Business Continuity Management / Disaster Recovery,
Geo Focus: Australia,
Geo-Specific
Orbital Frontier: An Ungoverned Internet Vulnerable to Attack
The domain of cybersecurity is venturing into uncharted territories as humanity engages in an aggressive pursuit to commercialize outer space. As critical infrastructure expands into this frontier, questions arise regarding cybersecurity ownership. Recent developments highlight the lack of a robust international framework governing cybersecurity in space, leaving vital satellites and orbital systems vulnerable to potential threats.
The Australian space sector is experiencing rapid growth, with investments in satellite manufacturing and launch capabilities. However, many of these assets remain susceptible to exploits that can lead to catastrophic failures. As of mid-2025, over 11,000 active satellites are orbiting Earth, with projections indicating this number could eclipse 100,000 within a decade due to mega constellations like Starlink and OneWeb. Each satellite operates with firmware often developed without full consideration of the consequences of vulnerabilities.
Despite the significant threats posed by compromised satellite systems, existing treaties, including the Outer Space Treaty of 1967, offer little guidance on cybersecurity. This treaty focuses on issues like debris and liability but neglects the governance of data and the responsibilities of state actors in safeguarding orbital assets. In the event of a cyber incident affecting satellite services such as GPS or communications, key questions regarding responsibility and accountability remain unanswered.
Incidents like the ViaSat KA-SAT attack highlight the real risk of cyber intrusions in space. Such an attack emphasizes the potential for interception and manipulation of data, with consequences that could disrupt essential services across vast regions. The aging architecture of many satellites, particularly those launched pre-2020, often lacks adequate encryption, making them easy targets for malicious actors.
As Australia aspires to become a prominent player in the global space industry, its current policy framework prioritizes launch safety and debris management over digital resilience. For a robust future in space, a comprehensive national cybersecurity framework is imperative. This framework should stipulate requirements such as encryption and vulnerability assessments to elevate Australia’s standing in international discussions on space governance.
The potential for a “Cyber Orbit Accord” surfaces as a necessity for future space operations. This global treaty could standardize cybersecurity protocols, mandating encryption between ground stations and satellites, conducting independent penetration testing prior to launches, and setting up cross-border incident response mechanisms. By advocating for an accord, Australia could position itself as a leader in establishing global norms in space cybersecurity.
For cybersecurity professionals, the risk landscape now extends into space. Organizations across sectors—defense, telecommunications, energy, and government—rely increasingly on satellite networks. Enhancing resilience in this emergent domain necessitates integrating space assets into existing risk management strategies, ensuring transparency throughout the supply chain, and fostering collaboration among key stakeholders.
The looming challenge is no longer about whether an orbital cyberattack will occur, but rather when it will happen and whether preparedness measures are sufficient. Until substantial protections are put in place, every digital entity on Earth remains vulnerable, connected to this unguarded frontier.
