The commercial exploitation of space has become the backbone of key economic activities. Digital threats in space are therefore highly critical. Besides, their cascading effect have also the potential to induce geopolitical tension. This is why commercial satellites must be cyber secured at all cost.
Why does space cybersecurity matter?
Commercial satellites are integral to a wide range of services we enjoy in our everyday life. They operate by transmitting and receiving data over extremely long distances and can also ensure reliable internet connectivity.
The services commercial satellites provide cover telecommunications, financial transactions, cable and network television and use of GPS for navigation. They also enable the monitoring of land and water resources, weather forecasts or the remote management of critical infrastructures. Satellites are therefore key assets of our economy.
Because they are connected to the daily operations of our digital world, they can therefore be the target of cybersecurity threats and/or be impaired by vulnerabilities.
In 2022, the Viasat satellite hack shut down tens of thousands of modems across Europe. Several countries were impacted with widespread disruptions of communications and emergency services as well as other related economic activities. The cascading effect of cybersecurity incidents on satellites can stretch the surface attack beyond both sectors and borders.
Besides, the number of satellites placed into orbit every year is growing exponentially. With a current average of 2800 satellites launched yearly, the potential for harmful effects of any loss of capability is much increased. Space assets are further exposed to cyberattacks due to developing trends such as software-defined satellites or due to the use of off-the-shelf and open-source hardware and software components or the development of quantum technologies.
In addition, even if the commercial use of these technologies is intended to support civilian services, any of such space objects could be weaponised and targeted as part of geopolitical warfare. As a consequence, addressing the risks and threats faced by the space industry in a comprehensive way has therefore become urgent.
The Space Threat Landscape report in a nutshell
The report includes an overview of the satellite lifecycle model and actors, of asset taxonomies and of space threats. In addition, a risk assessment analysis was performed using four risk scenarios to address the threats identified in the threat taxonomy. Finally, the report provides an extended cybersecurity control framework tailored to the needs of commercial satellite operators. This framework, composed of a total of 125 items divided into 35 sub-categories, is to be found in the report’s annexes.
To facilitate practical implementation, the framework data are provided in a structured, digital format, alongside an interactive tool for exploration and analysis.
All resources are available via GitHub.
Threat actors of space systems or objects include state-nexus actors, cybercrime and hacker-for-hire ones, private sector offensive actors (PSOA), Hacktivists or civil activists among others.
Main threats include:
- Jamming;
- Hijacking;
- Computer Network Exploitation.
Main recommendations include:
- Information sharing and reporting: timely awareness of vulnerabilities;
- The introduction of minimum industry standards based on “security by design” and “security by default”;
- Ensuring robust supply chain security as provided for by the NIS2 Directive to implement stricter controls throughout the supply chain lifecycle;
- Analysis and testing before introducing components into the production environment;
- Deployment of effective, validated and tested encryption measures.
The report is also intended to pave the way to a comprehensive cybersecurity strategy and legislation for the sector tailored to protect public interests without hindering performance and innovation.
How does legislation help to cyber secure satellites?
In Europe, the NIS2 Directive includes space among the sectors of high criticality because of the wider reach that space operations may have. Indeed, the cascading effect of a cyberattack is likely to cause collateral damage cross-sectors and beyond borders both within the EU and around the world. The risks are even further extended as the space sector also encompasses operators of ground-based infrastructures in support of space-based services as well as telecom operators.
Satellite operators are governed by national rules and regulations. However, the whole sector needs now to abide to a high-level set of obligations pertaining to the cybersecurity aspect of the equipment operated.
To meet this objective, the EU Space Strategy for Security and Defence was adopted in 2023. As a result, an EU Space Information Sharing Analysis Centre (EU Space ISAC) was established in 2024 to improve collaboration and information sharing. ENISA has an observer role in the EU Space ISAC.
In the meantime, the Cyber Resilience Act (CRA) is expected to have significant impact on the development, operations and decommissioning of space systems. This is because the regulation is driven by the objective to have all products with digital elements placed on the EU market comply with biding cybersecurity standards applicable throughout their lifecycles.
The European Cooperation for Space Standardization (ECSS) also released a number of technical standards and guidelines in July 2024.
- ENISA Space Threat Landscape
- LEO SATCOM Cybersecurity Assessment – ENISA report February 2024
- ENISA topics – Cybersecurity of Critical Sectors
Source – ENISA
UN agencies warn of satellite navigation jamming and spoofing
Geneva, 26 March 2025
Global satellite navigation systems are at risk from increasingly frequent jamming and spoofing of signals, threatening the safety and security of ships and aircraft worldwide.
The United Nations agencies for telecommunications, aviation and maritime shipping have called for urgent protection of the radio navigation satellite service (RNSS) that supports accurate global navigation and timekeeping.
ITU, together with the International Civil Aviation Organization (ICAO) and International Maritime Organization (IMO), issued a joint statement expressing “grave concern” about the rising cases of harmful interference.
Reported RNSS jamming and spoofing incidents indicate a growing threat to positioning, navigation and time services on land, at sea and in the air.
- Jamming refers to unauthorized transmissions of radio signals at the same frequency as authorized services, often to evade tracking or for security or defence purposes or.
- Spoofing involves fake signals mimicking authorized services, potentially misleading and endangering ships or aircraft.
The ITU Radio Regulations Board, on 21 March, urged specific administrations to abide by the ITU Constitution, the Radio Regulations, and take necessary actions to investigate and stop harmful interference affecting neighbouring territories.
Vital navigation services
Satellites transmit precise navigation, positioning, and timing information, making them vital for civil and humanitarian purposes worldwide. Global navigation satellite systems – namely the US-owned Global Positioning System (GPS), the European Union’s Galileo, Russia’s GLONASS, and China’s BeiDou – all hinge on reliable RNSS.
Key radio navigation functions include:
- Navigation and positioning – used to determine precise locations in aviation, maritime, and land-based transportation.
- Timing and synchronization – providing accurate time signals for financial transactions, communication networks, and power grids.
- Civil and humanitarian applications – supporting disaster response, search-and-rescue operations, and various scientific applications.
However, growing dependence on satellite-based navigation heightens the risk of interference – whether accidental or intentional.
Reinforcement needed
In response to increasing incidents, the specialized agencies have laid out a multi-pronged approach for countries to keep the radio navigation satellite service operating reliably.
Together, they are calling for:
- Protection against harmful interference:
ITU, ICAO, and IMO urge their member states worldwide to take necessary measures to prevent satellite systems from suffering harmful interference. Such interference can degrade, interrupt, or mislead signals, with potentially catastrophic consequences for aviation, maritime operations, and other civilian uses.
- Enhancing system resilience:
Nations are encouraged to reinforce the resilience of systems that depend on satellite systems for navigation, positioning, and timing. This includes implementing strategies to withstand and mitigate the effects of interference on these critical services.
- Maintaining conventional navigation infrastructure:
Recognizing the risks of service disruptions, the organizations call for the retention of sufficient conventional navigation infrastructure as a contingency support system in the event of radio navigation satellite service outages or misleading signals. Additionally, they recommend developing mitigation techniques to counteract service loss.
- Fostering interagency collaboration:
Effective coordination is needed between radio regulatory bodies, civil aviation authorities, maritime organizations, defence agencies, and law enforcement to enhance monitoring, strengthen response efforts, and tackle interference threats more efficiently.
- Reporting and monitoring interference incidents:
To better understand and combat harmful interference to RNSS satellite systems, national administrations are advised to report cases of harmful disruptions to relevant international telecommunication, aeronautical, and maritime authorities. All such reports should also go to the ITU Radiocommunications Bureau, which continuously monitors and assesses interference trends globally.
Global implications
Satellite-based navigation supports security and economic activities globally.
The collective call to action from ITU, ICAO, and IMO underscores the urgency of preserving RNSS integrity to safeguard critical navigation services from disruption.
Continued safety and efficiency in aviation, maritime, and other essential sectors depends on enhanced protective measures, infrastructure resilience, and global cooperation.
As technology continues to evolve, countries worldwide must take proactive measures to maintain the reliability of satellite systems and mitigate the risks associated with interference.
The future of global navigation, transportation, and communication depends on it, according to the three UN specialized agencies issuing the call to action.
Role of ITU
The ITU Constitution imposes binding obligations on Member States to manage their radio services under international regulations.
Specifically, Article 45 of the Constitution states: “All stations, whatever their purpose, must be established and operated in such a manner as not to cause harmful interference to the radio services or communications of other Member States or of recognized operating agencies, or of other duly authorized operating agencies which carry on a radio service, and which operate in accordance with the provisions of the Radio Regulations.”
Additionally, Article 47 emphasizes the collaboration among Member States to prevent the transmission of false or deceptive signals: “Member States agree to take the steps required to prevent the transmission or circulation of false or deceptive distress, urgency, safety, or identification signals, and to collaborate in locating and identifying stations under their jurisdiction transmitting such signals.”
The three organizations span the globe, with memberships encompassing almost every national government. Currently, ICAO has 193 member states and IMO has 176 (plus 3 associate members), while ITU includes 194 member states plus over 1000 companies and organizations involved in key sectors such as radiocommunications.
The ITU Radiocommunication Bureau has noted rising interference since 2019 and previously warned about risks to global navigation services in 2022, as well as at the last World Radiocommunication Conference (WRC-23).
See ITU’s 25 March 2025 press release
For further reading: FAQ on Global Navigation Satellite Systems (GNSS)
Source – ITU