ESA Director General Josef Aschbacher at CySat 2025. Photo: Via Satellite

PARIS —  There is a newfound urgency toward space cybersecurity in Europe. Josef Aschbacher, director general of the European Space Agency (ESA), keynoted CySat 2025 in Paris, underlying a new approach toward securing space infrastructure.

Aschbacher spoke on May 14 about how defense and space are now integrated much tighter than before and that “history is accelerating.”

“Space is no longer just a frontier of science. It is a fully-fledged domain. The threat is silent and asymmetric. Cybersecurity and space can no longer be separated. It now needs a coordinated response. Our mission is to not only to explore space but to secure it,” Aschbacher said.

[This feature was published exclusively for Space Security Sentinel, a new cyber newsletter from the teams at Via Satellite and CyberSat. Learn more and subscribe here]

It was interesting to hear ESA’s top official talk in a completely different way about space. He said while space technologies bring a number of benefits to societies, they also bring vulnerabilities.

“Every satellite entry point could be a weak point. Satellite jamming, spoofing, cyber attacks against satellites and ground infrastructure are valid threats,” he said. “They have the power to destabilize economies and to manipulate public opinion. The attackers operate from the shadows. Space is emerging as a hybrid theatre. It is no longer just about securing access of space, but securing space operations themselves.”

Aschbacher added that such is the threat now that is calls for “profound thinking” toward space security. He said that cyber space and physical space can no longer be treated in isolation.

However, the space domain is one of the most complex environments to secure. He spoke of the hybrid nature of space, as it merges software, hardware, ground, and orbital assets. He added, “[Space] is distributed. It is remote. It is persistent. You cannot patch is easily. This creates unprecedented challenges. Each link of the supply chain can become a breach. Cybersecurity cannot be an afterthought. It has to be done by design.”

Europe’s New Intelligence and Surveillance Program

It feels as though Europe has reached a kind of inflection point, and organizations like ESA have to be doing more. The geopolitics were an undercurrent throughout CySat. Aschbacher spoke of an “historic responsibility” and that Europe can no longer “afford trial and error” here. He spoke of ESA embedding cybersecurity into every new mission, and integrating it from the very beginning.

Central to this new approach will be a new intelligence and surveillance program – European Resilience from Space (ERS). Aschbacher and ESA will be preparing a proposal for the ESA Ministerial Conference in November regarding ERS.

In terms of ERS, Aschbacher said ERS is “a work in progress.” ESA is discussing ERS with various stakeholders. It is at the heart of a new space cybersecurity strategy for Europe.

“We are not adapting to crisis. We are preparing for crisis. We are preparing for deterioration. We have identified threats. We have outlined ambitious perspectives. Space cybersecurity is a challenge of governance. It is about speaking the same language, building a shared culture. We must build a Europe of operational trust. We have everything we need to succeed. We need consistency, courage,” noted Aschbacher.

An Industry in Transformation

One of the interesting new speakers at CySat this year was Andrew Newson, vice president of IT & Security, CIO/CISO, Iceye.

Newson spoke of a space industry that is “rapidly transforming.” He said that the space industry now offers capabilities that are key for national defense and security. He said it is crucial that the industry adapt to strengthen its security measures.

In terms of where the threats are to satellite players such as Iceye, Newson highlighted that the biggest concerns relate to nation state actors (APTs), due to the fact they are patient and well-funded. Interestingly, while this threat is particularly well-known, Newson said more emphasis needs to be placed on insider threats.

“We don’t talk so much about insider threats. The changing geopolitical landscape can cause people to be paid, coerced,” he said. “In Iceye, we have a lot of people that are new to the industry. So, we need to build that culture. Protection of our people is often overlooked. If I was attacking a space company, I would go after people.”

Interestingly, Newson bought up the example of Rheinmetall CEO Armin Papperger who according to news reports late last year, was the target of an assassination attempt by the Russian government. Rheinmetall is a German arms manufacturer. Newson bought this example to highlight that senior leaders working in the defense, and in theory, the satellite industry could face this type of threat.

In terms of supply chain and vendor reputation management, Newson spoke of having the right systems in place. “Quite often, we will see vendor breaches. IT infrastructure and ground segment are an easier attack vector,” he said.

He also spoke to the importance of being prepared for the quantum era. He added, “Not having a cryptography strategy is not acceptable, particularly when supplying services to government and defense.”

Starlink for Italy?

CySat polled attendees on whether or not the Italian government should use Starlink. This is in light of talks regarding the Italian government regarding using Starlink for secure communications.

The response was interesting — only 11% said yes that the government should use Starlink. Close to 70% of the audience polled thought the Italian government should use European solutions like OneWeb, rather than Starlink. Another 20% said the Italian government should wait for the IRIS² constellation to be operational.