In the past, orbiting satellites were often thought to be naturally shielded from cyber threats by distance and specialized communication systems, but that assumption no longer holds. Modern satellites are deeply intertwined with our daily lives and global infrastructure, connecting networks, supporting navigation through GPS, facilitating communications and financial transactions and enabling everything from weather forecasting to national security missions. As they become more integrated with terrestrial networks and ubiquitous technologies like 5G, they are increasingly susceptible to unauthorized access.  

Multiple incidents in recent years, ranging from accidental to malicious in nature, have underscored the uncomfortable truth that space systems — even commercial satellites — are strategic targets in geopolitical conflicts and can be compromised without firing a missile or launching a hostile satellite. A keyboard may be all that’s needed to wreak high-stakes consequences which can be local or global, temporary or permanent, and involve the loss or compromise of sensitive personal information or controlled defense data.

These developments have propelled the need for new, proactive cybersecurity approaches designed for the space domain. Among the organizations leading that effort is The Aerospace Corporation, which has developed two significant tools — SPARTA and DARS — and is now advancing a new integration called SPARTEND to help space operators identify, evaluate and respond to threats more effectively.

“Space systems face cyber threats wherever they exist: on the ground, through the link or on orbit. We need to extend threat insights end-to-end across every user at every partner organization and empower every space asset to identify, isolate and mitigate attacks — and potentially respond,” said Jim Myers, Aerospace Senior Vice President of Civil Systems Group. “Delivering SPARTA’s growing knowledge base to orbiting assets through SPARTEND is a gamechanger.”

Understanding the Challenge

This rising vulnerability of space systems to cyberattack became evident in 2022 with the attack on the Viasat KA-SAT network. The incident disrupted broadband services across parts of Europe and interfered with Ukrainian military operations during a critical moment in the nation’s defense. The threat environment has also expanded to GPS systems, which are increasingly subject to jamming and spoofing — techniques that can mislead receivers or overwhelm signal connections. When GPS data is interrupted, aircraft, shipping fleets, financial networks and even emergency services can be affected, posing obvious risks to global commerce and national security.

Unlike terrestrial networks, space systems lack decades of shared cyber incident reporting, leaving many anomalies classified or undocumented. Without historical data, traditional signature-based defenses fail. Effective satellite security thus relies on tools that comprehend normal operations and detect deviations from expected behavior to identify new or evolving threats. 

“There are plenty of cyber tactics, techniques and procedures for land-based systems, but space is unique, so it has to have its own unique cybersecurity coverage,” said Sylvia Llosa, a doctoral candidate at the University of Colorado Boulder and a graduate intern in Aerospace’s Cybersecurity and Advanced Platforms subdivision. “It’s not enough to know a potential attack is underway or to wait until a critical asset is actually taken down; it’s also important to know how bad an incident can be and how likely it is.”

The challenge is not only technical but communicative. Across government, commercial space companies and research institutions, there has not always been a common language for describing how cyberattacks occur on-orbit, how they can be detected, and how they should be addressed. Historically, gaps in communication have made it difficult for system designers, mission operators, and security analysts to work from the same assumptions.

This is where SPARTA comes in.

SPARTA: Building a Shared Understanding of Threats

The Space Attack Research and Tactic Analysis (SPARTA) knowledge base is an unclassified, publicly available knowledge base designed to help space professionals understand how spacecraft might be targeted. It categorizes a broad range of hostile cyber and counterspace activities, making detailed threat information accessible to engineers, operators, analysts and mission designers who may not have access to classified intelligence. By standardizing the language of space cybersecurity, SPARTA enables organizations to discuss vulnerabilities more clearly, design secure test scenarios and missions and recognize potential adversary techniques based on a spacecraft’s orbit, mission purpose or communications systems.

A major update to SPARTA introduced Indicators of Behavior (IOBs) — the first comprehensive documentation of behavioral patterns that may indicate malicious activity on spacecraft. Funded by the Department of Homeland Security, IOBs provide a proactive threat detection approach by highlighting deviations from normal spacecraft behavior rather than depending solely on known attack signatures. Organized into mission-relevant categories and mapped to specific SPARTA techniques, these IOBs support the development of effective intrusion detection capabilities.

Documentation of these IOBs will support the development of intrusion detection capabilities, because knowing the threat landscape and threat behaviors is critical to responding in time. 

DARS: Threat Detection for In-space Assets

To operationalize these insights, Aerospace’s Detection and Reporting System (DARS) continuously evaluates spacecraft telemetry using artificial intelligence, machine learning and statistical modeling. DARS creates a dynamic behavioral model of what “normal” looks like for each satellite, employing deep neural networks to compare incoming telemetry against this model and flagging anomalies. 

In addition, new rules can be integrated without retraining the system, allowing it to adapt as missions evolve and new threats arise. DARS has already proven its value on operational U.S. space missions, including the Suomi National Polar-orbiting Partnership and multiple Joint Polar Satellite System (JPSS) missions, by providing early alerts to irregular patterns, thus affording operators valuable response time.

SPARTEND: Bringing Threat Insight and Detection Together

Merging the strategic insights provided by SPARTA with the anomaly detection capabilities of DARS is critical to real onboard intrusion detection and mitigation capability. This is the purpose of SPARTEND, short for SPARTA Telemetry Encoder Neural Network to DARS.

Think of SPARTA as the library of known threat strategies and DARS as the detective observing a spacecraft for signs of trouble. SPARTEND is the system that trains the detective to recognize which suspicious behaviors are associated with which known threat patterns.

With SPARTEND, operators can evaluate mission concepts early using threat insights from SPARTA, determine which tactics are most relevant based on mission profile, rank risks and prioritize which protective measures matter most, and feed that insight into system architecture decisions before launch.

Furthermore, SPARTEND enables operators to automatically correlate anomalies detected on-orbit with known threat behaviors without requiring any modifications to satellite hardware or software. In practical terms, SPARTEND makes satellite cybersecurity faster, smarter and more anticipatory.

“SPARTEND extends SPARTA’s structured framework for identifying high-risk cyberattack techniques to DARS, providing a uniform cybersecurity framework across various satellite platforms to help build a resilient space infrastructure,” said Llosa, who developed SPARTEND. “The SPARTA IOBs are kind of a mix of psychology, engineering, science and cybersecurity. Integrating SPARTA with DARS brings that multidisciplinary knowledge base into the operating environment, allowing for the comprehensive detection of known and novel threats and then comprehensive coverage of those threats.”

Testing and Future Development

A focus on extending actionable space-cyber knowledge to onboard systems is gaining steam. For example, Deloitte recently announced plans to launch a testbed satellite that will integrate SPARTA-based analysis in orbit. This step emphasizes the importance of testing cybersecurity capabilities in space and demonstrates growing collaboration between commercial and national security sectors.

As cyber threats continue to evolve, space systems will require defenses that are not only technically advanced but also flexible, scalable, autonomous, instantaneous and easily updated. Innovations such as SPARTA, DARS and SPARTEND contribute directly to this shift—from reactive defense to proactive protection.

By developing tools that combine shared knowledge, automated detection, and mission-driven adaptation, organizations like Aerospace are helping ensure that satellites remain secure and reliable, even in a rapidly evolving environment.

“Space organizations may fall on spectrum of experience and resources specific to space-cyber, but we are all operating together in a contested domain and need to be resilient,” said Dr. Thomas Kashangaki, Aerospace’s Assistant Principal Director for System Integration and Protection. “It’s important that people know these tools are out there, allowing for collaboration and information-sharing to counter these threats.”