Satellites Are the New Critical Infrastructure. Most Countries Aren't Treating Them That Way.

GPS timing keeps power grids and stock exchanges synchronized. Weather satellites feed the forecasts farmers and airlines rely on. Low-Earth-orbit broadband constellations now carry military command-and-control traffic in active conflict zones. None of that depends on infrastructure that looks remotely like the hardened data centers and segmented networks most cybersecurity frameworks were built around — it depends on spacecraft, ground stations, and decades-old communication protocols that were largely designed before anyone seriously planned for a hostile actor on the other end of the link. As commercial satellite constellations multiply, that gap between dependence and defense has become one of the more consequential blind spots in global cybersecurity.

The Attack That Made It Real

The clearest illustration of what's at stake happened on February 24, 2022, the day Russia invaded Ukraine. Attackers, widely attributed to Russia's GRU-linked Sandworm group, exploited a misconfigured VPN appliance to gain access to the management network behind Viasat's KA-SAT satellite service. From there, they pushed a custom wiper malware, later named AcidRain, to tens of thousands of satellite modems across Ukraine and Europe, permanently disabling the devices' firmware. The attack knocked out broadband for thousands of Ukrainian customers at the start of the invasion and had unexpected ripple effects far from the battlefield, including knocking out remote monitoring for thousands of wind turbines in Germany. It remains one of the only confirmed cases of a cyberattack on satellite ground infrastructure causing physical, large-scale disruption, and it did so not by hacking the spacecraft itself but by compromising the terrestrial systems that manage it, a reminder that satellite security is as much about ground segments as it is about orbit.

Why the Threat Surface Is Expanding

For decades, satellites were expensive, government-built, and few in number, which made them an exotic target. That's no longer true. Commercial mega-constellations have pushed thousands of satellites into low-Earth orbit, run by a much wider and more variable set of operators with very different security maturity. A joint intelligence report circulated in part by the U.S. National Security Agency this March warned explicitly that the rapid growth of LEO satellite communications has expanded the attack surface available to malicious actors, putting the terrestrial networks that depend on these services at greater risk. The same period has seen repeated jamming and spoofing of GPS and Europe's Galileo satellite signals, a cheaper and harder-to-attribute form of interference than a direct cyberattack but one with similar disruptive potential for aviation, shipping, and any system relying on precise satellite timing.

The 2026 edition of the Secure World Foundation's Global Counterspace Capabilities Report, which tracks the space-warfare capabilities of thirteen countries, treats cyber as one of five distinct categories of counterspace weapon alongside kinetic, electronic-warfare, and directed-energy options, underscoring that cyber operations against satellites are now considered a standing element of modern military planning rather than a hypothetical. Yet a recent World Economic Forum survey found that only 15% of organizations factor dependence on space-based assets into their cybersecurity risk planning at all, far behind more conventional concerns like IT/OT convergence or geopolitical risk generally. The gap between how seriously militaries treat the threat and how seriously most commercial and governmental risk planning treats it remains wide.

What Makes Satellites Hard to Defend

Several features of satellite systems make conventional cybersecurity practice difficult to apply directly. Many spacecraft, especially older ones, were designed with long operational lifespans and minimal onboard processing power, meaning encryption and authentication that would be standard on a modern terrestrial network may be absent or outdated by the time a satellite is decades into its mission. Ground stations, user terminals, and the management networks that link them together, the layer actually compromised in the Viasat attack, are often the more practical target, since they run on more familiar IT infrastructure that's easier to probe for misconfigurations. And supply chains for satellite hardware and firmware span numerous vendors and subcontractors, creating exactly the kind of opaque dependency chain that enabled the wiper malware to be pushed through Viasat's own legitimate management mechanism rather than through a more obvious intrusion.

The Policy Response, and Its Gaps

Governments have started treating this as a distinct policy problem rather than folding it into general cybersecurity rules. In the United States, the bipartisan Satellite Cybersecurity Act, reintroduced for a third time this year by Senators Gary Peters and John Cornyn, would direct the Commerce Department to develop voluntary cybersecurity recommendations specifically for satellite owners and operators and create a clearinghouse for that guidance, an acknowledgment that the existing patchwork of federal responsibility for space-system security remains unclear even within the U.S. government. Researchers at CSIS have made a similar point, noting that experts across allied countries still can't easily say which agency is responsible for preventing or responding to a cyberattack on a satellite system, a gap that complicates everything from incident response to information sharing.

International coordination remains thinner still. Existing frameworks like the UN's outer space guidelines and information-sharing bodies such as the Space Information Sharing and Analysis Center provide some structure, but participation is often voluntary and, in the case of industry-run ISACs, dependent on paid membership rather than universal access. Proposals to accelerate adoption of post-quantum cryptography for satellite communications, and to formalize cyber incident-sharing specifically for space systems, are circulating in policy circles but remain aspirational rather than implemented at scale.

What Nations and Operators Need to Do

The emerging consensus among space-security researchers points to a few concrete priorities: harden ground segments and management networks with the same rigor applied to other critical infrastructure, since that's where real-world attacks have actually succeeded; clarify national-level ownership of satellite-incident response before a crisis forces the question; build cyber resilience into procurement requirements for new satellite systems rather than retrofitting it after launch; and invest in the kind of hands-on technical workforce that can actually test these systems before adversaries do. That last point is increasingly being addressed through open-source training tools and hardware simulators, modeled on initiatives like the U.S. Space Force's Hack-A-Sat competition, that let researchers practice satellite security techniques on safe, purpose-built hardware rather than live systems. Given how dependent modern life already is on satellites that most people never think about, closing the gap between that dependence and the security attention it receives looks less like a niche technical concern and more like a basic requirement of critical-infrastructure policy going forward.