Cybersecurity in Orbit: A Deep Dive into ENISA’s Space Threat Landscape and Its Implications for Commercial Satellite Operators

As commercial satellites grow increasingly central to the global economy—from internet connectivity and GPS navigation to financial services and Earth observation—so does the urgency to understand and address their cybersecurity vulnerabilities. This month, the European Union Agency for Cybersecurity (ENISA) published its most comprehensive assessment of the in-orbit cybersecurity outlook, the Space Threat Landscape report, offering operators a detailed threat taxonomy, risk scenarios, and a cybersecurity control framework tailored specifically for commercial satellite systems.

The Space Threat Landscape report identifies the most pressing cybersecurity challenges for commercial satellite operators today: weak cryptographic practices, software misconfigurations, insecure supply chains, and gaps in operational resilience. It maps these threats against specific lifecycle phases—design, assembly, operations, and decommissioning—and offers 125 practical controls, from secure-by-design development practices to zero-trust network models and post-incident recovery protocols. Through three high-fidelity risk scenarios, the report also illustrates how seemingly minor oversights—like an unpatched modem or insufficient segmentation—can become entry points for network compromise, mission disruption, or even full system hijack. For commercial space actors, the message is clear: orbit may be remote, but the risks are immediate.

Why Cybersecurity for Commercial Satellites Can’t Wait

Commercial satellites support essential services in telecommunications, emergency response, remote infrastructure management, and precision agriculture – and global dependence on them is only growing! ENISA’s report notes that commercial operators now own over 60% of active satellites globally, making them not only critical enablers of digital services but also attractive cyber targets.

ENISA Executive Director Juhan Lepassaar underscored the gravity:

“The commercial exploitation of space has become the backbone of key economic activities. Digital threats in space are therefore highly critical. Besides, their cascading effect have also the potential to induce geopolitical tension. This is why commercial satellites must be cyber secured at all cost.”

In other words, commercial satellites are no longer just technical assets—they are geopolitical fault lines.

A Lifecycle View of Vulnerabilities

ENISA’s report adopts a structured model that divides the commercial satellite lifecycle into seven phases. Each phase introduces specific assets, actors, and potential vulnerabilities, many of which persist or compound across subsequent stages. Understanding these lifecycle touchpoints is critical to implementing targeted security controls.

1. Design & Development
This phase involves defining system requirements, mission goals, and architectural concepts. If security considerations—such as secure coding practices and threat modeling—aren’t embedded early, foundational weaknesses can remain throughout the satellite’s lifecycle.

2. Assembly
At this stage, hardware and software components are integrated. Poor supply chain security or insufficient vetting of third-party components (including COTS) can introduce vulnerabilities that are difficult to detect or remediate post-launch.

3. Pre-Launch
Pre-launch includes system integration, final testing, and transport to the launch site. Physical access risks, misconfigurations, or insufficient validation of cryptographic systems during this phase can compromise satellite integrity before it ever reaches orbit.

4. Launch
During launch and early orbit operations, satellite control passes between teams and organizations. This handover period is particularly sensitive; mismanaged access controls or insecure ground infrastructure can create exploitable windows for attackers.

5. In-Orbit Testing
Operators validate the satellite’s functionality and confirm system integrity in space. If threat actors gain access during this phase—through compromised telemetry or protocol exploits—they can interfere with mission setup or disable protective features.

6. Operations
The satellite performs its core functions, from data acquisition to communications. Operational vulnerabilities include exposed telemetry links, firmware update procedures, or insufficiently segmented networks that allow for lateral movement or hijacking.

7. Decommissioning
End-of-life procedures include repositioning or retiring the satellite and securely erasing sensitive data. Improper decommissioning can result in lost control, hijacked satellites, or persistent data exposure, especially if secure data disposal and access revocation aren’t enforced.

The report emphasizes the need for “security by design” and “security by default” across all lifecycle stages. Failing to embed cybersecurity into the earliest phases can expose systems to legacy threats that become difficult to patch once the asset is in orbit. Each phase carries risks, but ENISA’s model highlights how early-stage decisions cascade into long-term resilience—or fragility.

Threats Are Real—and Growing

The space domain faces an evolving and underreported cybersecurity threat environment. According to ENISA’s analysis of Space Threat Trends, cyberattacks on satellites have steadily targeted commercial and government systems alike, with jamming, hijacking, and network exploitation among the most common tactics. Despite a significant increase in satellite launches—over 2,500 in 2023 alone—there is still a lack of consolidated data on cyber incidents in space, largely due to underreporting and attribution challenges. This gap has hindered the industry’s ability to respond proactively. However, the landscape is shifting toward greater visibility and coordination with the inclusion of space under the EU’s NIS2 Directive and the creation of the EU Space Information Sharing Analysis Centre (ISAC) in 2024.

The report notes that threat actors are increasingly diverse, ranging from state-aligned entities to individual insiders. Each group brings different motivations and capabilities, but all pose real risks to satellite infrastructure across its lifecycle.

ENISA categorizes space threats across several vectors: nefarious activity and abuse; eavesdropping, interception, and hijacking; physical attacks; unintentional damage; failures or malfunctions; outages; disasters; and legal. Key threat actors include:

State-Nexus Actors

State-backed or state-aligned groups use advanced tools and extended planning cycles to conduct espionage, disrupt services, or achieve geopolitical aims. They often target satellite command systems or intercept communications for strategic advantage.

Cybercrime and Hacker-for-Hire Actors

These actors pursue financial gain by exploiting satellite systems for extortion, fraud, or data theft. Hacker-for-hire operations also offer their services to clients, including states, enabling deniability and broader access to tailored intrusion capabilities.

Private Sector Offensive Actors (PSOAs)

PSOAs specialize in developing and selling cyber weapons and surveillance tools to governments and corporations. Their products can enable unauthorized access to satellite systems, particularly through zero-day exploits or firmware manipulation.

Hacktivists / Civil Activists

Motivated by ideology, these groups seek to expose data, disrupt commercial operations, or make political statements. While often less technically sophisticated, their actions can still cause significant reputational or operational damage.

Hackers (General Category)

This broad group includes individuals or loosely organized collectives with varying motivations and capabilities. It encompasses cyber vandals, blackhat hackers, and script kiddies who may exploit vulnerabilities simply because they can.

Disgruntled Employees / Insider Threats

Individuals with legitimate access to satellite systems—employees, vendors, or former staff—can intentionally or unintentionally cause harm. Insiders often have privileged knowledge of system architecture, making their actions difficult to detect and mitigate.

Untrained or Negligent Employees

Operators without adequate cybersecurity training may inadvertently expose systems through poor password hygiene, mishandled credentials, or misconfigured interfaces. These accidental exposures remain a leading cause of system compromise.

Understanding these actor profiles is critical for prioritizing risk mitigation strategies. ENISA emphasizes that targeted attacks do not always require significant resources—vulnerabilities introduced by weak design, inadequate training, or insufficient network segmentation can enable a range of threat actors to achieve disproportionate impact.

Critical Risk Scenarios

Three high-fidelity cybersecurity risk scenarios form the analytical heart of the report. These scenarios serve as practical illustrations of how common vulnerabilities—spread across hardware, software, supply chains, and operational practices—can escalate into full-spectrum security incidents. By simulating realistic attack paths based on known tactics, techniques, and procedures (TTPs), the report translates abstract threat taxonomies into actionable insight for satellite operators, system architects, cybersecurity teams, and regulators. These examples are not exhaustive, but they provide a representative sample of how specific failures in governance, design, or execution can cascade into mission-critical disruptions.

1. Protocol Compromise via Social Engineering A targeted phishing attack leads to lateral movement within a satellite control network. Poor segmentation and exposed credentials allow an attacker to hijack telemetry links and potentially take control of satellite command functions.
2. Malware Injection During Assembly Physical access during manufacturing enables a malicious actor to inject dormant malware via USB. Once in orbit, the software exploits weaknesses in onboard computers and causes resource exhaustion, disrupting operations and enabling potential hijacking.
3. Unsecured COTS Deployed Post-Disaster After a natural disaster damages ground assets, operators bypass security vetting to restore services quickly. Unpatched COTS equipment with exposed ports invites remote intrusion, allowing attackers to perform man-in-the-middle attacks and ransomware injection.

Together, these scenarios show that cyber risk in space is not confined to the orbital environment. Most vulnerabilities begin on Earth—through unsecure engineering practices, supply chain weaknesses, misconfigured ground equipment, or human error. Threat actors rarely need direct access to satellites; instead, they exploit the expansive, interconnected ecosystem supporting them. These cascading vulnerabilities blur the line between IT and space systems, demanding that operators treat terrestrial and orbital systems as a single, integrated security surface.

For commercial space firms, the takeaway is clear: cybersecurity must be embedded across the entire satellite lifecycle—from design and procurement to launch, operations, and retirement.

Recommended Controls: A Structured Framework

The cybersecurity control framework developed and provided by ENISA is designed to translate high-level threat analysis into specific, actionable defenses that commercial satellite operators can adopt across the full satellite lifecycle. Composed of 125 controls grouped into 18 control clusters, the framework is tailored to the technical and operational realities of the space sector, including the use of commercial off-the-shelf (COTS) components, distributed operations, and increasing reliance on third-party ground services.

Rather than acting as a prescriptive checklist, the framework functions as a modular toolkit that operators, integrators, and regulators can adapt to mission-specific needs. Controls are mapped to the threat taxonomy and lifecycle phases identified earlier in the report, allowing users to trace risks to specific processes, assets, and entry points. To support implementation, ENISA provides the framework in structured, machine-readable format, along with an interactive tool for visual exploration via GitHub. The goal is to enable better prioritization, faster mitigation, and stronger organizational alignment around cyber resilience.

Summary of Control Clusters

1. Policies and Procedures
Ensures cybersecurity governance is clearly defined, documented, and embedded in daily operations through organizational policies, responsibilities, and security processes.

2. Compliance
Addresses regulatory alignment with EU cybersecurity directives and international standards, including auditing practices and legal accountability across jurisdictions.

3. Risk Management
Promotes structured risk identification, threat modeling, and impact assessment to inform decisions on mitigation, resource allocation, and contingency planning.

4. Security by Design and by Default
Encourages secure coding, system architecture, and configuration management from the earliest design stages to prevent vulnerabilities from becoming embedded.

5. Environmental and Physical Security
Protects ground facilities, transport operations, and launch infrastructure from unauthorized access, tampering, or physical sabotage.

6. Network Security
Focuses on securing communications through authenticated encryption, network segmentation, port control, and disabling unnecessary services and interfaces.

7. Data Security
Secures data in storage, transit, and use through asset classification, integrity assurance, secure backups, and data loss prevention measures.

8. Vulnerability Management
Implements ongoing scanning, patching, software integrity checks, and malware protection to detect and remediate technical flaws before exploitation.

9. Access Management (Zero Trust)
Applies least-privilege and identity-based access controls for both physical and digital assets, enforcing strict verification across all access requests.

10. Asset Management
Maintains a real-time inventory of systems, software, and hardware, prioritizing assets based on criticality, mission function, and lifecycle status.

11. Supply Chain Management
Ensures third-party vendors and COTS components are evaluated, tested, and monitored for security compliance across sourcing, integration, and updates.

12. Monitoring and Alerting
Supports detection of anomalies, intrusions, or performance deviations through real-time telemetry monitoring, SIEM deployment, and event logging.

13. Incident Response
Defines thresholds, protocols, and responsibilities for identifying, containing, and recovering from cybersecurity incidents, including external communication.

14. Business Continuity and Disaster Recovery
Builds resilience through backup capacity, redundant systems, and defined recovery procedures to sustain or restore operations under adverse conditions.

15. Capacity Building
Promotes training, awareness, and cross-sector knowledge sharing, helping staff and partners recognize threats and implement cyber hygiene best practices.

16. Testing
Encourages red teaming, simulated attacks, and validation of hardware and software defenses to identify gaps and strengthen security posture pre-deployment.

17. Continuous Improvement
Uses feedback loops from audits, tests, and incidents to refine and update security processes, ensuring adaptability to evolving threats and operational changes.

18. Defense Capabilities
Includes advanced resilience measures such as satellite maneuverability, jamming/spoofing countermeasures, and decoy systems to mitigate active threats in space.

By mapping each control to specific threats, lifecycle phases, and operational dependencies, the ENISA framework helps commercial satellite stakeholders move from abstract risk awareness to concrete action. It also bridges a regulatory gap in the sector by aligning technical guidance with the cybersecurity expectations emerging under the NIS2 Directive and the Cyber Resilience Act. For companies aiming to scale, insure, or partner in the EU market, adoption of this framework—or an equivalent—will likely become a baseline requirement for market credibility and operational trust.

The Policy Backbone: NIS2 and CRA

The regulatory context also matters. As of January 2025, the NIS2 Directive classifies space as a sector of “high criticality,” requiring satellite operators to meet cybersecurity obligations—including incident reporting and secure supply chain practices.

In parallel, the Cyber Resilience Act (CRA) extends EU-wide cybersecurity standards across all digital products, including those used in space systems. These legislative actions are not optional guidelines—they are enforceable mandates.

To support coordination, the newly established EU Space ISAC (Information Sharing and Analysis Centre) will serve as a hub for threat intelligence and shared learning. ENISA holds an observer role in the ISAC, contributing data from its assessments to inform strategic responses.

Implications for Commercial Operators and Investors

For commercial operators, this report presents both a roadmap and a warning. Satellite infrastructure must be treated as critical national infrastructure, with corresponding risk management, security controls, and compliance structures.

For investors, the report highlights a growing regulatory and technical bar for participation in commercial space. Due diligence must now include cybersecurity maturity, lifecycle resilience, and conformance to evolving standards like NIS2 and CRA.

The Space Threat Landscape report is not speculative—it is a technical and regulatory call to action. For commercial satellite companies operating in an increasingly contested and interdependent orbital economy, cybersecurity must become a core competency, not a bolt-on function.

As ENISA makes clear, commercial space infrastructure is no longer an edge case in cybersecurity—it is the new frontline.