In partnership with
π Welcome to Unlocked
For years, cybersecurity conversations have centered on endpoints, networks, and the cloud. But thereβs a critical layer of infrastructure most organizations depend on β yet rarely consider β sitting far above all of it.
Satellites power GPS navigation, financial time synchronization, aviation systems, global communications, weather forecasting, emergency response, and even cloud service availability. Theyβre no longer isolated, purpose-built machines drifting silently in orbit. Modern satellites are software-defined, remotely updated, and tightly integrated with terrestrial networks.
This week, weβre looking at cybersecurity above the cloud β how satellites have quietly become part of the digital attack surface, why that matters to CISOs and IT leaders, and what securing space-based infrastructure really means in 2025.
Letβs dive in.
π°οΈ Satellites Are Software Now β And That Changes Everything
The satellite industry has undergone a dramatic transformation over the past decade.
Traditional, closed systems have given way to:
Software-defined radios
Over-the-air firmware updates
Cloud-connected ground stations
API-driven command and control systems
Commercial off-the-shelf operating systems
As NASA has noted in its space cybersecurity guidance, modern space systems now face many of the same threats as cloud infrastructure β including misconfiguration, credential abuse, and software vulnerabilities. (NASA)
Similarly, the European Union Agency for Cybersecurity (ENISA) has warned that space systems are increasingly exposed to IT-style attacks, not just signal interference. (ENISA)
β οΈ Real-World Space Cyber Incidents Are Already Here
Cyber threats to satellite systems are no longer theoretical.
Viasat KA-SAT attack (2022): A cyberattack disrupted satellite modems across Europe, impacting thousands of users and critical services. (Via Satellite - Three Years Later, Lessons Learned)
GPS spoofing incidents: Aviation and maritime authorities have documented GPS spoofing events that caused navigation failures and safety risks. (Egyptβs GNSS Presentation at ICAO)
Satellite jamming: Deliberate jamming of satellite signals has been widely reported in geopolitical conflicts, disrupting communications and navigation. (CSIS - Satellite Jamming)
In most cases, attackers didnβt need to compromise the satellite itself. They targeted ground stations, network interfaces, or access controls β the same weak points attackers exploit in cloud environments.
π The Identity Problem in Space Infrastructure
At the heart of satellite security lies a familiar issue: trust.
Satellite ecosystems often rely on:
Ground station operators
Network administrators
Third-party vendors
Long-lived credentials and service accounts
Legacy access systems designed decades ago
The U.S. National Institute of Standards and Technology (NIST) has highlighted identity and access management as a core weakness in cyber-physical systems, including space and OT environments. (NCCOE)
Without modern identity controls β such as short-lived credentials, strong authentication, and continuous monitoring β space systems inherit the same risks that plague legacy enterprise IT.
π Why CISOs Should Care β Even If Youβre Not βIn Spaceβ
Most organizations donβt operate satellites β but almost all depend on them indirectly.
Satellite disruptions can impact:
Financial services: GPS time synchronization underpins transaction ordering and high-frequency trading
Transportation: Aviation, shipping, and logistics depend on satellite navigation and communications
Telecommunications: Satellite backhaul supports connectivity during outages and in remote regions
Critical infrastructure: Power grids, emergency services, and weather systems rely on satellite data
The U.S. Department of Homeland Security has classified satellite services as part of critical infrastructure dependencies due to their cascading impact. (DHS)
A compromise in space doesnβt stay in space β it ripples across industries.
π‘οΈ Securing the Final Frontier: What Needs to Change
The same cybersecurity principles apply above the cloud as below it:
Zero trust architectures for satellite command systems
Strong identity controls β MFA, short-lived credentials, role separation
Segmentation between telemetry, command, and data channels
Anomaly detection to identify unusual signal or command behavior
Supply chain validation for firmware, software updates, and vendors
ENISA and NATO have both emphasized the need for continuous monitoring and identity assurance in modern space systems. (CCDCOE)
π‘ Unlocked Tip of the Week
Ask a simple but revealing question:
Which parts of our business rely on satellite services β and what happens if theyβre disrupted for 24 hours?
Most organizations have never formally mapped this dependency. The exercise often uncovers hidden risk paths.
π Poll of the Week
Do you consider satellite infrastructure part of your organizationβs cyber risk model?
π Author Spotlight
Meet Alex Rivera β Security Platform Engineer
Alex Rivera is a Security Platform Engineer with over ten years of experience building and securing cloud-native SaaS platforms. His work focuses on identity infrastructure, detection engineering, and hardening distributed systems at scale. Alex partners closely with product and DevOps teams to integrate security controls directly into development workflows, reducing risk without slowing delivery. Outside of work, he contributes to open-source security tooling, runs tabletop incident response exercises, and enjoys breaking β then fixing β his own lab environments.
β Wrapping Up
Cybersecurity no longer ends at the data center, the endpoint, or even the cloud.
As satellites become software-driven, remotely managed, and commercially integrated, they inherit the same identity, access, and trust challenges weβve spent years addressing on Earth β often with far higher stakes.
Cybersecurity above the cloud isnβt science fiction. Itβs a natural extension of digital transformation β and one security leaders can no longer afford to ignore.
Stay curious. Stay prepared. And remember: the next attack surface may already be in orbit.
Until next time,
The Everykey Team
About Our Sponsor
Learn how to make every AI investment count.
Successful AI transformation starts with deeply understanding your organizationβs most critical use cases. We recommend this practical guide from You.com that walks through a proven framework to identify, prioritize, and document high-value AI opportunities.
In this AI Use Case Discovery Guide, youβll learn how to:
Map internal workflows and customer journeys to pinpoint where AI can drive measurable ROI
Ask the right questions when it comes to AI use cases
Align cross-functional teams and stakeholders for a unified, scalable approach