The Viasat Wake-Up Call
On February 24, 2022 — exactly four years ago today — as Russian forces began their invasion of Ukraine, a sophisticated cyberattack disabled Viasat’s KA-SAT satellite broadband network across Europe. The attackers exploited a misconfigured VPN appliance at a management center in Turin (operated by Eutelsat) to deploy wiper malware known as AcidRain, permanently bricking tens of thousands of satellite modems. The immediate target was Ukrainian military communications that relied on the KA-SAT network, but the collateral damage extended far beyond: 5,800 wind turbines in Germany lost remote monitoring capabilities, internet service was disrupted across Central and Eastern Europe, and the incident demonstrated that space-based communications infrastructure is a legitimate and viable target in modern conflict.
The Viasat attack was not the first cyber incident involving space systems, but it was the most consequential. It proved three things simultaneously: satellite infrastructure is targetable at scale through its ground-based management systems, the collateral effects of attacks on shared satellite infrastructure are unpredictable and transnational, and neither governments nor satellite operators had adequate cybersecurity frameworks in place to prevent or respond to such attacks. The US, EU, and NATO all issued post-incident analyses concluding that space system cybersecurity required urgent attention.
The stakes have only grown since 2022. The number of active satellites in orbit has surged past 10,000, driven primarily by mega-constellations like SpaceX’s Starlink (approaching 10,000 satellites as of early 2026 and comprising roughly 65% of all active satellites), OneWeb, and Amazon’s Project Kuiper. Satellite systems now underpin critical services that billions depend on: GPS/GNSS navigation for aviation, maritime, and ground transportation; weather forecasting; agricultural monitoring; financial transaction timing (GPS provides the precise time synchronization that global financial markets require); and military command, control, and intelligence. The cybersecurity of these systems is, quite literally, a matter of global stability.
The Attack Surface: Ground, Link, and Space Segments
Satellite system cybersecurity encompasses three distinct segments, each with unique vulnerabilities. The ground segment — ground stations, mission control centers, user terminals, and the terrestrial networks connecting them — is the most accessible attack surface and historically the most exploited. The Viasat attack targeted the ground-based management infrastructure, not the satellite itself. Ground stations run conventional IT systems (servers, networks, databases) with conventional vulnerabilities: unpatched software, misconfigured access controls, and susceptibility to phishing and malware. In the 2007-2008 incidents involving NASA’s Terra and Landsat-7 Earth observation satellites, hackers interfered with the spacecraft through the Svalbard Satellite Station in Norway. According to a US-China Economic and Security Review Commission report, attackers achieved all steps required to command the Terra satellite — though no unauthorized commands were actually sent and no data was captured.
The link segment — the radio frequency communications between ground stations and satellites (uplink and downlink) — is vulnerable to interception, jamming, and spoofing. Satellite communications are broadcast over wide areas, making interception straightforward for anyone with appropriate receiving equipment. The Turla APT group (attributed to Russian intelligence) was documented hijacking legitimate satellite internet links to receive command-and-control traffic, using satellite broadband connections of unsuspecting users as covert communication channels. GPS/GNSS spoofing — transmitting fake satellite navigation signals to deceive receivers — has moved from theoretical to routine: aircraft and ships in the Eastern Mediterranean, Black Sea, and Baltic regions report daily GPS anomalies, with Russia identified as the primary source of military-grade GNSS spoofing.
The space segment — the satellite hardware and software itself — presents the most challenging attack surface. Satellites run embedded software that is difficult to patch (firmware updates to orbiting assets carry the risk of bricking the satellite), and their hardware cannot be physically accessed for repair or forensic analysis. Many satellites in orbit today were designed and launched before cybersecurity was a design consideration, running legacy software with no encryption on command links and no authentication on telemetry data. In 2023, two landmark demonstrations proved this threat is real, not theoretical. At the CYSAT conference in Paris, Thales researchers hacked ESA’s OPS-SAT nanosatellite — a real spacecraft in orbit — gaining access to its GPS, attitude control system, and onboard camera. Separately, the Hack-A-Sat 4 competition at DEF CON used Moonlighter, the world’s first on-orbit hacking sandbox, allowing over 700 teams to attempt exploitation of a live satellite. Both events demonstrated that software exploitation of space-segment systems is technically feasible against real hardware in orbit.
Advertisement
GPS Spoofing: The Invisible Infrastructure Attack
GPS spoofing deserves particular attention because of its ubiquity and its implications for civilian infrastructure. GPS (and its equivalents: European Galileo, Russian GLONASS, Chinese BeiDou) provides two services that modern civilization depends on: positioning (where am I?) and timing (what time is it?). GPS timing is used by cellular networks for synchronization, by power grids for phase alignment, by financial exchanges for transaction timestamps, and by data centers for distributed system coordination. An accurate, large-scale GPS spoofing attack could simultaneously disrupt telecommunications, energy, finance, and logistics.
The escalation of GPS spoofing in conflict zones is well documented. The Center for Advanced Defense Studies (C4ADS) published research in 2019 identifying 9,883 suspected GPS spoofing instances across 10 locations, affecting 1,311 civilian vessels and emanating from Russian military facilities in the Mediterranean, Black Sea, and Gulf of Finland. Since 2022, GPS spoofing has intensified dramatically in the Middle East. Following the start of the Middle East conflict in October 2023, spoofing reports surged across the region, with multiple state-level sources identified as originators. The affected airspace experiences persistent GNSS interference that has forced airlines to modify flight paths. In one notable incident, aircraft over Iraq reported GPS positions placing them hundreds of kilometers from their actual location — over Iranian airspace — demonstrating the potential for spoofing to create aviation safety emergencies.
The defense against GPS spoofing is multi-layered and incomplete. Military GPS receivers use encrypted signals (M-code) that are resistant to spoofing, but civilian receivers use open signals that can be replicated with commercially available software-defined radios costing as little as $300. Receiver Autonomous Integrity Monitoring (RAIM) can detect some spoofing by comparing signals across multiple satellites, but sophisticated spoofing that manipulates all visible signals simultaneously can defeat RAIM. Multi-constellation receivers (GPS + Galileo + GLONASS) are harder to spoof than single-constellation receivers, and emerging techniques using machine learning to detect signal anomalies show promise. But the fundamental vulnerability remains: civilian GNSS signals were designed for accuracy, not security, and retroactively adding authentication to a system with billions of deployed receivers is an engineering challenge of unprecedented scale.
The Regulatory Vacuum and the Emerging Space Security Industry
The cybersecurity governance of space systems exists in a regulatory vacuum that is only beginning to be addressed. No international treaty or agreement establishes cybersecurity standards for satellites. The Outer Space Treaty (1967) addresses weapons in space but not cyber operations. The ITU (International Telecommunication Union) manages spectrum allocation but not cybersecurity. National regulations are fragmented: the US issued Space Policy Directive 5 (SPD-5) in 2020, establishing cybersecurity principles for space systems, but it is non-binding. The EU’s Space Programme Regulation references cybersecurity but defers to national implementation. Most satellite operators globally are not subject to any mandatory cybersecurity standards.
This vacuum is creating opportunity for a nascent space cybersecurity industry. Companies like SpiderOak (zero-trust encryption for satellite communications), Xage Security (identity and access management for space systems), and Phosphorus (IoT/OT security applied to satellite ground equipment) have raised significant venture funding targeting the space security market. The Space ISAC (Information Sharing and Analysis Center), established in 2019, provides a coordination mechanism for threat intelligence sharing among satellite operators and government agencies. CISA (Cybersecurity and Infrastructure Security Agency) has launched a Space Systems Critical Infrastructure Working Group and is actively evaluating whether to designate space as a 17th critical infrastructure sector — a step that multiple government and industry reports have recommended but that has not yet been formally enacted.
For Algeria, the relevance is twofold. Algeria operates the Alcomsat-1 telecommunications satellite (launched in 2017) and the ALSAT series of Earth observation satellites, managed by ASAL (Algerian Space Agency). These assets are subject to the same cybersecurity risks — ground station compromise, telemetry interception, command link manipulation — that affect all satellite operators. Additionally, Algeria’s reliance on GPS for aviation, maritime navigation, telecommunications synchronization, and emerging precision agriculture makes GPS spoofing a national infrastructure risk that extends well beyond the military domain.
Frequently Asked Questions
What is cybersecurity in space?
Cybersecurity in Space: Satellite Hacking, GPS Spoofing covers the essential aspects of this topic, examining current trends, key players, and practical implications for professionals and organizations in 2026.
Why does cybersecurity in space matter?
This topic matters because it directly impacts how organizations plan their technology strategy, allocate resources, and position themselves in a rapidly evolving landscape. The article provides actionable analysis to help decision-makers navigate these changes.
How does the attack surface: ground, link, and space segments work?
The article examines this through the lens of the attack surface: ground, link, and space segments, providing detailed analysis of the mechanisms, trade-offs, and practical implications for stakeholders.
Sources & Further Reading
- SentinelOne – AcidRain: A Modem Wiper Rains Down on Europe
- CyberPeace Institute – Case Study: Viasat KA-SAT Attack
- C4ADS – Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria
- Foreign Policy – War-Zone GPS Spoofing Is Threatening Civil Aviation
- The Aerospace Corporation – Hacking an On-Orbit Satellite: CYSAT 2023 OPS-SAT Demo
- OODALOOP – DEF CON 2023 Hack-A-Sat Includes Real-Time Cubesat in Space
- US Space Policy Directive 5 – Cybersecurity Principles for Space Systems
- CISA – Space Systems Critical Infrastructure Working Group
- Kaspersky Securelist – Satellite Turla: APT Command and Control in the Sky
- Space.com – Hackers Interfered With 2 US Government Satellites
