Written by Hans Francken

Space Cybersecurity and Threat Modeling

By Robert Hurlbut

Outer space is considered one of the final frontiers. For nearly 70 years, we have traveled to space with rockets, satellites, probes, crewed vessels, and rovers to other planets and moons and beyond. From scientific exploration to military operations to, more recently, commercial ventures, we have seen many academic communities, governments, and private organizations see space as an opportunity to expand networking, communications, surveillance, and understanding. With this in mind, space is quickly becoming a critical infrastructure, using GPS navigation, satellite communications, weather monitoring, and national defense systems. However, as with systems on Earth, these space environment systems are subject to cybersecurity attacks, and threat modeling is critical more than ever to address these challenges in the space environment.

Attack Surface and Threat Vectors in Space Cybersecurity

There is a significant attack surface extending hundreds of miles above the Earth. Today’s spacecraft are computers with processors, sensors, communication systems, and autonomous decision-making capabilities. Physical access for updates or repairs is extremely limited or impossible, making cybersecurity failures potentially catastrophic.

Some threat vectors are especially unique to space systems. For example, interference and signal jamming can disrupt radio frequencies used in space communications. GPS coordinates can be spoofed, which can cause navigation failures. GPS timing signals synchronizing financial networks, power grids, and telecommunications systems can also be compromised. A successful attack on GPS satellites could affect everything from ATM networks to cellular communications.

Satellite internet constellations are becoming critical infrastructure for remote regions and backup communications. The interdependence between terrestrial and space-based networks means that attacks on space assets can immediately impact ground-based services, and vice versa.

Supply chains for space systems can also be compromised. Many components for spacecraft come from multiple countries and vendors, each potentially becoming an open point for backdoors in hardware and software.

Natural events in space, such as solar storms or other space weather events, can cause interference with space operations and security monitoring systems. Attackers might then use timing attacks and these events to cover malicious activities.

Threat Modeling Frameworks for Space Systems

Traditional threat modeling approaches, like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), can help identify some threats applicable to space systems. However, STRIDE may require significant adaptation for space environments. An alternative approach is the Space Attack Research and Tactic Analysis (SPARTA) matrix created by The Aerospace Corporation in October 2022 (see: https://sparta.aerospace.org/).

The SPARTA Framework: A Space-Specific Threat Modeling Approach

SPARTA is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle, addressing the unique challenges that traditional cybersecurity frameworks cannot adequately cover. SPARTA is a space-based framework for cybersecurity similar to the MITRE ATT&CK framework to document common tactics, techniques, and procedures (TTPs) used by adversaries against enterprise networks.

The framework serves as more than just a theoretical exercise. The Space Attack Research and Tactic Analysis (SPARTA) matrix visualizes the relationship between tactics and techniques/sub-techniques for space cyber threats. This visualization helps space professionals understand what threats exist and how they interconnect and evolve throughout an attack campaign.

SPARTA has evolved significantly since its initial release, with recent versions incorporating new threat intelligence and expanding coverage. SPARTA v3.0 (released in April 2025) introduced a new resource: the Space System Cybersecurity Questionnaire (see: https://sparta.aerospace.org/v3.0/related-work/questionnaire). This tool is designed to help organizations evaluate how well they address cybersecurity across the entire space system (i.e., space, ground, and user segments).

Defending Against Space Threats

Protecting space assets demands a layered approach, a defense-in-depth model, spanning ground, space, and communication segments. While encryption of command and control links is a basic requirement, it introduces a significant challenge: managing encryption keys for systems that are often out of contact for long stretches of time.

Space systems need to be able to fend for themselves to overcome the limitations of distance and connectivity. Autonomous security capabilities allow satellites to detect, analyze, and respond to threats without constant human oversight. Similarly, building in redundancy and graceful degradation ensures a mission can continue even if individual components are breached. This is particularly effective in constellation architectures, where functionality is spread across multiple platforms, making it much harder for an attacker to disable an entire service.

Building a Secure Space Future

Ready to master threat modeling?

About the Author

Robert is a seasoned software developer, software architect, and recognized leader in application security and threat modeling. He is dedicated to helping developers, architects, project managers, and other stakeholders strengthen their understanding of secure software design and architecture through threat modeling and related security practices. A strong advocate for building and sustaining organizational Threat Modeling Programs and Security Champion Programs, Robert brings extensive experience in guiding teams to successfully launch, scale, and mature these initiatives.