![\"\"](\"https:\/\/i0.wp.com\/spacenews.com\/wp-content\/uploads\/2025\/11\/Deloitte-1_in_Orbit-1-scaled.jpeg?ssl=1\")
<\/a>The Deloitte-1 satellite was launched to orbit in March 2025 on a SpaceX Falcon 9 rocket to use space-enabled data for client insights and to test its Silent Shield cyber defense system. Credit: Deloitte<\/p>\nTimothy Zentz, vice president of cyber offense and defense at Nightwing, offered a similar view.<\/p>\n
Requirements like CRMC are \u201ca necessary thing that the government should do and implement, but our belief is that it\u2019s incomplete. It\u2019s a good first step.\u201d<\/p>\n
Zentz\u2019s company, Nightwing, is a defense and intelligence contractor focused on cybersecurity. The company was previously part of Raytheon\u2019s cybersecurity and intelligence business unit and was acquired last year by a private equity firm and spun off as an independent company.<\/p>\n
Many defense systems will pass the compliance checks, but the reality is that there are \u201cwell funded, capable adversaries looking at that system and identifying vulnerabilities in it,\u201d Zentz told SpaceNews. \u201cEven for the RMF certified systems, we are focused on working with our customers to look for those unknown vulnerabilities, so that they can be remediated before that system sees a cyber-contested environment.\u201d<\/p>\n
The bottom line is that the world \u2014 and all of the space infrastructure that supports global activities \u2014 is changing, Zentz said. \u201cSpace is becoming a more active domain. There\u2019s more and more assets in space used for our day-to-day services,\u201d he added. The more ground stations, the more space assets are in orbit, \u201cthe bigger that attack surface is for adversaries to exploit.\u201d<\/p>\n
Based on his experience at Nightwing and previously at Raytheon, Zentz said he expects that \u201cthe threats are probably advancing more rapidly than the solutions.\u201d<\/p>\n
Cyber and space warfare<\/p>\n
One illustration of how closely connected the cyber and space domains are is the Salt Typhoon campaign that began a few years ago as a cyber operation targeting telecommunications companies, but expanded in scope to include an attack on a satellite communications provider.<\/p>\n
This campaign, attributed to a Chinese state-sponsored hacking group, initially breached U.S. telecom providers such as Verizon, AT&T, T-Mobile and others, compromising core network components. By mid-2025, the campaign extended to the satellite communications sector. Viasat was one of the telecommunications providers targeted but the unauthorized access did not affect the company\u2019s services and company officials said customer data was not breached.<\/p>\n
But the incident showed the campaign\u2019s reach and sophistication in going after critical communication infrastructure beyond traditional telecom networks.<\/p>\n
A cyberattack against Viasat\u2019s ground network during Russia\u2019s invasion of Ukraine in 2022 has become something of a teaching moment in the space community. That event demonstrated how adversaries can achieve strategic objectives without directly targeting satellites, said Ron Bushar, managing director and chief information security officer at Google Public Sector.<\/p>\n
Russian actors targeted the ground-based satellite infrastructure \u2014 the KA-SAT terrestrial network, specifically modems used by thousands of customers.<\/p>\n
\u201cWe were on the front lines in cyber during the invasion of Ukraine, and the first indicators of the operation were outages for commercial satellite systems,\u201d Bushar said at the Air Space & Cyber Conference. Further investigations revealed that the Russians had been planning to target the modem systems for about six to eight months prior to the invasion. \u201cIt was more of a tactical exercise on their part, in preparation for combat operations,\u201d he said.<\/p>\n
The Russians could have taken a much more sophisticated approach and attempted a \u201ccutting edge sort of attack in space, but it wasn\u2019t necessary,\u201d Bushar said. \u201cThey were able to target very specifically just the modems and just the downlinks in the country, nowhere else. It was very precise, and it was effective.\u201d<\/p>\n
Ransomware nightmare<\/p>\n
Companies also increasingly worry about ransomware attacks against a satellite network that would focus on compromising either ground systems or the satellite\u2019s command-and-control software, locking those functions until ransom is paid.<\/p>\n
\u201cImagine a ransomware attack against a large constellation of satellites, what that could mean, and how lucrative that could be for a criminal,\u201d said Ryan Roberts, a principal at Deloitte who runs the Silent Shield program.<\/p>\n
\u201cWe should require that each new satellite that goes up into orbit have a basic level of cyber protection on it,\u201d he told SpaceNews.<\/p>\n
He said the deployment of Silent Shield is yielding significant data and lessons that Deloitte is leveraging as it continues to build more satellites with internal investment funding in a partnership with satellite manufacturer Spire Global.<\/p>\n
Roberts explained that Silent Shield is an out-of-band cyber intrusion detection system, which ensures that the payload doesn\u2019t create more risks to the mission. Out of band means that if the Silent Shield payload were infiltrated by a virus or other cyber weapon, it wouldn\u2019t be able to use that foothold to attack the satellite itself. Deloitte-1 has several operational missions aboard.<\/p>\n
\u201cIt is a one way connection, so it only ingests traffic coming off of the satellite. It cannot insert any traffic into the satellite,\u201d Roberts said.<\/p>\n
That was by design, he added, \u201cbecause we didn\u2019t want to do the adversary\u2019s job for them and introduce additional cyber risk into the satellite.\u201d<\/p>\n
Roberts said Deloitte started thinking about the cyber challenges in space years ago as more clients sought help protecting their systems.<\/p>\n
At the beginning \u201cwe were engineering and implementing sort of bespoke cyber capabilities for ground segments,\u201d he said. \u201cAbout five years into that journey, it occurred to us that while we were getting after the ground segment and we were helping to lower cyber risk there, that we were continuing to launch satellites into orbit.\u201d<\/p>\n
While satellites are certainly engineering marvels, he noted, \u201cthey are essentially computers with solar panels on them, and yet they lack even the most basic cyber protections.\u201d<\/p>\n
Many threat profiles<\/p>\n
To test the cyber defense that is now operating on Deloitte-1, the company designed 20 different threat profiles based on the so-called SPARTA framework created by The Aerospace Corporation, Roberts said. \u201cWe\u2019re actually launching those cyber attacks against our own Deloitte-1 vehicle to see if Silent Shield can actually detect them.\u201d<\/p>\n
SPARTA, short for Space Attack Research and Tactic Analysis, is a tool that provides unclassified information to space professionals about how spacecraft may be compromised via cyber means.<\/p>\n
So far, he said, Silent Shield has passed the first seven of the 20 tests. \u201cWe\u2019re starting from the least complex to the most complex in terms of cyber attack,\u201d he said.<\/p>\n
Because so many systems today lack cyber protections, they are vulnerable to even the least complex hacks, such as ARP spoofing or so-called \u201cman in the middle\u201d type attacks, said Roberts.<\/p>\n
ARP spoofing is a technique where an attacker pretends to be a friendly communicator sending commands to a satellite. \u201cThe satellite doesn\u2019t know the difference. It trusts all the traffic on that bus as being friendly traffic,\u201d he said. \u201cAnd that is a relatively basic cyber attack that we see on terrestrial systems all the time.\u201d<\/p>\n
Two paths forward<\/p>\n
Deloitte is also developing a software-based Silent Shield known as a massless payload. Roberts said a software-only payload might be the best option for legacy satellites that can\u2019t be modified with new hardware. \u201cHow do we get some modicum of cyber protections to those legacy satellites in orbit today,\u201d he added. \u201cWe think the massless version, a software package that we could upload, is the solution to that problem.\u201d<\/p>\n
The challenge of protecting legacy spacecraft has emerged as a critical concern across the industry. While older satellites can sometimes be retrofitted with encryption, the process is technically complex and highly dependent on the hardware and software capabilities of the original satellite design. In many cases, newer cryptographic solutions and software-reprogrammable end cryptographic units can provide ground-to-space encryption for the telemetry and commanding links.<\/p>\n
The industry is responding with multiple approaches. Viasat in September announced it is developing a new space-based encryption solution to support data security for U.S. Space Force satellites. The company was contracted to build a next-generation cryptography solution to secure sensitive data from space-to-ground. The effort represents a complementary strategy to systems focused on intrusion detection.<\/p>\n
But because there isn\u2019t a lot of available power on legacy satellites, a cyber defense software application could be designed, for example, to only operate once a day for a short time. \u201cThat\u2019s not optimal,\u201d Roberts said, but for a legacy satellite it would provide more protection than it currently has.<\/p>\n
The next eight Deloitte satellites will be launched in clusters of two, three and three over the next 18 months. The first five will have the massless version of Silent Shield. The last three will have the hardware payload and will operate as a network with inter-satellite links to demonstrate what happens if a cyber attack hits one satellite and then laterally moves into the other ones.<\/p>\n
Commercial-government convergence<\/p>\n
While historically concerns about cybersecurity have focused on government and military space systems, most of the satellites projected to fly to orbit in the foreseeable future will be owned and operated by private companies.<\/p>\n
Roberts referenced a recent \u201cState of the Space Industrial Base\u201d report published by U.S. defense agencies that points out that largest investors in the new space economy are \u201cFortune 500 companies who understand how to turn new space capabilities into products, software and services that give them a strategic advantage in the global marketplace.\u201d<\/p>\n
With so many constellations now in orbit, that \u201cincreasingly makes them a juicier target for our cyber adversaries that are not just nation states, but cyber criminals who may want to leverage space for their own return on investment,\u201d he said.<\/p>\n
These concerns can\u2019t be isolated on the commercial side or the government side of the space ecosystem, Roberts said. \u201cThere is a lot of overlap there,\u201d which he said is a positive development as the government leverages more commercial innovation. \u201cBut from a cyber perspective, it\u2019s not as easy to say that\u2019s a government cyber risk, or that\u2019s a commercial cyber risk. I think we have to start to bundle them together.\u201d<\/p>\n
Deloitte is marketing Silent Shield to commercial firms and also to the U.S. Space Force as a training tool that service members could use to prepare for real-world cyberwarfare.<\/p>\n
AI-enabled future<\/p>\n
There is likely to be much more AI-driven automation in cybersecurity going forward, Roberts said.<\/p>\n
Although computers can autonomously detect threats and alert an operator on the ground, humans then have to do something about it. In the future it might be possible to detect an anomaly on the satellite, and have AI turn off a port, shut off a payload, put the vehicle in safe mode or take other actions that the system was pre-approved to conduct.<\/p>\n
\u201cAI is sort of purpose built for those sorts of things,\u201d he said. \u201cToday we are taking the traffic off of Deloitte-1 and we are using the data to train AI models on the ground,\u201d he said. However, the computing required to do AI at the edge is \u201cvery hungry, and uses a lot of energy,\u201d he said. When more computing power is available on satellites, \u201cit will help us get to a point where we can put those AI models at the edge.\u201d<\/p>\n
Roberts predicts the technology will evolve to where the AI can understand what is normal about the satellite better than a human could. <\/p>\n
This article first appeared in the November 2025 issue of SpaceNews Magazine with the title \u201cProtecting satellites from cyberattacks before hackers get there first.\u201d<\/p>\n
\n\tRelated<\/p>\n","protected":false},"excerpt":{"rendered":"A small satellite named Deloitte-1 is hunting for hackers in orbit. Launched in March, it\u2019s the first of…\n","protected":false},"author":2,"featured_media":165311,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[270],"tags":[7240,982,10914,18,16890,8420,19,17,133,3977,451],"class_list":{"0":"post-165310","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-space","8":"tag-cyberattack","9":"tag-cybersecurity","10":"tag-deloitte","11":"tag-eire","12":"tag-feature","13":"tag-from-the-magazine","14":"tag-ie","15":"tag-ireland","16":"tag-science","17":"tag-sn","18":"tag-space"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@ie\/115500535208512381","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/165310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/comments?post=165310"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/165310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media\/165311"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media?parent=165310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/categories?post=165310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/tags?post=165310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}