Via Satellite archive photo

The established wisdom holds that satellite hacking is challenging for malicious actors due to the complexities of satellite infrastructure and the need to compromise multiple systems simultaneously. However, if insiders are involved, these barriers start to fall apart. This article examines this potential, discussing criminally motivated insiders and how they can subvert controls and countermeasures protecting satellites.

This is the inaugural article for our column, Rogue Orbits, which deals with themes of irregular warfare, piracy, crime, and governance in space. We came to this topic from writing the book “Space Piracy: Preparing for a Criminal Crisis in Orbit”. Our backgrounds (Marc from space finance and satellite business; Hugh from cybersecurity) give us a distinctive perspective. We contend that while military and commercial space players are right to be concerned with threats from China and Russia, non-state actors like criminal syndicates and pirates may become more destructive adversaries.

The Conventional Wisdom on Satellite Hacking

While satellite hacks are a fact of life, the practice appears rare. Setting aside cover-ups, the consensus is that satellite hacking is harder than it looks. Reasons include the “security through obscurity” aspects of space systems, many of which run on obsolete, esoteric operating systems, encryption methods, and network protocols.

[This column was published exclusively for Space Security Sentinel, a Via Satellite monthly newsletter at the intersection of space, cybersecurity, and national defense. Learn more and subscribe to Space Security Sentinel here.] 

The attack chain is challenging, too. Satellites often feature a tight air gap between command and control (C2) systems and application software. And, success depends on compromising a ground station and the satellite itself. As Martin Libicki, a professor at the U.S. Naval Academy and author of “Cyberspace in Peace and War,” likes to point out, any hack that requires two successful attacks at the same time is going to have a low success rate — and may not even be worth trying.

These conditions may start to change in the near future, for two reasons. One is that space infrastructure increasingly comprises off-the-shelf hardware and standard Linux operating systems. These are much easier to hack. Furthermore, circumstances in the space sector are making it more probable that knowledgeable insiders will have incentives to attack space systems from within.

Revisiting the Satellite Attack Surface with Insider Threats in Mind

Current space cybersecurity efforts focus on the core digital infrastructure supporting space operations. For example, the National Institute of Standards and Technology (NIST) Cybersecurity Framework Profile for Hybrid Satellite Networks (NIST IR 8441) emphasizes protections for antenna fields, virtual machines, software, user terminals, ground nodes, and inter-satellite cross-links. These elements deserve serious attention, of course. Still, effective risk mitigation in space should rely on a broader understanding of the attack surface, especially when considering the potential for malicious insiders to compromise digital assets.

Space’s immense and variegated supply chain deserves consideration as an attack surface. Rockets, ground support infrastructure, and satellites are assembled from digital hardware and software from thousands of vendors. Such complex environments are inherently insecure. As suppliers rush applications and equipment into production to meet ambitious space venture deadlines, security practices inevitably lag. Malicious actors can penetrate vulnerable systems through open-source software libraries, firmware, unpatched exploits, and more.

Contractors form another segment of the attack surface. By necessity, aerospace contractors must share sensitive information related to space system design and operations with one another. Each contractor thus becomes a target for hackers. Their individual security countermeasures and controls may not be adequate, regardless of Cybersecurity Maturity Model Certification (CMMC) military security standards, audits, and the like. The notorious 2018 hacking of a U.S. Navy subcontractor by the Chinese Ministry of State Security, which led to the theft of secret submarine codes, offers an example of how contractors might expose space systems to cyber risk.

Another risk factor to consider is the ability to indirectly impair space operations. As the 2021 Colonial Pipeline hack revealed, one doesn’t need to hack a space system to disrupt it. In that case, hackers caused a fuel pipeline to cease functioning, cutting off deliveries of jet fuel to U.S. Air Force bases. Space launch facilities and ground operations are exposed to similar risks.

Understanding the Insider Threat

Well-intentioned executives tend to be uncomfortable contemplating insider threats. Professionals serving in leadership roles tend to think of their employees as honest and committed to the corporate mission, but it’s wise to set that kind of thinking aside. Unfortunately, human nature has a way of asserting itself in negative ways, particularly as conditions favor such behavior. Indeed, according to research from IBM, 83% of organizations have reported insider threats.

The space sector is also now experiencing a brain drain that could lead to a surge in insider activity. In Russia, for instance, where sanctions from the Ukraine war have depressed the space economy, no fewer than 65,000 skilled space professionals have lost their jobs in recent years. These people, some of whom have the experience and knowledge to hack space systems, are looking for employment, potentially on the wrong side of the law. Who might hire them?

Insiders have a better shot at breaking through existing security controls than external hackers. They are in a strong position to exploit embedded malware, for example. They can also breach air gaps separating satellite C2 and application software. They are well situated to compromise ground stations without anyone understanding what’s happening until it’s too late.

Insiders may be available to perpetrate attacks, but will they? One possibility is that they will conduct attacks for personal reasons, like expressing dissatisfaction with their jobs. They might also perpetrate attacks if they’re coerced into it, or for reasons as varied as sex, money, and ideology. Alternatively, criminal gangs, such as the cartels, might engage the services of insiders for space hacking. Such an attack might be done at the behest of a national government that wants to harm an adversary in space, but do so with deniability. The history of maritime piracy is rife with examples of this type of asymmetrical shadow warfare.

What Can Be Done About This?

Is there a solution to the insider threat in space? Yes, and the good news is that most organizations involved in space commerce and space national security activities have already implemented many of the core countermeasures. More needs to be done,  however. Secure design standards and certification of space components would help a great deal, as would the deployment of more extensive and rigorous monitoring of digital activity across the full space digital ecosystem.

Rigorous background checks are essential, including investigations into ownership and leadership of subcontracting entities. Bad actors could be in place for years before doing anything, so attention to ongoing behavior is relevant. For example, a quality control inspector could be paid to look the other way when malicious firmware gets installed on a device.

Space systems are likely on the verge of a new era of rampant hacking, driven in part by insiders. Changes in space technology, coupled with a newly available cohort of potential malicious insiders, make this outcome highly probable. The vast and complex attack surface creates a high level of risk exposure. Countermeasures are possible, and it would be wise for stakeholders to take the issue seriously today, rather than wait until the problem manifests in serious harm to space systems.

Hugh Taylor is the Director of the Center for the Study of Space Crime, Piracy, and Governance. He is the co-author, with Marc Feldman, of the book “Space Piracy: Preparing for a Criminal Crisis in Orbit” (Wiley, 2025). Prior to working in the space sector, Hugh served in executive roles at Silicon Valley startups, Microsoft, and IBM. His writing has appeared in Security Boulevard, The Daily Beast, HuffPost, and The Washington Spectator, in addition to his cybersecurity blog, The Journal of Cyber Policy.

Marc Feldman is managing partner of Eonia Capital Management, an aerospace/space and defense-based venture capital fund. Marc has more than 35 years of experience in commercializing technologies and scaling startups. He has led teams across various industries, including life sciences, entertainment, media, telecommunications, consumer products, and aerospace/space. Having worked at and advised Shamrock Capital, Disney, Interpublic Group, Univisa Satellite Services and News Corp, Marc has extensive experience globally, including in Asia, Europe, Russia, the Middle East, and Latin America.