NATIONAL HARBOR, Md. — U.S. military satellites acquired by the Space Development Agency for its low Earth orbit constellation undergo rigorous cybersecurity evaluations ahead of their deployment, as SDA emphasizes the need to mitigate vulnerabilities before launch.
Speaking at the Air, Space & Cyber Conference, Tournear said cybersecurity requirements are integrated into satellite manufacturers’ contracts. “We have a lot of cyber requirements built into our contracts from day one,” he said, noting that this approach is becoming a model for other Space Force organizations.
The agency’s Tranche 1 of the Proliferated Warfighter Space Architecture, comprising as many as 160 satellites, is scheduled for launch over the next two years. As part of their assessment, SDA will put the satellites’ ground systems through “white hat hacking” to probe for potential weaknesses.
SDA’s cybersecurity protocols are aligned with the Pentagon’s overall efforts to safeguard space assets, which have become increasingly essential for communication, navigation and defense operations. As space systems become vital components of national infrastructure, they are also emerging as prime targets for cyberattacks by both state and non-state actors, experts warn.
Cyberattacks a likely weapon
Chris Weggeman, a retired U.S. Air Force lieutenant general and head of Deloitte’s government cybersecurity practice, said cyberattacks are expected to be the most frequent weapon used to disrupt U.S. space capabilities. He highlighted the potential dangers of such attacks by drawing parallels to Russia’s 2022 cyberattack on Viasat during the Ukraine conflict, likening it to the Colonial Pipeline ransomware attack of 2021.
“Ukraine was like the Colonial Pipeline of space,” Weggeman said in an interview. He noted that the Viasat incident underscored the vulnerabilities of satellite systems and emphasized the need for greater resilience in military space networks.
Weggeman said AI and machine learning could be key in bolstering space cybersecurity, enabling real-time detection and response to emerging threats. “The satellites we have on orbit today were designed for a permissive environment,” he said, advocating for sensor-based systems that would allow satellites to detect and react to cyberattacks autonomously.
In a recent white paper, Deloitte urges the Department of Defense to adopt “secure-by-design” principles, stressing that vulnerabilities can arise across different parts of the network, from user equipment to launch systems. “You’re only as secure as your weakest link,” Weggeman warned.