Ready for Launch: A Space Cybersecurity Road Map for Trump 2.0

The recent return of two “stranded” American astronauts from the International Space Station on a SpaceX mission, following a Boeing Starliner’s malfunction last June, marks a dramatic moment for the commercial space industry in the Trump 2.0 era. It simultaneously vindicated the commercialized, multi-participant space economy that has successfully replaced the shuttle program and exposed the sobering reality of space operations that when technology fails in the harsh vacuum of space, the consequences can be catastrophic and unpredictable. In this case, American industry’s ingenuity and redundancy saved the day—but what happens when the next spacecraft malfunction isn’t simply an accident, but the product of a deliberate cyberattack? Unlike mechanical failures that trigger warning lights and system alerts and allow for backup plans, cyber intrusions can silently corrupt critical systems in ways that compromise space systems’ infrastructural resilience.

Space is a fast-growing sector of the global economy and is overwhelmingly powered by dynamic American companies. Space powers civilian services, such as the Global Positioning System (GPS) and cellular and internet connectivity, while providing the U.S. and other advanced militaries unparalleled reconnaissance and communication advantages.

With the importance of space increasing, it is no surprise that threats are growing as well, and cyber capabilities are malign actors’ preferred tools to target space systems. In 2024, Gen. Stephen Whiting—head of U.S. Space Command—reiterated his frequent statement that cybersecurity is the “soft underbelly of our space enterprise,” after first acknowledging in 2022 that the still-young Space Force did not fully grasp its cyber vulnerabilities. Cybersecurity is vastly more challenging in space than on Earth for a number of reasons: Satellites on orbit cannot be physically accessed for inspection or repair after launch. They have limited size, weight, and power (SWAP) to spare for routine cybersecurity tasks. Their sprawling and simultaneous civilian and military uses are as broad as their transnational risk profiles, with threat vectors rotating constantly beneath them. With the growing centrality of space systems to modern society, the United States and like-minded nations need the strongest possible cyber foundations to protect this critical source of commercial and military strength.

Securing our space infrastructure—much of which is privately owned and operated—will require deep public-private collaboration. The Biden administration’s space cybersecurity efforts, which I led, focused on engaging space industry and academic experts to understand their perspectives on cyber challenges. In the administration’s final days, President Biden issued an executive order that included minimum cybersecurity requirements for all government space operators. These requirements were driven equally by cyber threats and the industry’s frustrations with fragmented U.S. space cybersecurity guidance, which had previously been dispersed across an array of non-space-specific security frameworks.

In advancing national space cybersecurity policy, the Biden administration built on the first Trump administration’s foundation. Then-Vice President Pence’s National Space Council was especially prolific and released seven space policy directives (SPDs). Notably, the Biden administration’s cybersecurity executive order built directly on SPD-5, “Cybersecurity Principles for Space Systems,” and is one of only a few Biden orders to be preserved by the new Trump administration, with federal agencies currently working to implement its provisions.

During the Biden administration, I led a series of technical workshops in key hubs across the United States designed to capture the perspectives of space and cyber industry leaders. In discussions from Los Angeles to Houston to Cape Canaveral (and virtually with multinational companies), we learned from hundreds of experts representing more than 125 leading companies and academic institutions and captured key takeaways in a January 2025 White House  report. Just as our work built on the first Trump administration’s policy foundations—which I also contributed to from inside the Pentagon—these subsequent findings provide a road map for the Trump administration to address space industry pain points and capitalize on economic growth. With federal government and industry support, the White House should prioritize (a) investing in research and development to tailor cyber solutions for on-orbit space systems; (b) streamlining threat information-sharing, including by reducing classification barriers; and (c) fostering a stronger community of interest that cuts across space and cyber functions among both policy and technical professionals.

Why Worry?

The first Trump administration developed SPD-5 in response to growing threats. Likewise, the Biden administration was motivated by the changing space threat landscape created by Russia and the People’s Republic of China (PRC). In 2022, the Russian full-scale invasion of Ukraine kicked off with a cyberattack targeting a U.S. satellite company used by Ukraine’s security forces. In a potential conflict with the United States, the PRC would likely follow this example. The Volt Typhoon campaign, which continues to occupy the U.S. cybersecurity community’s attention, demonstrates the PRC’s intent and willingness to pre-position itself inside, and eventually disrupt, U.S. terrestrial critical infrastructure early in a conflict. Space infrastructure would likely face a similar fate. Space systems are increasingly essential enablers of all infrastructure on Earth, including those critical sectors the PRC would likely target first, such as communications, energy, transportation, and water and wastewater systems. The PRC and Russia keenly understand that the United States and our international partners rely heavily on space systems, and they recognize that cyberattacks pose a low barrier to entry while causing outsized disruption.

With threats front and center, U.S. space leaders from the White House to the Defense Department have consistently called for better space cyber defenses. In the confirmation hearing for former Air Force Assistant Secretary Frank Calvelli, he emphasized that space resilience required ensuring that “ground systems don’t have single point failures and that they are secure from cyber attacks.” Chief of Space Operations Gen. Chance Saltzman said the Space Force has observed “some cyber activity that has hurt satellite operations” and in 2023 requested $700 million to improve cybersecurity for space ground systems, a particularly vulnerable node. With the United States and the global community today increasingly looking to build infrastructure and connectivity on the Moon and Mars, experts recognize cybersecurity requirements should be a prerequisite for building space systems.

A Ready-Made To-Do List With Buy-In Across Industry

The Biden administration’s cybersecurity executive order included minimum cybersecurity requirements for space systems, which addressed concerns raised to policymakers by the space industry. However, the White House’s January 2025 industry engagement report identified many more ecosystem-wide cyber challenges facing space systems that the current administration should address, chief among them investing in cyber solutions for on-orbit systems, streamlining information sharing between public and private sectors on critical space threats, and fostering stronger ties between the space and cyber policy communities.

Invest in Cyber Solutions for On-Orbit Systems

We found that space operators today are challenged to find common terrestrial cybersecurity technologies, such as sensors and intrusion detection systems, that are configured for space systems’ unique SWAP-related constraints. As space systems are designed, the cost of every gram launched into orbit is assiduously accounted for, and cybersecurity toolmakers cannot assume the necessary processor headroom or battery capacity will be available without prior planning and design.

In the private-sector workshops we held, space industry representatives coalesced around the need for resources dedicated to researching and developing technologies that are either currently nonexistent or not widely adopted for on-orbit space systems. The Trump administration should take this finding; partner with champions on Capitol Hill, including committees with space in their jurisdictions; and ensure sustained resources for developing and deploying these systems on future U.S. government and commercial satellites. When and where possible, the administration should also collaborate with industry innovators on common technical solutions. With the PRC and Russia actively targeting space assets today via cyber means, technologies necessary to detect and mitigate anomalies in space are already overdue—but existing solutions cannot just be bolted onto satellites right before launch.

Streamline Information Sharing Between Public and Private Sectors

During our workshops, space experts frequently highlighted challenges sharing cyber threat information between public and private sectors. Industry and academic experts told policymakers that threat information sharing is “inconsistent, untimely, not actionable, lacking context and, in some cases, overclassified.” Some companies reported that they had shared information with government intelligence agencies that then became classified after they shared it—meaning that some companies that freely shared information in the first place could no longer access it unless their workers possessed a security clearance. The nature of space and cyber threats can become classified quickly for good reason. To address this broad challenge, government must partner with space companies to ensure they can access the information they need to defend against the day-to-day cyber threats they experience. Because government and commercial systems are increasingly integrated, it is more important than ever to make sure industry is not blind to threats in space.

To address this challenge, the new White House team can continue bringing industry leaders and experts into the fold to receive up-to-date security briefings on the latest space-cyber threats, a practice the Biden administration kicked off for its Space System Cybersecurity Executive Forum with leading U.S. space executives. The more durable solution, however, would be for the current administration to continue driving space threat information out of highly classified compartments into more accessible information spaces whenever possible. Additionally, policymakers can work to designate a single federal agency as the primary point of contact and “front door” for the space industry to gain access to relevant threat information. Further, they might reopen discussing space systems’ designation as a critical infrastructure sector—like the electricity or transportation sectors—with a single formal sector risk management agency to address these challenges across industry and government. Government officials should also look externally and partner closely with organizations like the Space Information Sharing and Analysis Center to communicate high-priority threats to the space industry and to gather and share critical insights from industry.

Foster Stronger Ties Between the Space and Cyber Policy Communities

Some challenges raised in our industry engagements and workshops can be solved with short-term policy actions and adequate resourcing. Others, however, will take time, long-term investment in the space and cyber talent of the future, and greater trust across technical communities. The January 2025 White House report notes that many space industry experts believe their cyber and space missions “are disconnected” and, relatedly, that “expertise at the intersection of aerospace and computer engineering, as well as other relevant disciplines, is lacking across industry and government workforces.” During the Biden administration, bringing together space and cybersecurity experts for a series of technical workshops quickly revealed different professional languages and cultures. Communicating across these divides took time. It required trust and commitment to tackling an important cross-cutting national security challenge and also understanding that cybersecurity is not, and should not be treated as, a hindrance to fielding complex space missions. The Trump administration should continue to bring government and industry experts together to bridge these technical divides and develop tailored policy solutions. Indeed, in addition to industry workshops, the Biden team stood up new interagency structures to force the integration of the divergent space and cyber policy communities, identify cross-cutting space-cyber threats, and drive necessary policy solutions. The Trump team should maintain these fora for a similar purpose.

Outside the executive branch, other players can make an impact. Congress should prioritize resourcing for interdisciplinary university programs to build up the next generation of space and cyber talent. U.S. professionals should discuss these issues with international counterparts. Leaders of sector-specific industry conferences—for example, RSA, DEFCON, and BlackHat for the cyber community, and Satellite, Space Symposium, and SpaceCom for space professionals—should hold interdisciplinary panels and programming to invite experts from other professional communities inside these sometimes-insular worlds.

Achieving Liftoff

In its 2024 annual space threat report, the Center for Strategic and International Studies pointed to “new and increased attention by cyber threat actors on space systems and technologies, as well as the companies responsible for their development and operations.” With all space players increasingly targeted by advanced and novice cyber actors alike, solutions to cyber challenges cannot be solved without close and continuous collaboration between government and the burgeoning industry. The Biden administration, building on what the first Trump administration started, leaned into industry partnership and developed minimum cybersecurity requirements for space systems. The lessons we captured from workshops with hundreds of nongovernment experts create a clear road map to address the high-stakes space cybersecurity challenges that still require government and industry action. Just as the Biden team built on our predecessors’ space policy foundation, the new Trump administration should continue U.S. space cybersecurity leadership by picking up the cybersecurity baton and partnering with industry to invest in the on-orbit cyber technologies of the future, close information-sharing gaps on space threats, and promote a tighter community of space and cybersecurity expertise. Each of these actions is critical to getting ahead of the growing cyber threat landscape facing the United States and its closest partners today.