
  • smaller outage areas;
  • improved terminal replacement;
  • coordinated attribution;
  • more selective insurance capacity;
  • higher compliance costs but lower catastrophic exposure.

Strategic Implication

Competitive advantage shifts from constellation size alone to verified continuity, trusted architecture and recovery performance.

Early Indicators

  • mandatory command authentication;
  • government audit of critical suppliers;
  • routine multi-provider exercises;
  • measurable recovery requirements;
  • wider terrestrial timing deployment;
  • independent AI-system assurance.

Disconfirming Indicators

  • regulations remain documentation-driven;
  • supplier opacity persists;
  • exercises repeatedly identify unresolved concentration;
  • small operators exit without secure alternatives emerging.

VI. Indicators, Warning Thresholds and Government Response Options

20. Strategic Indicator Framework

Indicators should be grouped by stage of campaign development.

Stage 0 — Background Risk

  • increase in criminal targeting of aerospace suppliers;
  • rising GNSS interference around conflict regions;
  • exploitation of remote-access technologies;
  • growth in state-linked reconnaissance;
  • publication of hostile doctrine identifying commercial space as military support.

Stage 1 — Focused Reconnaissance

  • repeated scanning of operator infrastructure;
  • spear-phishing against mission personnel;
  • targeting of privileged contractors;
  • collection of technical documentation;
  • reconnaissance of backup providers;
  • attempts to identify government customers.

Stage 2 — Initial Access

  • unauthorized VPN activity;
  • compromised identity-provider accounts;
  • new privileged users;
  • unusual access from supplier networks;
  • modification of software-development systems;
  • persistence in cloud environments.

Stage 3 — Operational Preparation

  • access to terminal-management platforms;
  • tampering with backups;
  • suppression of logs;
  • reconnaissance of command workflows;
  • manipulation of monitoring systems;
  • access across more than one provider.

Stage 4 — Imminent Disruption

  • destructive commands staged but not executed;
  • coordinated GNSS interference;
  • sudden changes in privileged access;
  • attempts to disable incident-response communications;
  • targeting synchronized with military mobilization;
  • adversary information campaigns anticipating service failure.

Stage 5 — Active Strategic Attack

  • simultaneous disruption across providers;
  • corrupted navigation or telemetry;
  • disabled customer terminals;
  • loss of trusted command state;
  • impact on government, defense or emergency services;
  • cross-border spillover.

21. Warning Thresholds

Threshold Green — Routine Hostile Activity

Conditions: Scanning, unsuccessful phishing, isolated jamming or low-level criminal attempts.

Response: Operator-led remediation, normal regulatory reporting, threat sharing and monitoring.

Threshold Yellow — Confirmed Privileged Compromise

Conditions: Unauthorized administrative access, supplier compromise, access to mission documentation or manipulation of security controls.

Response:

  • national cyber authority notification;
  • independent forensic investigation;
  • credential reset and segmentation;
  • review of affected government services;
  • supplier-wide threat hunting;
  • preservation of attribution evidence.

Threshold Orange — Evidence of Pre-Positioning

Conditions: Persistent access without a financial objective, compromise of recovery systems, multi-provider reconnaissance or access linked to state tradecraft.

Response:

  • whole-of-government coordination;
  • intelligence assessment;
  • activation of continuity arrangements;
  • private warnings to allies and providers;
  • enhanced monitoring;
  • preparation of diplomatic and economic options;
  • protection of replacement capacity.

Threshold Red — Coordinated Operational Disruption

Conditions: Significant effects on essential communications, PNT, defense, transport, energy or emergency functions; deliberate cross-border spillover; destructive activity timed to geopolitical crisis.

Response:

  • national crisis management;
  • allied consultation;
  • emergency spectrum and service coordination;
  • activation of sovereign fallback;
  • public communication;
  • coordinated attribution assessment;
  • sanctions, law-enforcement action or counter-cyber measures;
  • consideration of collective-defense implications.

Threshold Black — Strategic or Physical Catastrophe

Conditions: Cyber activity causes deaths, collision, prolonged national-service failure, loss of critical military command or damage comparable to a major physical attack.

Response:

  • emergency national-security decision process;
  • NATO or relevant alliance consultation;
  • assessment of self-defense rights;
  • cross-domain response planning;
  • protection of additional space and terrestrial assets;
  • international notification;
  • measures to control escalation.

NATO’s policy preserves case-by-case judgment and recognizes that significant cumulative cyber activity may in some circumstances amount to an armed attack. It also states that a response need not remain confined to cyberspace. (nato.int)

Government Response Options

Defensive Technical Measures

  • isolate compromised networks;
  • revoke credentials and signing keys;
  • move to protected command channels;
  • activate backup ground stations;
  • switch commercial providers;
  • disable nonessential interfaces;
  • verify spacecraft state independently;
  • deploy alternative timing and navigation;
  • distribute replacement terminals;
  • increase RF monitoring.

Intelligence Measures

  • identify infrastructure and actor relationships;
  • assess whether the incident forms part of a broader campaign;
  • determine whether access remains in other sectors;
  • share indicators with allies;
  • investigate access brokers and proxy networks;
  • assess adversary intent and escalation tolerance.

Law-Enforcement Measures

  • preserve evidence;
  • seize infrastructure where jurisdiction permits;
  • indict identified operators;
  • disrupt payment and laundering mechanisms;
  • coordinate with insurers and affected companies;
  • target access brokers and hosting providers.

Regulatory Measures

  • issue emergency directives;
  • require expanded reporting;
  • order threat hunting;
  • restrict vulnerable products;
  • compel supplier disclosure;
  • require service-continuity measures;
  • suspend unsafe operations where necessary.

Diplomatic Measures

  • private demarche;
  • coordinated public attribution;
  • alliance statement;
  • sanctions;
  • expulsion of officials;
  • international legal action;
  • use of cyber-diplomacy mechanisms.

Economic Measures

  • asset freezes;
  • export restrictions;
  • procurement exclusions;
  • restrictions on implicated providers;
  • financial support for continuity and recovery;
  • emergency acquisition of replacement capacity.

Cyber Countermeasures

Potential cyber responses require legal authority, political control, target validation and escalation assessment. Possible objectives may include disrupting hostile infrastructure, preventing continued attack or collecting evidence. Operational detail should remain restricted.

Military and Collective-Defense Measures

Military options become relevant only when effects, intent and context justify them. They may include enhanced protection, deployment of alternative capabilities, defensive cyber operations, electronic-warfare suppression or broader deterrent measures. NATO retains political discretion over Article 5 and assesses significant cyber and space-related attacks case by case. (nato.int)


Competing Hypotheses

H₁ — Criminal Activity Will Produce the Most Frequent Incidents

Supporting evidence: Ransomware, data theft and identity compromise affect all critical industries and require less specialist space knowledge.

Inconsistent evidence: Frequency does not equal strategic significance; state campaigns may remain undetected.

Assessment: Very likely.
Confidence: High.

H₂ — State Pre-Positioning Will Produce the Highest Strategic Risk

Supporting evidence: Critical-infrastructure campaigns demonstrate long-term access designed for future disruption, and KA-SAT demonstrated conflict-timed satellite-service effects.

Inconsistent evidence: Public evidence of pre-positioning inside named space operators remains limited.

Assessment: Likely.
Confidence: Moderate.

H₃ — GNSS Interference Will Be the Dominant Operational Threat

Supporting evidence: EASA documents sustained increases in jamming and spoofing, especially around conflict-sensitive regions.

Inconsistent evidence: Many incidents produce manageable effects and do not compromise the underlying constellation.

Assessment: Very likely for observable operational disruption.
Confidence: High.

H₄ — AI Will Cause a Qualitative Offensive Breakthrough Before 2031

Supporting evidence: AI accelerates analysis, automation and vulnerability discovery.

Inconsistent evidence: Mission-specific environments, unreliable outputs and escalation risk constrain autonomous use.

Assessment: Possible but not the baseline.
Confidence: Low-to-moderate.

H₅ — Regulation and Resilience Will Contain Systemic Risk

Supporting evidence: CISA, NIST, ESA, EASA and European regulatory measures increasingly address space-specific risk, zero trust, lifecycle security and GNSS resilience. (cisa.gov)

Inconsistent evidence: Implementation remains uneven, supply chains remain opaque and adversaries adapt.

Assessment: Plausible, but insufficient to eliminate major-event risk.
Confidence: Moderate.


Bayesian Update

Hypothesis

H₂: A capable state will use pre-positioned access against commercial or dual-use space infrastructure during a major crisis before the end of 2031.

Prior

Before the KA-SAT incident and public disclosures concerning state pre-positioning in critical infrastructure, the hypothesis was plausible but supported mainly by doctrine, technical possibility and general cyber behavior.

Evidence E₁ — KA-SAT

A state-attributed cyber operation disrupted commercial satellite communications at the beginning of Russia’s full-scale invasion of Ukraine.

Update: Strong upward.

Evidence E₂ — Volt Typhoon

CISA and partners assessed that PRC-sponsored actors were pre-positioning in critical infrastructure for potential operational disruption during a future crisis.

Update: Moderate upward, because the activity was not publicly identified as space-sector compromise but demonstrates relevant intent and method. (cisa.gov)

Evidence E₃ — Expanding Commercial Dependency

Governments and critical sectors increasingly depend on commercial space services, increasing their strategic value.

Update: Moderate upward.

Posterior Assessment

The hypothesis is assessed as likely, 65–79%, with moderate confidence.

The confidence is not high because no public international dataset reveals the extent of undetected access, and classified intelligence likely contains material unavailable to this assessment.


Red-Team Assessment

Assumption: The Largest Constellations Are the Most Attractive Targets

A smaller provider may be more attractive if it serves a strategically important customer, has weaker controls or operates a critical gateway.

Assumption: State Actors Will Always Preserve Access for War

States may use access for espionage, coercion or testing without waiting for conflict. Criminal activity may also destroy access unintentionally.

Assumption: Multi-Constellation GNSS Receivers Guarantee Resilience

Multiple satellite constellations may use overlapping frequencies or face interference within the same geographic area. Receiver diversity must be combined with terrestrial and inertial alternatives.

Assumption: AI Will Favor the Attacker

AI may improve defensive detection and software remediation as much as offensive operations. The balance will depend on data quality, architecture and institutional capacity.

Assumption: Public Attribution Deters Repetition

Attribution imposes reputational cost but may not deter an actor that values the operational effect more highly or believes other consequences will remain limited.

Assumption: Recovery Means the Threat Is Removed

Service restoration does not prove that persistence, supplier compromise or stolen credentials have been eliminated.


Five-Year Outlook

2026

  • GNSS interference remains a persistent civil-aviation and maritime concern.
  • Governments increase operational guidance, training and reporting.
  • Space operators expand zero-trust and segmentation programs.
  • Criminal groups continue targeting identities, cloud services and suppliers.

2027

  • State reconnaissance increasingly focuses on hybrid government-commercial networks.
  • Experimental next-generation navigation and resilience technologies expand.
  • AI-assisted vulnerability discovery becomes more common in offensive and defensive workflows.
  • Regulators demand clearer supplier inventories.

2028

  • At least one major exercise exposes common dependencies across commercial providers.
  • Procurement begins requiring measured recovery performance.
  • Access brokers increasingly sell credentials connected to strategic infrastructure.
  • AI-driven monitoring becomes standard among large operators.

2029

  • Automated constellation operations increase both resilience and common-mode risk.
  • Governments invest in alternative PNT and terrestrial timing.
  • Crisis planning integrates satellite communications, GNSS and cloud outages.
  • Insurance markets differentiate operators according to tested security architecture.

2030

  • Hybrid state campaigns combine cyber intrusion, jamming and influence operations more routinely.
  • Commercial operators become formally integrated into national continuity planning.
  • Autonomous defensive systems gain bounded authority for containment and service switching.
  • Debate intensifies over legal responsibility for AI-mediated operational decisions.

2031

  • The strategic divide is no longer between states that possess satellites and those that do not.
  • It is between states capable of maintaining trusted space-enabled services under attack and states unable to recover without external support.
  • The principal deterrent becomes demonstrated continuity: an adversary gains less from attacking a system that can isolate compromise, authenticate information and restore essential functions rapidly.

Decision Implications

Governments should prioritize the following measures:

  • Treat privileged access to ground and terminal-management systems as a national-security indicator.
  • Require reporting of access-broker activity involving critical space providers.
  • Integrate commercial satellite operators into classified or protected threat-sharing channels.
  • Map dependencies among satellite providers, cloud services, telecommunications carriers and identity platforms.
  • Establish national GNSS interference reporting and geolocation capabilities.
  • Deploy terrestrial and local alternatives for critical timing and navigation.
  • Require independent integrity validation for high-consequence data.
  • Test combined cyber, jamming and physical-disruption scenarios.
  • Maintain replacement terminals, antennas and cryptographic material.
  • Require AI systems to operate within defined authority boundaries.
  • Preserve non-AI fallback for critical mission operations.
  • Prohibit autonomous external cyber counterattack without human authorization.
  • Develop staged warning thresholds shared across cyber, space, defense and transport authorities.
  • Predefine coalition attribution and public-communication processes.
  • Measure resilience by verified continuity and recovery time rather than policy compliance alone.

Evidence and Confidence Note

Evidence is strongest regarding the general criminal threat to critical infrastructure, the strategic pattern of state pre-positioning, the growth of GNSS interference and the vulnerability of AI systems to adversarial manipulation. FBI, CISA, GAO, EASA, NATO and NIST provide authoritative primary material supporting these findings. (ic3.gov)

Evidence is weaker regarding the number of successful but undisclosed intrusions into commercial satellite operators, the prevalence of state access within orbital networks and the future operational effectiveness of autonomous cyber agents. These areas are affected by classification, commercial secrecy, inconsistent reporting and the absence of standardized incident definitions.

The scenario probabilities are structured analytical judgments. They are not calculated frequencies and should be updated when evidence emerges concerning:

  • multi-provider compromise;
  • supplier or cloud concentration;
  • state-linked pre-positioning;
  • autonomous cyber operations;
  • GNSS interference patterns;
  • recovery performance during real incidents.

Principal Analytical Gap

The most consequential gap is the absence of a protected international reporting mechanism that distinguishes among enterprise intrusion, mission-system compromise, RF interference, terminal destruction, data-integrity manipulation and direct spacecraft-command events. Without such a dataset, governments cannot calculate reliable baselines, compare national exposure or determine whether observed growth reflects more attacks, improved detection or increased disclosure.


Copyright of debuglies.com – Even partial reproduction of the contents is not permitted without prior authorization – Reproduction reserved

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Questo sito utilizza Akismet per ridurre lo spam. Scopri come vengono elaborati i dati derivati dai commenti.