CyberSat’s emerging program frames a simple but uncomfortable truth: the tools and tradecraft that protect terrestrial networks will not be sufficient for the systems we are putting into orbit. The organizer’s public agenda emphasizes operational detection on board spacecraft, secure on-orbit compute, new threat vectors from direct-to-device services, and the hard requirement for collective defense and realistic tabletop practice to make plans actionable.
On-board intrusion detection is no longer an academic recommendation. The SPARTA framework and related countermeasure guidance codify on-board indicators of malicious behavior and prescribe intrusion detection and response capabilities that run on the vehicle itself. That orientation recognizes the long delays and intermittent connectivity inherent in space operations and shifts detection closer to the asset so that safe countermeasures can be executed autonomously when needed. For operators that still treat spacecraft as passive payloads, the agenda signals a capability and procurement mismatch that must be corrected.
The program also puts a spotlight on on-orbit data centers and other edge compute concepts. On-orbit compute promises mission advantages but it also expands the attack surface and complicates integrity, availability, and supply chain considerations. Presentations on these topics are meant to push operators and architects to ask hard questions about secure boot, firmware provenance, runtime attestation, and the ability to revoke or quarantine compute nodes once they are operational. Those are engineering problems that must be baked into designs before launch, not retrofitted in a maintenance window.
Direct-to-device communications are presented as a watershed shift for connectivity and also for risk. As satellites begin to address billions of low-capability endpoints directly, the threat model expands from protecting a few well managed ground stations to protecting a global population of heterogeneous devices. The agenda’s session on D2D highlights device-level vulnerabilities, large scale exploitation risk, and the operational questions operators must answer to maintain trust in the network. Security teams must assume that attackers will target the weakest link and design detection and containment with that reality in mind.
The organizers are stressing collective defense as an operational priority. Sessions that translate intelligence priorities into instrumentation plans, and that walk teams through telemetry mapping and detection engineering, are aimed at turning shared information into shared operational capability. The inclusion of an immersive Space ISAC crisis simulation shows a move from talking about cooperation to practicing it under stress. If you run or secure space systems, join the exercises or build equivalent internal drills. Practice reveals where playbooks and telemetry fall short before an adversary shows up.
Two cross cutting themes recur across the agenda: first, zero trust must be reinterpreted for space. Link encryption alone is not enough. Operators need layered controls, application level least privilege, and design that expects component compromise. Second, AI and RF analytics are being positioned as force multipliers for detection, from RF anomaly detection to behavior-based models on board. The caveat is that AI optimism must be matched with robust validation, adversarial testing, and an operational plan for false positives that does not degrade mission performance.
What should practitioners take away from these agenda highlights? Prioritize telemetry and decisive instrumentation. If you cannot answer who or what is present on your bus and how it behaves, you cannot build reliable detection. Adopt on-board detection primitives where mission risk demands autonomy. Treat supply chain and cross-constellation interactions as first class risks during acquisition. And institutionalize collective defense by investing in playbooks, information sharing, and regular multinational exercises.
The agenda is a call to action. The space domain will not wait while cyber practices catch up. If you are responsible for mission assurance, use these sessions to benchmark your program against emerging doctrine, tools, and testbeds. Bring engineers to the table, not just policy. Build the capability to detect, contain, and recover on orbit. And remember that resilience is a property of design and operations, not an item on a checklist.