Securing Space Systems from Cyber Attack

Course Overview

SC101 is a foundational course of the Space Systems Security Engineering Professional (S3EP) program. It builds complete fluency in space system architecture, vulnerability analysis, regulatory frameworks, the cyber threat landscape, and the real-world consequences of successful attacks; all without assuming any prior cybersecurity or space experience. Professionals from acquisition, operations, engineering, and policy roles all find the course immediately applicable to their work. Participants who complete SC101 earn S3EP Certificate I and are ready to take either SC201 or SC301 as their next step.

What You'll Learn

The course builds a unified picture of every space system component and the threats that target it, covering eight focused lessons across the full instructional day:

• Space system architecture: the four segments of space, ground, link, and user, and how data and commands flow across them, including their roles in supporting critical infrastructure

• Space segment security: hardware and software vulnerabilities specific to satellite bus components, payload systems, and on-board software, including RTOS weaknesses and secure coding constraints unique to the on-orbit environment

• Ground segment security: mission operations center cybersecurity responsibilities, ground station network architecture, and link-layer security fundamentals

• Cybersecurity frameworks and policy: NIST CSF and SP 800-53 control families, NISPOM industrial security requirements for cleared space programs, and ITAR export control provisions governing space technology and technical data

• Cyber threat landscape: nation-state actors, criminal organizations, insider threats, signal jamming, spoofing, supply chain compromise, command injection, and the interfaces adversaries most frequently exploit

• Threat detection and incident response: telemetry-based anomaly detection, baseline establishment, and response frameworks calibrated for space-domain constraints including propagation delay and limited command bandwidth

• Consequences and forensics: cascading effects across transportation, finance, energy, and emergency services, and the unique challenges of investigating incidents when evidence may be in orbit.

How Space Cybersecurity Differs from Enterprise Cybersecurity

The course builds a unified picture of every space system component and the threats that target it, covering eight focused lessons across the full instructional day:

Operational Technology for Spacecraft. Satellites are operational technology systems — embedded computing platforms with real-time requirements, severe power and thermal constraints, and radiation exposure that can corrupt memory without any adversary involvement. Firmware updates on-orbit may be impossible or require months of coordinated planning; hardware components are selected years before launch from a limited radiation-tolerant supply chain. SC101 introduces these OT realities from the first lesson and consistently applies them as each security topic is developed, so that space-specific constraints are treated as central factors in every security decision rather than footnotes.

Special Mission Data Handling for Ground Systems. Ground segment cybersecurity resembles enterprise network security on the surface, but the data flowing through mission operations centers is categorically different: command sequences with physical authority over orbital assets, telemetry streams whose integrity is operationally critical, and information subject to ITAR export controls and NISPOM classified handling requirements. SC101 teaches participants to reason about this cyber-physical coupling explicitly — a cyber attack on the ground segment can produce irreversible physical consequences in orbit, a risk profile that has no direct enterprise equivalent.

Long-Range Communications and the Link Segment. Satellite communications travel through open spectrum as broadcast transmissions with no equivalent of a corporate firewall. Signal jamming, GPS spoofing, and command injection attacks require no network intrusion — only antenna hardware and knowledge of the target's frequencies. Propagation delays of up to 600 milliseconds round-trip for geostationary orbit further complicate real-time monitoring and incident response. SC101 treats link-layer security as a core discipline, giving participants a vocabulary and conceptual framework for a threat surface that simply does not exist in enterprise networks.

NOTE: This course is often available as part of a course package, where each course is taught in a series. When registering, watch for combined courses availability.