Space Force races to secure its systems as orbit grows more crowded

Click here to watch the full discussion.

As the military becomes increasingly reliant on space, cyber threats against space systems are growing more sophisticated, aggressive and far-reaching. Space Force and industry leaders say that cyberattacks against space systems are no longer limited to isolated ground attacks — they are increasingly evolving into persistent, multi-domain campaigns targeting the entire space architecture.

“They’re attacking the link, then they’re attacking the satellites themselves. In Ukraine, we’ve seen the attacks from ground to space, from space to space. The threat is evolving against our satellites, and we know we do the same,” Col. Brian Mihalko, Space Systems Command cyber and data director, said during Federal News Network’s Securing the Space the Domain: Cyber Resilience in a Contested Environment panel discussion.

The challenge is compounded by the growing complexity of integrating new technologies with legacy systems — many older systems currently in orbit were designed long before cybersecurity was a priority. 

And while the rapid deployment of commercial technologies and next-generation capabilities is transforming resilience in orbit, it is also expanding the attack surface and creating new vulnerabilities.

“When you start to integrate capabilities, each individual component might be hardened, but it’s often the seams that have legacy challenges,” Chris Jones, chief technology officer at Nightwing, said.

Jones said securing space systems requires an understanding of the entire supply chain and identifying potential access points adversaries could exploit and ensuring that those components are hardened from both a cyber resiliency and anti-tamper perspective.

“I think that’s a place where we still have some room to upgrade our capabilities from an anti-tamper and a resiliency perspective to make sure that all of the components that are susceptible have been evaluated. Moving forward, I think we’re putting a lot of things up in orbit fast, which is great. We need to probably do some of that in the initial stages, and we’ll probably have to do some of this in catch-up mode — to make sure that we’re looking and serving as the attacker, looking at our capabilities and making sure that they’re as hardened as humanly possible,” Jones said.

“But I think the whole configuration is much more adaptable today than it was in the past, and I think we were trending in a really good direction from that perspective,” he added.

Jennifer Buss, chief executive officer of the Potomac Institute for Policy Studies, said the Space Force will also need to rethink how satellites are designed from the outset — historically, the Defense Department defined a fixed compute requirement early in development, but future systems will require extra compute capacity since there will be more capabilities added over the lifetime of each satellite.

And AI at the edge will present an entirely new set of technical and cybersecurity challenges.

“What does that look like? We’re not really sure. How is that going to operate? There’s a whole lot to unpack there, and securing that and making sure that we have that ability and power capacity as well is something that is still working through the process,” Buss said.

Mihalko said the Space Force is trying to “shift that cyber resiliency to the left” by integrating cybersecurity requirements earlier in the acquisition process.

“We are explicitly mandating the zero trust principles and activities and requirements, secure software supply chain bill of materials and hardware integrity tracking from the very first and early stages of acquisition,” Mihalko said.

The service is also increasingly requiring contractors to provide digital twins for its space systems that can be used to conduct cyber testing, red teaming exercises and operator training before systems are deployed into orbit. 

“Modernizing our acquisition processes are going to help us transform, they’ll help our industry partners transform, strengthen that industrial base. It makes our acquisitions faster, more precise, and ultimately that’s what’s going to be the key to allow us to outpace the threat and outmaneuver our enemies,” Mihalko said.

Defending a distributed space architecture 

But the shift toward distributed space architectures degrades traditional cybersecurity approaches such as continuous monitoring. Retired Marine Corps Maj. Gen. Ryan Heritage said future cyber defense efforts will require greater computing power and more decentralized monitoring capabilities.

“How do you get those immediate alerts? And then the response action, not only the continuous monitoring. When you identify a vulnerability, how then is it addressed, and who and what is responding to it. But I do think foundationally, if we’re talking on orbit, a lot of it has to do with compute power,” Heritage said.

Jones said the volume of assets that are going to be on orbit and the volume of data that’s going to be communicated across all of them will require advanced analytics and edge computing.

“We need to compute because we need to run advanced analytics, and we need that advanced analytics because we need to integrate a [concept of operations] and a picture of what’s going on, so that humans can make decisions in that loop required to either patch, upgrade, defend, take, take corrective action. I think that is going to be the key moving forward —  how well can we get analytics pushed to that edge,” Jones said.

Mihalko said the way the Space Force approaches the complexity of continuous monitoring is by breaking it down into “sizable, workable efforts.”

“We’ll break it down by mission areas, such as GPS, SATCOM, missile warning, space sensing, and then by sections of the architecture. For the ground segments, the enterprise can use the more traditional methods of continuous monitoring, where we’ve got cyber warfare squadrons that are actively watching the terrain. For the other segments, when you get into the space vehicles and satellites, it becomes a lot more difficult to execute continuous monitoring, just because of the intermittent wave in which we contact those vehicles and pull telemetry off those vehicles. We are at this point pushing that cyber monitoring out to the edge,” Mihalko said.

Mihalko said the Space Force developed the zero trust reference architecture for space vehicles that helps break down the Defense Department’s zero trust activities and how they apply to a satellite architecture.

“That allows us to work the continuous monitoring out to the edge, deploying lightweight intrusion detection systems, automated policy-driven enforcement, closed-loop detection enforcement solutions directly onto the spacecraft so those satellites can process their own telemetry and their cyber logs, and only transmit those anomalies and those alerts back to the ground when necessary to save on that bandwidth,” he added.

Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.