Johnathon Martin, acting deputy director of the Office of the Chief Architect of the
National Reconnaissance Office (NRO). Photo: Access Intelligence

RESTON, Virginia – The National Reconnaissance Office (NRO) established a space cyber program to serve as the central hub for space cyber activities across the agency as of Oct. 1, Johnathon Martin, the acting deputy director of the NRO’s Office of the Chief Architect and the incoming deputy director of the NRO Space Cyber Program, announced during the CyberSat conference on Monday.

Martin also detailed the Moonshine Guardian training exercise last month between the NRO and Space Delta 26.

While the NRO is no stranger to devising solutions to the decades-old threat of hacking, “today’s rapidly evolving threat landscape, combined with our increasingly diverse, complex and interconnected space architecture, demands a more focused approach,” Martin said during CyberSat on Nov. 18. The new space cyber program is built on three pillars.

“First, we’re establishing clear strategic priorities for space security,” Martin said. “Second, we’re accelerating the integration of cybersecurity capabilities into our space systems. Our team is working directly with program offices to bake cybersecurity and design processes from day one, not as an afterthought. We’re ensuring the bar is high, that programs have what they need to be successful and reach the criteria, and ensuring that they do. We’re doing this while minimizing system complexity and without hindering our acquisition and operational tempo. Third, we’re flattening decision making hierarchies. The NRO chief information security officer has been named the NRO’s space cyber executive.”

The NRO’s Space Cyber Program will have a direct line to Cybersecurity and Infrastructure Security Agency (CISA). Its scope will tie together all aspects of space cyber for policy and governance, R&D, engineering, acquisition, and operations, Martin said.

Former space acquisition chief Frank Calvelli, an NRO veteran, said during the Biden administration that fielding quality ground systems were his top priority, and NRO Director Chris Scolese said in September at the Intelligence and National Security Summit at National Harbor, Maryland, that cyber is his “number one concern.”

“Space systems are incredibly complex, and the last thing a program manager wants to add is cyber capability that is overly complex,” Martin said on Monday. “So where should you as a satellite developer or capability provider start? My recommendation is simple. Your own ground station is the greatest threat to your satellite. There are multiple cyber threat vectors to a spacecraft, most of which go through your ground station, and the attack surface of your ground station is significantly greater than the spacecraft itself…How do you teach your satellite to protect itself from you or from your own ground station? The bad guys don’t need some exquisite capability to try to get access to your system when they can pitch a free ride through your ground station. From what I’ve seen, a lot of satellites are sitting ducks in this way. If someone owns the ground station, they own the satellite.”

Satellites “must have onboard detection and response and recovery capabilities” to cyber attacks, Martin said.

Last month, the NRO and Space Delta 26 held the Moonshine Guardian training exercise, featuring defensive cyber measures against attacks on U.S. space systems. U.S. Space Force has held its own Moonlight Defender series of cyber exercises that have used Aerospace Corp.’s “Moonlighter” 3U cube satellite.

Moonshine Guardian “was some world class training that we gave some of our operators,” Martin said in a brief interview on Tuesday.

In his CyberSat address on Monday, Martin said that most space systems use encryption.

“I think we finally checked that box,” he said. “But let me ask what other capabilities are commonplace now for a given system…How many have space based intrusion detection systems or even ground based intrusion detection systems? How many have intrusion prevention systems that are integrated into the satellite fault management system? How many satellites run everything as root? How many satellites employ multi factor authentication? After all, we’ve had at least 50 years to work on this. So it’s concerning that these types of capabilities and security designs aren’t implemented by default across the board.”

More from CyberSat 2025: 

• Multi-Orbit Networks Expand the Attack Surface, But Basic Cyber Threats Remain, Experts Say
• DHS Wants Satellite Volunteers to Test New Cyber Tools
• Pentagon’s Acting CIO Arrington Pushes Against Complacency in Space Cybersecurity

This story was first published by Defense Daily