European security officials warned in the Financial Times that two Russian space vehicles may have intercepted the unencrypted communications of at least a dozen key satellites over the continent.
The report was striking. But the vulnerability it highlighted is neither new nor surprising.
For years, parts of the satellite ecosystem have operated with weak or outdated security, leaving communications far easier to intercept than many assume.
Recent research illustrates just how accessible that vulnerability has become.
A team from the University of Maryland and UC San Diego spent three years studying satellite communications using a receiver system costing around $800.
With off-the-shelf equipment placed on a rooftop, they were able to capture a range of satellite transmissions, from T-Mobile users’ calls and texts to exchanges shared between the US and Mexican military and law enforcement.
Missing Encryption
The problem is structural. Many older European satellites, particularly those in geostationary orbit, still operate without modern encryption.
Some rely on 32-bit keys rather than the 128-bit or 256-bit standards common in modern cryptography. A 32-bit key has roughly 4.3 billion possible combinations. That sounds large, but in computing terms it is trivial.
Brute-force decryption simply tries every possible key until one works, and with modern processors that can happen quickly.
Three Risks
Interception, however, is only one part of the problem. There are three distinct risks.
First, an adversary can listen to communications traffic. Second, they can interfere with telemetry, tracking and control signals. And third, they can deny service entirely by flooding or jamming receivers so legitimate signals cannot get through.
All three are technically feasible. All three have already occurred.
RF Signals
These vulnerabilities are amplified by the physics of radio frequency transmission.
Most satellite data is still sent via RF signals that spread over large geographic areas. That makes them efficient for broadcasting across continents, but it also expands the attack surface.
Wide beams make interception easier and increase the opportunities for jamming or spoofing, since an adversary only needs to transmit into the same coverage footprint.
Governments have long used techniques such as spread spectrum to disguise signals within commercial traffic and reduce the risk of casual interception. These capabilities have matured and proliferated. What was once limited to a handful of major powers is now more widely available and more sophisticated.
But such methods cannot eliminate the structural exposure of RF transmission. Signals still propagate widely, and determined adversaries can detect, analyse, mimic or disrupt them.
Governments cannot simply retire every ageing satellite, nor abandon RF altogether. It remains a reliable and essential technology for global communications.
The question, therefore, is how to manage the risks. Several steps would help.
Assume Interception
First, separate interception from decryption. Signals will be captured; that should be assumed. The critical question is how long captured data remains unreadable.
Security is not absolute but temporal. Olympic results do not require the same protection as military plans. Encryption should therefore be matched to the sensitivity of the information.
Layering multiple protections — including emerging approaches such as post-quantum cryptography — can extend the time required for an adversary to break the code.
The longer data remains secure, the less useful it becomes to an attacker.
Encrypt Everything Possible
Second, apply strong encryption consistently across systems that can support it, including legacy infrastructure where feasible.
Many older satellites and ground networks still rely on outdated protection. Upgrading ground segments, improving key management, and adding network-level encryption overlays can significantly raise the barrier to attack.
Retrofitting legacy systems is not always simple, but it is often possible — and the alternative is leaving critical communications exposed.
Design for a Hostile Environment
Third, systems should be designed on the assumption that satellite links are inherently hostile environments. This principle is already standard in cybersecurity.
Security should sit at the application layer, with genuine end-to-end protection, rather than relying solely on the satellite link itself.
Even if a transmission is intercepted, the underlying data should remain isolated and unusable.
Diversify Transmission
Fourth, diversify how data moves through space networks. Resilience often comes from redundancy. If RF links can be intercepted or jammed, they should not be the only pathway.
Optical, or laser, communication offers one alternative. Laser beams travel in extremely narrow paths, making interception far more difficult because an adversary must physically align within the beam.
Optical links also support high data rates and allow strong authentication between sender and receiver, reducing the risk of spoofing.
Fibre-optic networks on the ground provide another transmission path with a different security profile.
Avoid Single Points of Failure
Fifth, reduce dependence on single points of failure. A single geostationary satellite supporting a critical function is increasingly a strategic liability.
Distributed constellations in low and medium Earth orbit are not immune to attack, but they complicate interception and disruption.
The true unit of resilience is not an individual satellite but the network itself.
Rethink Transmission Discipline
Sixth, rethink transmission discipline. Not all sensitive information needs to travel through contested space networks. Where it must, data can be split into small encrypted packets and transmitted out of sequence, making reconstruction more difficult if intercepted.
Generating additional benign traffic can also obscure high-value signals.
These are not new concepts; they simply apply long-standing communications doctrine to modern orbital systems.
Resilience, Not Perfection
None of these steps will eliminate risk. RF will remain central to global communications, and legacy systems will continue operating for years. Optical technologies will complement existing infrastructure rather than replace it. The objective is not perfection but resilience.
Space systems now underpin finance, telecommunications, navigation, weather forecasting, and defense. When satellite communications are exposed, the services that rely on them are exposed as well.
The vulnerabilities are already known. The real question is whether governments choose to address them, or continue accepting risks that are increasingly avoidable.
Daniel Biedermann, formerly SVP at SES and Partner at NewSpace Capital.
NewSpace Capital are investors in space industry-leading companies like K2 Space, Kayrros and ICEYE, operator of the world’s largest synthetic aperture radar (SAR) satellite constellation.
The views and opinions expressed here are those of the author and do not necessarily reflect the editorial position of The Defense Post.
The Defense Post aims to publish a wide range of high-quality opinion and analysis from a diverse array of people – do you want to send us yours? Click here to submit an op-ed.
