Satellite and Space Projects Briefing September 2025
Locations
UK report flags cyber risks in cloud-based satellite ground segment
At a time when cyber security risks are high on the business agenda, a recent UK government report has flagged the cyber issues affecting cloud services in the space sector’s ground segment. In light of the report's analysis, satellite operators and ground segment service providers will be reassessing their approach to cyber risk management.
Key points of focus will include coordinating their compliance obligations, alongside reevaluating their cyber risk policies and putting in place suitable contractual solutions.
While cloud integration in the ground segment offers scalability, flexibility and cost efficiency, the report highlights that it also brings vulnerabilities that need careful risk management, in addition to contractual protections.
Key conclusions of the report include:
- While end-to-end encryption and strong authentication between satellites and satellite operators are always vital, these measures alone are insufficient. Security must be embedded across all stages of the ground segment services.
- Operational technology systems, such as antenna control and TT&C, are particularly exposed when migrated to the cloud, with risks including timing manipulation and denial-of-service attacks. The report notes that the impact of these threats varies depending on mission type, especially during launch or high-criticality operations.
- Varying ground segment as a service (GSaaS) integration models each bring distinct risk profiles. Thus space businesses need to apply appropriate threat modelling and mission-specific risk assessments.
Don't miss a thing, subscribe today!
Stay up to date by subscribing to the latest Technology and Data insights from the experts at Fieldfisher.
Subscribe nowThe report’s recommendations align with existing regulatory requirements, such as the EU's Network and Information Security Directive 2 (NIS2) and the anticipated priorities of the UK's Cyber Security and Resilience Bill. This Bill is expected to expand the regulatory coverage of the UK’s Network and Information Systems (NIS) Regulations by expanding the range of digital services covered, introducing enhanced enforcement powers and strengthening incident reporting obligations across critical sectors in the UK.
Together, these regulatory frameworks support the report’s emphasis on tailored risk management, improved cyber security and the need for certification schemes and guidance to help businesses navigate evolving security challenges in cloud-based space infrastructure.
In line with these priorities, the report highlights the need for stronger vendor risk management practices, greater sector-wide cyber maturity, and enhanced international collaboration to facilitate threat intelligence sharing and ensure long-term resilience across the space sector’s ground infrastructure.
As many space businesses are looking more closely at the value of cloud-based ground segment services, both satellite operators and third party ground segment providers will increasingly focus on the cyber protections supporting these services and the contractual and compliance commitments surrounding them.
The Fieldfisher team is advising a range of clients on the impact of the current and proposed cyber security regimes and contractual solutions. Please contact us if you would like to discuss these issues further.
Read more in the full report: Cyber risks of cloud computing in the ground segment of the space sector - GOV.UK
