Threatshare.AI

Compilation of 4 images space images from MIT Lincoln Laboratory

Home » Blog » AI » Cybersecurity and GenAI in the Space Sector

Cybersecurity and GenAI in the Space Sector

May 13, 2025 By Gerry Eaton 0

This post is written for CISOs, cybersecurity teams, and intelligence analysts across commercial and government enterprises in the U.S. Space Sector, the Space ISAC, and adjacent sectors such as the Defense Industrial Base (DIB) and Information Communications and Technology (ICT).

Highlights:

  • Sector Dynamics: The Space Sector is large, rapidly growing, competitive, and contested. It supports scientific, military, commercial, and exploration missions.
  • Threat Landscape: With over 300,000 workers in 5,000 organizations, the sector has a vast and vulnerable cyber attack surface. We summarize the threat environment, recent cyber and kinetic incidents, and GenAI use cases. 
  • Outlook: Sector leaders must respond to AI-enabled threats with proactive, AI-enabled defenses, cybersecurity training, and improved intelligence sharing.

Bottom Line: The Space Sector is a strategic national asset. Its people, infrastructure, and data are prime targets for adversarial cyber operations. U.S. defenders must invest in GenAI tools and training to protect intellectual property, user identities, and networks.

Sector Overview

The U.S. Space Sector underlies all 16 U.S. Critical Infrastructure Sectors, supporting vital services such as Earth observation, space weather monitoring, and Positioning, Navigation, and Timing (PNT) systems [1]. It also supports military, scientific, communications, and commercial operations.

Sector Segments and Classification

Key NAICS (North American Industry Classification System) codes include:

  • 927110 – Space Research and Technology
  • 33641 – Aerospace Product and Parts Manufacturing
  • 517410 – Satellite Telecommunications
  • 336419 – Guided Missile and Space Vehicle Auxiliary Equipment Manufacturing

Economic Footprint

According to the Bureau of Economic Analysis, the U.S. space economy produced $232.1 billion in gross output and $54.5 billion in compensation in 2022, supporting 347,000 private-sector jobs [2]. The sector includes over 5,000 organizations [3], with 18% workforce growth since 2019.

Funding Sources

The U.S. Space enterprise receives ~$80 billion annually from the following sources [4-6]:

  • National Security: National Security: $28.8B to the U.S. Space Force in FY2025. Additional funding from DoD, NGA, and NRO.
  • Civil Agencies: NASA ($24.9B in FY2025); NOAA (National Oceanic and Atmospheric Administration) and USGS (U.S. Geological Survey) also support scientific and Earth observation missions.
  • Commercial: U.S. firms operate a significant share of the 10,000+ active satellites. Key players include SpaceX, Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and Blue Origin [7]. SpaceX is the dominant provider with more than 60% of the satellites in operation. 

International

As shown in Figure 1, U.S. space funding in 2024 outpaces China by 4x and Russia by 20x. [5]

While the U.S. collaborates with allies and even rivals (e.g., Russia on the ISS), increasing global capabilities introduce both cooperation and competition. As U.S. allies develop their own capabilities it creates competitive tension, as in the recent collaboration between Japan and Ukraine for Synthetic Aperture Radar (SAR) satellite imagery intelligence [8]. 

Space ISAC

As the Space Sector’s operational Threat Sharing Hub, Space ISAC has 105 participating member organizations as of December 2024. Its Watch Center coordinates incident response and situational awareness across five mission segments [9-10]:

  • Space Segment – Satellite and orbital platforms
  • Link Segment – Telemetry and RF communications
  • Launch Segment – Propulsion and vehicle integration
  • Ground Segment – Control centers and infrastructure
  • User Segment – End-user systems and services 

As of December 2024, the Space Sector Threat Level Assessment is operating at “Threat Level 3: High” [11], based on:

  • Consistent and persistent targeting of space systems and telecom infrastructure
  • Emergence of new threat actor groups
  • Geopolitical conflicts driving cyberattacks, espionage campaigns, and RF Interference attacks
  • Satellite maneuvers paired with hybrid global influence operations

Threat Landscape 

This section outlines:

  • The sector’s attack surface
  • Adversary profiles and cyber incidents
  • Kinetic and hybrid threats since 2022
  • Flash Reports
  • GenAI threat intelligence examples

We illustrate with use-cases and screen-captures of ‘AI assistants’ for cybersecurity, and especially threat intelligence, teams. Most of the examples were generated by iterative prompt dialogs using our ‘ThreatShare.ai Cyber Researcher’ implementation of OpenAI’s ChatGPT 4o, customized for the cybersecurity domain. The customization and prompts were designed to manage GenAI hallucination issues by implementing strict specification of authoritative and verifiable links to source references.

Attack Surface 

Space enterprises maintain hybrid IT-OT infrastructures. These include:

  • Enterprise IT networks (cloud, hybrid, partner-connected)
  • OT systems (onboard computers, antennas, control centers, launch systems)
  • Blind spots created by Shadow IT from AI apps and third-party services

Legacy systems and remote access expand the attack surface. In the 2022 Viasat incident, Russian actors exploited terrestrial infrastructure to disrupt satellite services [12-15].

Using some passive reconnaissance methods from the MITRE ATT&CK Internet Scanning knowledge-base on a sample of 85 Space ISAC members, we found:

  • 21 firms held 42 Autonomous System Numbers (ASNs), covering 2.4M public IPv4 addresses
  • Only 25% of ASNs had implemented RPKI as a defense against route hijacking attacks
  • Two prominent companies had ~1,000 exposed devices flagged in CISA’s Known Exploited Vulnerabilities (KEV) Catalog, for Fortinet, Ivanti, Industrial Control Systems, as well as insecure network services like telnet.   

Maintaining situational awareness from diverse threat sources (CISA KEV, commercial vendors, open-source data) is challenging. [17-18]  GenAI assistants can aid CTI teams by summarizing unstructured inputs and identifying relevant exposures. In Figure 2 we see a table from a 10-page Sector Risk report, showing GenAI’s capabilities for summarization and enrichment.

 

Adversaries and Incidents

While the Space Sector is targeted by many cyber threat groups, nation-state actors present the greatest threat. Defending networks requires knowledge of actor motivations, methods, tools, and infrastructure. [27-29]  Keeping up with so many sources of CTI can distract and exhaust cybersecurity teams. In Figure 3, we see a use-case where cybersecurity teams use GenAI to distill a 5-page threat report to a single table capturing the essential information (actor, affiliation, TTP, victims, dates, source links).  

Cybersecurity teams need to be aware of geopolitical, cyber, and kinetic events and trends in their sector or peer group. In Figure 4 we see a partial view of a 10-page Cyber Risk Profile Sector profile. These can be modified for any sector, sub-sector, or peer group. 

Similarly, in Figure 5 we see a partial view of a  ‘space company’ risk profile for SpaceX. These can be generated for any organization in the sector and customized for specific time periods, incidents, or actors. [16]

Kinetic and Hybrid Threats

Threat intelligence must also monitor kinetic risks. In Figure 6, we see a partial view of a recent GenAI-assisted report, highlighting:

  • Russian Nudol ASAT missile tests (anti-satellite missile test)
  • Electronic Warfare incidents targeting Starlink [16]
  • Campaigns linking orbital activity with geopolitical influence
  • Embedded source links in the report that enable the user to assess source credibility

Flash Reporting 

Flash Reports summarize urgent threats. For example, on 9-May-2025 a manager receives a threat alert from a trusted news source on a critical vulnerability in SAP NetWeaver being exploited by Chinese threat actors and issues Flash Report request. In Figure 7 we see a Flash Report detailing SAP NetWeaver exploitation by Chinese actors. GenAI analyst assistants can rapidly assemble source-linked summaries for executive or operational response.

Outlook

Based on current threat trends, we recommend three courses of action:

1. Strengthen Phishing and Infostealer Defenses

CISA attributes more than 90% of successful cyber-attacks begin with a phishing email [19]. A Kratos Threat Brief provides details on multiple phishing campaigns, as well as ransomware and OT attacks, on the Space and other critical infrastructure sectors. [20] Check Point’s Research AI Security Report 2025 notes a 58% surge in infostealer malware targeting identity and credentials [21]. TechRadar reports infostealer malware and supply chain attacks on Lockheed Martin, BAE systems, Boeing, Honeywell, L3Harris, and Leidos [22]. 

Tools from DomainTools and Silent Push can proactively detect brand impersonation. Recent GenAI-assisted queries found:

  • 33 newly registered domains with threat scores >80% linked to impersonated space brands
  • 197 newly registered domains for malicious job sites [23-24]

2. Invest in GenAI Training

CISOs are prioritizing training over tooling. Prompt engineering is now an essential skill for CTI teams. Boston Consulting Group (BCG) advises allocating 70% of AI budgets to workforce transformation and training [25-26].

3. Embrace GenAI-Enabled CTI

From vulnerability triage to adversary tracking, GenAI assistants can augment analyst skills and capacity. They offer real-time enrichment, cross-source correlation, and fast response drafting and summarization. The key is disciplined deployment using verified sources and continuous oversight. While cybersecurity teams may feel overwhelmed, these challenges also represent opportunities which are attracting investors and new entrepreneurial start-ups to the Space sector. 

Editor’s Notes:

  • Thanks to our GenAI assistants: ChatGPT-4o, ThreatShare.ai Cyber Researcher, Google Gemini AI, and Perplexity.
  • The featured image is a composite from Maxar and MIT Lincoln Laboratory.

References 

  1. CISA – Space Systems and Services: , 2024
  2. Bureau of Economic Analysis – New and Revised Statistics for the U.S. Space Economy, 2017–2022. , 25-June-2024
  3. Space Foundation – The Space Report 2025 Q1 Shows Growing Need for Skilled Labor in Space Workforce, Budget Concerns for U.S. Space Force, and Highlights Space Pharmaceuticals Investments, 7-April-2025
  4. Forbes – Space Inc: 10,000 Companies, $4T Value … And 52% American , 22-May-2021
  5. Statistica – Government expenditure on space programs in 2022 and 2024, by major country, 28-Jan-2025
  6. Space Insider – Flat Funding, Big Ambitions: Inside The US Government’s FY 2025 Space Budget, 25-April-2025
  7. Thomas Publishing Company – 10 Space Companies Changing Aerospace, 12-Oct-2024
  8. AeroTime – Japan’s iQPS to provide Ukraine with satellite intel amid US support uncertainty, 22-April-2025
  9. Space ISAC – MITIGATING THREATS TO SPACE SYSTEMS: AN OVERVIEW OF SPACE ISAC WATCH CENTER
  10. OASIS Open – SATIS: Space Automated Threat Intelligence Sharing
  11. Space ISAC – Space ISAC Issues TLP: CLEAR Public Release on Threat Level Assessment, 18-Dec-2024
  12. Industrial Cyber – CSIS 2025 Space Threat Assessment: Cyberattacks on space systems persist, tracking harder amid infrastructure threats, 28-April-2025
  13. ScienceDirect – Securing SatCom user segment: A study on cybersecurity challenges in view of IRIS2., May 2024
  14. RecordedFuture – Hackers claim to take down Russian satellite communications provider, 29-June-2023
  15. RecordedFuture|TheRecord – FBI, Air Force warn of cyberattacks on space industry by ‘foreign intelligence operations’, 18-Aug-2023 
  16. Sandra Erwin, “Russia, China target SpaceX’s Starlink in escalating space electronic warfare,” SpaceNews, April 3, 2025.
  17. European Repository of Cyber Incidents – https://eurepoc.eu/about-us/
  18. CSIS (Center for Strategic and International Studies) Significant Cyber Incidents Since 2006 , April 2025
  19. ArsTechnica – AI-generated phishing emails are getting very good at targeting executives, 2-Jan-2025 
  20. Kratos – Threat Briefing, 6-May-2025
  21. Check Point Research – AI Security Report 2025 , 30-April-2025 
  22. TechRadar – US military and defense contractors hit with Infostealer malware News, 18-Feb-2025
  23. The Guardian – North Korea-backed cyber espionage campaign targets UK military , 25-July-2024
  24. Ravie Lakshmanan, “Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm,” The Hacker News, Sept 29, 2023 ​thehackernews.com.
  25. The Wall Street Journal – The Hottest AI Job of 2023 Is Already Obsolete, 25-April-2025
  26. Business Insider – The AI mistake companies are making, according to a BCG senior partner, 11-May-2025
  27. USSF – Space Systems Command: Focused on the Threat: Cyber Attacks (Part 1 of 6), 12-Sept-2024
  28. CISA – Recommendations to Space System Operators for Improving Cybersecurity, April 2024
  29. Resecurity – The Aviation And Aerospace Sectors Face Skyrocketing Cyber Threats , 16-March-2024

CategoryAI Flash Report Prompt Engineering Research Threat Group
TagsCyber Threat Intelligence GenAI for Cyber Sector Intelligence Space Sector

Leave a Reply

Terms and Conditions - Privacy Policy