Satellite cybersecurity incidents surged 118% in 2025, but there is no mandatory security standard for commercial satellites -- 37 vulnerabilities were found in widely-used open-source spacecraft control software
technologytechnology0 views
The Space Information Sharing and Analysis Center (Space ISAC) reported a 118% surge in space-related cyber incidents in 2025 compared to 2024, with approximately 117 publicly reported incidents from January through August 2025. At the DEF CON and Black Hat USA conferences in August 2025, white-hat hackers demonstrated 37 separate vulnerabilities in open-source software used by space agencies and companies to control satellites, including the ability to send commands that could fire thrusters and change a satellite's orbit. Roughly 25 space-sector organizations were targeted by ransomware groups in 2024. A Chinese state-sponsored campaign that initially breached U.S. telecoms (Verizon, AT&T, T-Mobile) extended to satellite communications providers including Viasat by mid-2025.
Why it matters: Satellites lack mandatory cybersecurity standards, so operators implement security ad hoc based on internal risk assessments, so satellites launched with known-vulnerable software remain in orbit for 5-15 years without the ability to patch critical vulnerabilities, so state-sponsored attackers can exploit these vulnerabilities to disrupt or hijack satellite operations, so critical infrastructure including military communications, air traffic management, and maritime navigation becomes vulnerable to denial-of-service or manipulation attacks.
The structural root cause is that no government agency has clear regulatory authority over satellite cybersecurity -- the FCC regulates spectrum, the FAA regulates launches, NOAA regulates remote sensing, and CISA handles critical infrastructure but has no space-specific mandate -- so satellite cybersecurity falls into a regulatory gap where each agency assumes another is responsible, and operators face no compliance requirement to meet any specific security standard before or after launch.
Evidence
Space ISAC reported a 118% surge in space cyber incidents in the first 8 months of 2025 vs. 2024 (CSIS 2025 Space Threat Assessment; Industrial Cyber). At Black Hat USA and DEF CON August 2025, researchers demonstrated 37 vulnerabilities in open-source spacecraft control software, including the ability to command thruster firings (IEEE Spectrum, 2025). The Chinese state-sponsored campaign (Salt Typhoon) extended to satellite communications including Viasat by mid-2025 (SpaceNews, 2025). In 2024, OpenAI and Microsoft revealed that Russian threat actor Fancy Bear used LLMs to research satellite communications and radar system vulnerabilities. ENISA published 'From Cyber to Outer Space: A Guide to Securing Commercial Satellite Operations' in 2025. Nearly 40% of satellite cyberattacks stem from integration flaws (Mayer Brown, December 2025).