As space systems become more commercially driven, cybersecurity has shifted from a niche technical concern to a strategic necessity. Satellites increasingly rely on commercially developed hardware, shared software platforms and remote reconfiguration. While these advances deliver clear operational benefits, they also expose space infrastructure to the same rapidly evolving cyber threats faced by terrestrial industry.
Keeping space systems secure amid global tensions, new types of security threats and fast-moving technology changes — especially in areas like quantum computing — has become essential for the economy, defence and public trust. In response, the European Space Agency (ESA) has placed cybersecurity at the heart of its technology development activities, addressing risks across the space, ground and communications segments throughout the full mission lifecycle.
To support these efforts, ESA’s General Support Technology Programme (GSTP) is working on a series of cybersecurity themed activities. To begin, earlier in 2026 GSTP published the (Cyber)Security Products for Space Systems Protection 2026-2028 document – a list of (cyber)security products that have been identified for accelerated development, complementing the GSTP Compendia 2026-28 for Cybersecurity.
Next, a workshop, to be held on 7 May 2026 will expand on previous work by the Agency and industry to establish which security concerns should be priorities and where gaps in the market existed. This next workshop will build collaborations to address these issues and help future proof the space technology realm.
“Together with GSTP we have been compiling a security reference architecture constituted by cybersecurity building blocks; our vision is these building blocks will be developed as products by our industry, eventually making them available off-the-shelf for future missions,” explains Antonios Atlasis, Head of ESA’s System Security section. “This approach will help us to raise the security posture of future space missions, facilitate commercialisation by the cybersecurity domain and reduce costs and scheduling impacts for future space missions.”
The document contains cybersecurity-related projects at a variety of levels, while some are standard activities the space industry anticipates will need upgrades, others are ones that have been highlighted as priority activities, technologies the space industry doesn’t currently have but will need in the very near future.
“Industry were very encouraging of the identified activities. For the first time, this workshop will look at these activities, the building blocks of cybersecurity in our space industry, and see which ones we need as a final product, which ones need to be accelerated, ” he continues. The workshop will highlight these products and then build consortiums in the room to work on them.
This means the right companies can be highlighted in the moment, with experts on different software or hardware, those with the facilities or experience to build and smaller companies who have the idea being introduced with the aim of fast-tracking the product.
The workshop will focus on protection of communication links, intrusion detection and general protection and recovery methods. These areas directly address what are seen as the three most significant cybersecurity threats to space systems.
“The threat of quantum computing is one of the biggest threats to security —especially for cryptography,” Atlasis notes. “But it is not the only one.”
Once mature, quantum computers could compromise many encryption techniques currently used to protect critical infrastructure and communications. At the same time, satellites increasingly require secure remote software updates. While essential for long‑duration and flexible missions, update mechanisms can also introduce new vulnerabilities if not properly protected.
Another shift is the growing need for remote software updates. As space systems become more flexible and long‑lived, the ability to fix vulnerabilities and add functionality after launch is essential—but it also creates new risks.
“Secure software patching is not something new, but in space we were not used to it until recently,” Atlasis explains. “Now we have a less constrained environment and the need for patching is there for every kind of system.”
The challenge is intensified in large satellite constellations, where vulnerabilities can be replicated across many spacecraft.
‘As satellites increasingly run off-the-shelf components, including software and operating systems, the challenge becomes ensuring that multiple applications—often developed by different organisations—do not introduce a security risk to each other or to the wider system,” Atlasis continues. “The focus needs to be on end-to-end protection, of course.”
To meet the demands of these threats, ESA and GSTP are focusing on cartographic devices, for protecting against communication leaks.
Alongside the workshop activities, GSTP is already delivering concrete cybersecurity solutions through its framework, targeting developments that can be matured in under 18months and fast-tracks them.
One, with OHB Germany, is exploring how future navigation satellites can be built around highly flexible, reprogrammable computer chips that remain secure throughout their lifetime, even as threats evolve. The system allows onboard software—and even parts of the satellite’s digital hardware—to be securely updated in orbit, while using post‑quantum cryptography to protect data against future quantum attacks. For users on the ground, this means navigation services that remain trustworthy even as computing power advances.
A further activity, called TANDI (Trust and Isolation for Applications in Satellites), with Airbus, will demonstrate how different software applications can safely coexist on the same satellite computer without risking mutual interference or system takeover. It does this by using layered security techniques—widely used on Earth but adapted for space—to isolate applications, verify their integrity remotely and ensure that only authorised updates are installed. For mission operators, this means greater confidence that a software fault or cyberattack in one part of the system cannot cascade into a full mission failure.
Another, the ARCA SATLINK Encryptor, led by CYSEC, is a ready‑to‑use encryption library designed specifically for space, allowing satellites and ground stations to protect their data links using internationally recognised standards. It manages not just encryption, but also the secure handling of cryptographic keys over a satellite’s lifetime.
Together, these activities demonstrate how GSTP is translating cybersecurity frameworks into practical, deployable technologies for future European space missions.
To find out more about the event, which will be held in person on 7th May 2026, at ESTEC, you can register here: GSTP (Cyber)security Workshop for Industry
Thank you for liking
You have already liked this page, you can only like it once!
Strengthening Space Cybersecurity through ESA’s GSTP – European Space Agency
Leave a Comment
