CyberWire Daily - Securing satellites already in space, with journalist Shaun Waterman. [T-Minus: Space-Cyber Briefing]
Episode Date: June 14, 2026For years, space cybersecurity has been a long sought after goal, but due to operational constraints, it was largely unfeasible. In this week’s episode, host Maria Varmazis sits down with journalis...t Shaun Waterman to discuss his recent article “The Newest Space Race is Cyber.” As space has increasingly become a critical infrastructure component, industry leaders and security agencies alike have begun to launch new initiatives to improve capabilities both on the ground and in orbit. Key sources: The Newest Space Race is Cyber. DHS Wants Satellite Volunteers to Test New Cyber Tools. Five Teams of Hackers will Compete to Breach US Satellite in Space. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps without compromising performance,
time to market or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps at
www.gardesquare.com.
Space assets have traditionally been protected at least from nation-state attack by these
very strong norms, but in cyberspace there's just aren't the same norms.
Historically, there's been no penalty for attacking in cyberspace.
frankly, that's a little worry.
Welcome. I'm Maria Vermazes, and you're listening to T-Minus-Bes-Based Cyber Briefing.
In this show, we examine the evolution of cybersecurity in the global and orbital infrastructure
that powers, protects, and connects our lives.
Hi, everybody. Thank you for joining me today.
In our show today, we are featuring my recent interview with journalist Sean Waterman,
and he's been covering emerging technology and the space industry for decades.
space cybersecurity specifically has also been a part of his beat.
You may have seen his byline in satellite today or in Newsweek.
Sean recently wrote an article about how the newest space race is cyber,
in which he covers recent work in the industry
to bring incident detection and response onto satellites themselves,
rather than focusing solely on the ground systems.
And well, as you might imagine, that really piqued my interest.
We have a link in the show notes for you so you can read that article, but even if you haven't read it yet, I know you'll get a lot out of our conversation about the current state of space cyber.
Let's start off with Sean telling us a little bit about himself.
So I am a reporter, freelance journalist. I write about cyber security and other emerging technological threats, and I write about the space industry.
and I used to write more about federal IT.
My background is I came to Washington with the BBC originally for six months in 1999,
but I liked it so much here that when they wanted me to go back to London, I quit.
So I never look back to the rest of the history, as I say.
That's wonderful, Sean.
Well, thank you so much for joining me today.
I reached out because you wrote this fantastic article with the headline,
the newest space, racist cyber.
Would you mind walking me through a little bit about how you put this article together
and what your pitch was for creating this?
Well, actually, in some ways, this was a follow-up to a story that I wrote last year
after the CyberSat conference in Reston in November.
there was a presentation by the DHS Science and Technology Division
and the Aerospace Corporation about a couple of things that they were doing,
open source projects basically, designed for on-orbit cyber detection and response.
Space companies, you know, think about cybersecurity or operationalize it.
Anyway, it tends to be on the ground, protect their ground assets.
You know, they protect their assets in the cloud.
They encrypt their links.
Hopefully they do.
Hopefully.
Yeah.
But they can't take that for granted.
But no one really knows how to protect the satellite itself, you know, the software that's on there.
So, and I have been writing about this.
for about five years, you know, I first wrote about it in 2020, actually, which is the first
Hacker Sat contest at Defcom.
So there's a history there of, you know, what Hackersat was doing and they were building
up to it.
Eventually in, I think it's 2024, there was actually a CTF, you know, Capture the Flag
Contest between these teams of hackers on a satellite.
actually in orbit called Moonlighter.
Yeah.
There was an aerospace corporation and Air Force Research Lab project.
So there's been, on the offensive side, there's been quite a lot of work to demonstrate
the dangers of this hacking presents.
But on the defensive side, by contrast, there really didn't seem to have been much work done.
of articles, one for via satellite magazine and one for Air and Space Forces magazine,
about these efforts last year. And so the story in OT today for Information Security Media Group
was really a sort of continuation of that and update of it, you know, what had happened
since because they were going to try and open source some of these projects so that people
could toy around with them. And because, you know, it's a very, you know, it's a very important.
very difficult thing when the hackassat people were looking to try and find a satellite that
people would let them hack in orbit. You know, in the end, they had to launch their own, right?
Because everyone was like, no, I don't think we're going to do that.
A multi-million dollar asset on orbit?
Exactly.
Yeah, a bit of hard sell, yeah.
So part of the problem is, you know, people need to have a confidence.
have a trust and familiarity with the tools, right?
That was what DHS Science and Technology Division
and the Aerospace Corporation were trying to do.
And then there were also a couple of other different initiatives
which are touched on in the ISMG story.
Deloitte is actually, they have a small constellation now in orbit.
There are three satellites altogether
that have this on-orbit intrusion detection
system and they've been testing it out.
They and their partners have been trying a series of increasingly complex attacks on the
satellite.
None of them succeeded so far.
So that's a good thing.
The guy, Ryan, over at Deloitte, did say to me, you know, the one we're going to
really learn from is the one that succeeds, right?
Yes, yes.
They have their sign.
Shield, which is their cyber product, you know, they're on orbit intrusion detection and
response.
Well, on the first satellite was behind a one-way diode, right?
So that meant it could receive information from the satellite payload, but it couldn't
actually, you know, transmit to it, couldn't actually do anything.
And that, again, is for the confidence issue.
But with the second two satellites, they wanted to demonstrate on-orbit updateability, right?
Because they were not just trying to sell new satellites.
They're trying to sell this tool to people who have satellites in orbit.
And you can update them over the air.
You know, if they're software-defined, their software capable of being updated,
which, you know, all the satellites in these new Leo mega-constallations are,
then, you know, you could upload Silent Shields.
to your satellite and it will be protected, not just on the ground, but actually, you know,
in orbit itself. And then the final initiative was an initiative, well, it's a space force contract,
actually, with a couple of startups to build a tool that will look, not in the software,
but in the behavior of the satellite itself. You know, what's it doing? What's it transmitting?
Is it maneuvering?
What's its orbital status and where's it pointed?
Is it pointed in the right direction?
All of this stuff.
It's dangerous to rely on telemetry for detection, you know,
because one of the things that a hacker might be able to do,
and this is a big part often of hacking operational technology systems,
is you get the system to keep sending telemetry that says everything's fine.
I mean, that was how Stuxnet worked, right?
The weapon that was deployed against the Iranian nuclear program,
these centrifuges that spin at enormous speeds to enrich uranium
started shaking themselves to pieces.
And the Iranians couldn't figure out why,
because everything, all the telemetry, all the sensors,
were reporting all norm.
Right, right.
So that's an important problem,
and that Space Force have focused on,
that's called the cyber resilience on orbit.
Time for a quick break now.
When we come back, Sean Waterman details why behavior
is the key indicator for security incidents with spacecraft.
Here's a hint.
How often do you see space-based CBEs?
Yeah.
More on that after this.
Most environments trust far more than they should,
and attackers know it.
Threat Locker solves that by enforcing default deny
at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker DAC, Defense Against Configurations,
you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles
without the operational pain.
It's powerful protection that gives CISO's,
real visibility, real control, and real peace of mind.
Threat Locker make zero trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
Spotify, it's Jay Shetty.
Are you one of those media strategy people?
scrolling through spreadsheets, searching for an audience that pays twice as much attention to your ads than they do on social, let me introduce you to fans.
And they're here with me on Spotify.
Trust me, I know fans.
They don't skip.
They stay for hours.
They don't move on.
They manifest.
They're not a demographic group.
They're fans.
Spotify advertising.
You're among fans.
And we're back.
Here's more of my conversation with journalist Sean Waterman.
jumping back in with indicators of behavior and what that means.
So indicators of behavior look at things other than the software
to figure out if there's an intruder in the system.
Part of the reasoning for that is that there isn't in space
a tradition like you have with earthbound IT systems
of people finding vulnerabilities and reporting them
and this huge bank of CVEs, which are reported and validated software flaws,
this is how a lot of detection is done in earthbound cyber,
through looking for the indicators of compromise that show that a particular CVE is being exploited.
Now, in space, because you don't have this huge database of like previously discovered,
vulnerabilities, it might be much harder to detect a cyber attack just through looking at the
software itself, especially because so much of the kit is, you know, it's sort of non-standard.
Yeah, it's custom per satellite in many cases, right?
Especially with the big, the sort of legacy geo-satellites in geostationary orbit,
these huge, exquisite satellites, they have custom-built hardware.
like absolutely custom, and it's run with firmware, embedded software,
very difficult to analyze, very difficult to detect potential attacks.
The indicators of behaviour are a sort of collateral way, really, of detecting an attack.
You know, not looking directly at the software,
but looking at possible impact that it's having on the way the satellite's actually behaving.
The drawback, Maria, is that indicators of compromise, if they're done in the right way, are pretty deterministic, right?
If you see this, you know it's an attack, you know it's exploiting the following CVE, you know its blast radius might be X, Y, or Z.
With indicators of behaviour, it's much more probabilistic, you know, well, this looks like it might be X, Y, or Z.
That's the $64,000 question because or challenge, because, you know, if you're trying to empower satellite owners and operators to defend their assets,
they really need a yes or no answer.
They're not going to mess with a multi-million dollar orbital asset, you know, because it might be, you know, something might be up.
So, yeah.
But that's, I mean, it is, it is, it is, it is, it is, it is, it is, it is, it is, it is, it is,
very interesting because it just, you know, it's, cyber is not one thing and certainly not in space.
You know, it's, it's, there's multitude of sort of different approaches that you have to take.
It's multi-layered defense to protect these assets.
Now, we were talking a lot about, you know, when we're thinking of the more custom, the exquisite, I love that word that you use, the exquisite satellites and geo, you know, the huge military, especially assets.
But I'm thinking for the proliferation of more commercial constellations in Leo,
do we see the paradigm changing dramatically or maybe not at all when we're thinking about that?
Or is it too early to even be thinking about when we've got these constellations in Leo that are more commercialized?
Will they have their own custom Linux distro that they're running on?
Or is it going to be sort of a similar situation?
Well, that's a really interesting question.
So the big Leo mega constellations are all vertically integrated, right?
So, you know, it's a Starlink dish, it's a Starlink satellite, it's Starlink hardware, it's Starlink software all the way up and down the chain.
At least with SpaceX, you know, they have used or tried to make a much more use of commodity hardware, you know, regular chips.
And yeah, running Linux.
I actually don't know what the operating system for Starlink is.
I mean, the firmware for the dish has been taken down a couple of times, I think, by researchers of Black Hat and DefCon.
Obviously, the satellites themselves, that's a very different kettle of fish.
And I don't know, I'm not aware that anyone's done any sort of work trying to tinker with that.
But yeah, I think the big Leo constellations, we are seeing a lot more commodity.
You know, just because of the scale, you can't, you know, you're not going to build your own chips.
You know, if you're putting 20,000 satellites into orbit, and that is not going to work out.
Yeah, and SpaceX's vertically integrated approach, they're SpaceX, they're the big, you know, an exception to a lot of things.
they've been able to do that walled garden approach,
but certainly at least if we listen to what the space industry is saying
about the way things are going to be going,
they certainly won't be the only dominant player doing what they're doing
if we give it enough time.
And at some point, I wonder,
they've been sort of able to keep things walled off
and relatively protected,
but there are going to be a lot more constellations out there
that probably won't be as vertically integrated as Starlink's.
I can't help but wonder what's going to happen.
It's going to be very interesting.
Amazon, Leo, you know, which is probably going to be the first, well, there's actually
there's one other operative Leo constellation out there.
But I think it's one where Amazon Leo is coming online.
I believe this year is scheduled to come online and, you know, and to have a global coverage
next year.
So, and they are apparently, it seems, taking a less walled garden approach, although, you know,
know, I mean, it's all within the Amazon ecosystem, but I think the objective from Amazon
is that those AWS customers find it much easier to integrate the Leo connectivity.
Yeah, yeah.
You're right, though, it is.
And, you know, there's going to be, I mean, there's also all of the Earth observation
constellations, and, you know, there's just, there's so much activity up there in orbit
now, and a lot more of it, I think, is going to be using commoditized hardware and
software. Kratos has created an open source management platform for satellites. And the
virtualization as well, I mean, this is back on the ground. Replacing hardware switches and modems
with software, you know, again, that arguably does open up the attack surface. So the convergence
of cyber and space, I think, is unfortunately, is going to.
to create a lot of risks for space.
Space assets have traditionally been protected, at least from nation-state attack,
by these very strong norms.
All the superpowers have demonstrated kinetic anti-satellite capabilities.
None of them have ever used them.
Part of the reason is that it's clearly a red line.
If you're doing nuclear command and control through your satellites
and the adversary starts to mess with them,
that is a very bright, thick red line that's been crossed,
and people generally don't want to do that.
But in cyberspace, there's just aren't the same norms.
Historically, there's been no penalty for attacking in cyberspace.
And frankly, that's a little worrying.
Oh, it's a lot to think about, Sean.
Thank you again so much for speaking with me.
I greatly appreciate it.
It's lovely.
I enjoyed it, Maria, and I'll come back anytime.
on. And that is T-minus space cyber briefing, brought to you by N2K CyberWire. If you like what you
heard today, you will also enjoy our newsletter, signals, and space. You'll get research and notes
pulled together by our producer Ethan Cook and me, along with this week's top space cyber news stories.
Subscribe by visiting thecyberwire.com slash newsletters. We'd love to know what you think of
our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing cybersecurity landscape.
If you like our show, please share a rating and review in your podcast app.
You can also fill out the survey in the show notes or just send us an email.
Face at n2K.com is how you can get in touch.
We are proud that N2K Cyberwire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of
the world's preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals grow, learn, and stay informed.
As the nexus for discovery and connection, we bring you the people, the technology, and the ideas shaping the future of secure innovation.
Learn how at ntuk.com.
Thank you for listening to T-minus.
I am your host, Maria Vermazes.
The show is produced by Ethan Cook and Liz Stokes.
We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin, with content strategy by Mayan Plout.
Peter Kilpe is our publisher.
Thanks again for joining us.
See you next week.
Hey y'all, it's Kelly Clarkson with Wayfair.
Ever order furniture online and wonder, what if?
Like, what if it doesn't hold up?
That sofa was four days old.
You should have ordered from Wayfair.
With Wayfair, there's no what if.
Just style you love and quality you can trust.
Visit Wayfair.ca.
Wayfair, every style, every home.