For years, cybersecurity in the commercial space sector has been treated as secondary, but this is changing. As satellite networks become more integrated and cyber threats more complex, the industry is recognizing the importance of robust defenses. Experts discussed this shift on October 29th at the MilSat Symposium.

According to industry officials, many commercial entities have viewed cybersecurity as a cost center, not a revenue generator. This perception is changing, especially as threats increase and the potential financial impact of breaches becomes clearer.

Joe Bravman, chief engineer at Lynk Global, emphasized the difference in priorities between commercial and government sectors. Lynk Global is building a satellite-to-mobile-phone constellation. "The needs of the commercial sector and government sector are very different in terms of cyber security," he said. He pointed out that government entities need to prepare for warfare, while commercial companies might only invest in cybersecurity when required by contracts or after a significant incident.

The cost of encryption technologies has been a hurdle. Bravman stated that many encryption products for satellite communications are too expensive for many commercial space firms. He stressed that security should be a fundamental part of system design. “If you don’t have the right architecture, you can put a lot of band aids on and you never make it secure,” he said.

Talbot Jaeger, founder of NovaWurks, highlighted the industry’s reactive approach. Historically, cybersecurity has been managed at the ground-systems level, often only after an intrusion. “Traditional spacecraft and spacecraft architectures were designed before the current cyber threats were envisioned,” he said. Jaeger also mentioned fragmented supply chains and inconsistent requirements as contributing factors.

Unless there are mandated minimum standards, the integration of cybersecurity will remain uneven. Bravman added that while encryption is essential, it’s just one element. “Everybody thinks about [encryption] a lot, but you also have to protect the routing, and you also have to protect TT&C,” he said, referring to Telemetry, Tracking, and Command systems. He emphasized the importance of protecting these critical control systems.

The increasing demand for encryption has benefited companies like Innoflight. Jeffrey Janicik, Innoflight’s chairman, said the company is preparing for increased cybersecurity requirements. “We’re trying to stay ahead of that too,” said Janicik. “We’re looking ahead, looking at all the standards, all the requirements.” Janicik suggested a more formal system to enforce standards, saying "It’s got to get to that point. There’s no question about it.”

Despite available high-assurance products, Bravman noted their high cost. “They’re great products, but they cost too much, and that’s pretty much true across the board,” he said. He likened the process to drug development, with high upfront costs for validation and review.

Jaeger cautioned that commercial operators can no longer ignore cybersecurity. Companies must integrate the cost of cybersecurity into their core systems. As threats grow, the choice is simple: invest now or pay more later.

Bravman suggested exploring alternative, cost-effective cybersecurity solutions. He suggested that standards from the 3rd Generation Partnership Project (3GPP) could play a role in enhancing system resilience. “They are starting to get serious about this,” he said. He emphasized that many options besides encryption can strengthen system resilience.

Executives at the MilSat Symposium agreed that the industry’s reactive approach to security is becoming unsustainable given the evolving threat landscape.