A single malware attack once took down more than 6,000 wind turbines in Germany and disrupted satellite networks across Europe. What began as a cyber strike on Ukraine exposed something far bigger: how vulnerable our space infrastructure really is.
In this episode of Allies in Innovation, host Mikkel Svold talks with Olga Nasibullina, co-founder of A42 and TheSign.Media, and Augusto Mattos Schaedle, Senior Director and Head of Space R&D at Terma Group. Together, they explore how cyberattacks can reach satellites, ground stations, and communication networks, and why space has become the new digital frontline.
They also discuss lessons from the VSAT incident, the challenge of securing legacy systems, and the urgent need to train a new generation of specialists in space cybersecurity. Because protecting space is no longer just about rockets and satellites, but about safeguarding the systems that connect life on Earth.
In this episode, you'll learn about:
- Why space technology is essential to modern life.
- How the VSAT cyberattack reshaped global thinking on satellite security.
- Key vulnerabilities across the satellite lifecycle.
- How Terma integrates cybersecurity by design into space missions.
- Why legacy satellites are difficult to secure.
- The growing need for education and training in space cybersecurity.
- The double-edged role of AI in developing secure space systems.
Episode Content
00:00 Why space technology matters and how dependent we are on it
00:56 The VSAT cyberattack that exposed space vulnerabilities
02:13 Introducing guests Olga Nasibullina and Augusto Mattos Schaedle
03:25 How satellite technology affects communication, navigation, and agriculture
04:31 Why space security concerns everyday life, not just defense
05:31 Lessons learned from the VSAT incident
08:07 The full lifecycle of vulnerabilities in satellite systems
09:47 How Terma builds cybersecurity into missions from the start
13:29 Protecting legacy satellites through secure ground systems
14:54 Why governments need more training in space cybersecurity
16:51 The shortage of specialists and the need for new education programs
19:07 The ethical use of AI in space security and software development
Production
This podcast is brought to you by Terma.
This podcast is produced by Montanus.
Episode Transcript
Mikkel Svold (00:00):
Why is it important to talk about space tech and just how dependent is the world on space?
Olga Nasibullina (00:08):
It's not only something related to a military agency, it's related to daily life of civil people. We need to train more specialists in space security, in cybersecurity, in space cybersecurity to be more protected on Earth.
Augusto Mattos Schaedler (00:26):
Train people, it's really hard because this is really a new technology. It took even for us that are working on the space for 40 years, three years to understand, master, implement, and deploy from a low theory level to high theory level at the customer site.
Mikkel Svold (00:56):
On February 24th, 2002, something happened that changed the way we look at space missions and satellites. Governments and companies, they had to start seeing their satellites as vulnerable entry points rather than just cool tech flying high in the air. That day, AcidRain, a malware hit the VSAT Ka satellite network, and that was a cyber attack actually meant to hit Ukraine, but it spread far over over the Ukrainian borders. Actually, more than 6,000 wind turbines in Germany, malfunctioned and thousands of companies across Europe were affected due to this attack.
(01:34):
Welcome to Allies and Innovation. I'm Mikkel Svold, and today we'll be talking about how cybersecurity works in space operations and why it's important, why space has become the new frontline. With me in the virtual studio, I have Olga Nasibullina, who is the co-founder of the cybersecurity company, A42, and also co-founder of TheSign.Media, which is a media outlet dedicated to cybersecurity in space and those topics surrounding that. She's also a NATO trainer in cyber, so I'm very delighted to have you with us. Welcome, Olga.
Olga Nasibullina (02:13):
Hello.
Mikkel Svold (02:14):
And with me also, I have Augusto Mattos Schaedlerr, who is the senior director and head of space R&D at Terma Group. And you also hold a doctor's degree in technology and you have more than two decades of experience in developing for cyber projects. Welcome to Augusto also.
Augusto Mattos Schaedler (02:30):
Pleasure to be here. Thank you.
Mikkel Svold (02:32):
Just to kind of set the scene, Augusto, why is it important to talk about space tech and just how dependent is the world on space?
Augusto Mattos Schaedler (02:42):
Our primes, especially which be Alice and Airbus, they have been changing the way they are deploying requirements due to recent development on cybersecurity attacks that you just mentioned right now. And we, at Terma, we are evolving and implementing this cybersecurity by design. We are very much as a human race dependent on this technology. I mean, the space technology for communication to navigate towards data, knowing where we are, farming, and many more applications.
(03:25):
But this is not enough just being able to communicate, knowing where we are, the type of technology that we are deploying are growing exponentially, and we have to be secured in exchanging data. A few years ago, use cases of satellites for farming, for example, where we would like to see what is the temperature range on the variation temperature range on the surface of the earth in order to decrease the amount of water of irrigation with primary use of satellites with a payload with camera. Now they are exchanging the use cases for defense in order to find assets that are like small drones or surveillance.
Mikkel Svold (04:17):
This topic, is it mainly important because of military operations and space, or is it also just part of the critical infrastructure that people basically don't see, Olga?
Olga Nasibullina (04:31):
Yeah. On my opinion, it's related to our daily life and WAAS [inaudible 00:04:39] Haag showed to broader audience that satellite connection, it's not only something related to military agency, it's related to daily life of civil people. And that's why we need to be aware that we have such dependency. We need to train more specialists in space security, in cybersecurity, in space cybersecurity to be more protected on earth.
Mikkel Svold (05:13):
I think let's try and talk about that VSAT incident, because that somehow kicked off the understanding of space as a vulnerability for both companies and governments. What happened and what did people take away from it?
Olga Nasibullina (05:31):
Yeah, so I can share that information that was broadly discussed on the internet. So the intention of this hack was to stop communication of Ukrainian military units on the precise day and hours of full innovation. So actually it was like third party vulnerability and attacked went through modems of third party suppliers of SAT. So for cybersecurity professionals, the lesson was again that even if your network is secure, vendors, contractors and partners can be weak points. The action points, it's also and for zero trust principles and of course audit and segment third party access to the systems. So this was like main points and learnings for cybersecurity specialists, when we are talking about cybersecurity.
(06:50):
Another lessons were for, let's say, policymakers because policymakers speaks a lot, that space infrastructure could not be targeted neither by governments, neither by hackers because it could bring a lot of risks for civil society. So this is another point to discuss.
Mikkel Svold (07:24):
Yeah. So basically there's been an unspoken deal that people wouldn't attack space infrastructure.
Olga Nasibullina (07:31):
I don't know if there was such a deal. I think some people had such understanding.
Mikkel Svold (07:37):
Yeah. Yeah. Yeah, exactly. And what kinds of attacks of course are we then seeing? And I think we talked just before we turn on the microphones, we talked a little bit about, are they actually different from other cyber attacks that we see? We've also talked with Samant Khajuria from Terma about the cyber threat and evolving cyber threat, that was mainly concerned with, well, earth bound systems basically. What is the difference and what kinds of attacks are we seeing?
Augusto Mattos Schaedler (08:07):
The cyber attacks, we have to see for the full life cycle. And there is a few standards that we are looking for towards knowing Terma. It basically gives you the framework where you can identify, you can deflect and react while you have a cyber attack in your space ecosystem, which goes through the life cycle of test delivering while the transportation also can be a vulnerable asset to be cyber attacked.
Mikkel Svold (08:39):
So from satellite to earth and vice versa.
Augusto Mattos Schaedler (08:42):
It's actually even before that. So if we step back from assembly integration and testing perspective of the space satellite ecosystem, we start with the flat SAT testing campaign. So this is under the crime responsibilities to make sure that they have the infrastructure secured. There is no weak point of entrance that will be attacked. The subcontractors that are actually deploying, delivering them subsystems, also they need to be cybersecurity. Once they place this together, assemble, they need to ensure that this is secured while the transportation before it will launch. During the launch, there is the operations as well, where in the ground station you have vulnerabilities. So there is so many points of attacks and vectors that can be exploit that we in Terma, we have this in mind of the ecosystem.
Mikkel Svold (09:47):
I had a talk with Karsten Marrup very recently, who is the Air and Space Warfare Centre at the Royal Danish Defense College. I asked him if he had any questions for you guys and he wanted to ask, how do you protect critical infrastructure now, uplink, stations, cyber attacks, all this? How do you do that right now? Because he was nervous that it's not well enough protected. I don't know, Olga, you're smiling.
Olga Nasibullina (10:27):
I think maybe it's more question to Terma, but I can also add what I've heard from European Space Agency. So they have quite strong and develop ecosystem and measures to protect European satellite infrastructure. Like SOC, CISOC teams, they monitor cyber attacks 24 hours for seven days and it's under huge protection.
Mikkel Svold (11:01):
And at Terma, what do you then do as a provider? Because you are a link in the chain, right? What do you do to protect?
Augusto Mattos Schaedler (11:12):
We are there from the beginning, even before we have deployed the mission of the critical infrastructure, either in communication, satellite testing or payloads that we deploy for our primes, we do evaluate all the scenarios on the cybersecurity lifecycle attack that could possibly be a threat. In conjunction with our primes, we deliver them the best solution on the cybersecurity.
(11:45):
When we talk about lifecycle, it's really important to understand how is this vertical integration looks like in this ecosystem of cyber attacks. Each player has a very important role when we are talking about cybersecurity and we as Terma, we deploy many critical infrastructure for securitization, satellite downlink communication using our own products like software defined radio, using our own design products like [inaudible 00:12:16] communications, as well when we are talking about simulation and operations on the ground station of the satellite. So all these steps are in discussions with the customer once that we deploy a mission.
(12:33):
So we need to understand from the beginning, not after we deliver a solution for them, what will be the full life cycle on the vertical integration, who are the main players, what are the assets that they are working with, which critical infrastructure we are talking about, and then we deploy the best and possible solution for them. And this is a back and forth discussion, and we are tailoring with the budget levels of cybersecurity as you can be as deep as your pocket goes.
Mikkel Svold (13:09):
Yeah. And what about, we've seen satellites sent in space for, what, the last couple of decades, and that means there's going to be a lot of legacy systems flying around up there. What can you do to secure the systems that are not built yesterday?
Augusto Mattos Schaedler (13:29):
Well, first of all, we see in change in the technology as such with AI, different standards coming from cybersecurity and different sorts of computers like radio software defined power supply, they are fully digital. So those assets in this instance, they need to be secure on the ground. If you have a legacy satellites that are on space flying around exchanging data, you still have a way how to secure this communication in the ground station, and this is how we do it.
(14:11):
So we are one step ahead on the technology, making sure on the ground station we have the best technology with the cybersecurity by design, and we ensure that the legacy satellites that having low type of secure communication, they are some sort of secured.
Mikkel Svold (14:34):
Olga, I want to ask you because you've trained NATO employees and NATO people and advised government agencies, how prepared are national security structures today against these large scale cyber attacks against objects in space?
Olga Nasibullina (14:54):
Space cybersecurity education and trainings are becoming more needed. I wouldn't say more popular, no, because it's not for general audience, but more needed by government agencies and military agencies. For example, together with my team with partners, we've hosted hackathon in Madrid dedicated to space cybersecurity. And actually we've run an exercise dedicated to space cybersecurity. The idea was to put teams in conditions when they lost connections with all their space infrastructure. They had only some data and codes, and they were obliged to restore connection with ground systems and with satellites.
(15:58):
So such type of exercise, I think it's necessary to have more and more during upcoming years to train professionals in space and cybersecurity field because actually it's something new. We don't have enough cybersecurity professionals on the market. And here we are, we need new type of, let's say, skills and knowledges related to space cybersecurity. We need to be united in space security community to face this challenge and to work together.
Mikkel Svold (16:42):
What do you see also drawing from the hackathon that you mentioned, what do you see as the biggest weak points in space infrastructure?
Olga Nasibullina (16:51):
Oh yeah, I think there are a lot. If you are looking on even on LinkedIn, what are publishing different type of researchers. In space infrastructure, we use a lot of open source technologies, and open source technologies have a lot of vulnerabilities. The main problem is that on the market in general, you don't have a lot of trainers or experts who can build content dedicated to train space cybersecurity professionals. It's only started and it's only the beginning of this training part in cybersecurity field.
Mikkel Svold (17:45):
And what about you, Augusto? What do you see as the weakest point? Is that also basically getting enough manpower?
Augusto Mattos Schaedler (17:54):
Train people, it's really hard because this is really a new technology or a new way of thinking. We actually took three years to master this secure by designing space about four or five years ago where we had to assess what are the standards applied for that, which assets we have to secure by design? How does the vectors are looking like? How do we prepare ourselves to check the vulnerabilities before even we deployed? What is the audits look like when we have to go through? And not only the assets from ourselves as a supplier, but the full lifecycle in this vertical integration that I have mentioned, it took even for us that are working on the space for 40 years, three years to understand, master, implement, and deploy from a low theory level to high theory level at the customer site. So it is very hard to find people that are trained, they understand, and also they're using it day-to-day.
Olga Nasibullina (19:07):
I want to add here also its responsibility of AI use in development of new type of software, of new type of code, because as we know code developed by AI, it's packed with possibility to exploit it. So if such code will be used for software developments for space sector, it will be new type of issues, but also AI could be used for good in space security. So here we are speaking about this ethics and intelligent use of modern technologies.
Mikkel Svold (19:55):
I think let those be the last words. And then also, of course, urging our governments and the industries around it to push young people to study more into this field of cybersecurity for space. It's a really interesting topic, but our time is already up. I'm sure we could have spoken on for another hour if we wanted to. Augusto Mattos Schaedler, thank you so much for joining us here today.
Augusto Mattos Schaedler (20:23):
Thank you for having me. It was a pleasure to be part of this very interesting podcast. Thank you.
Mikkel Svold (20:32):
And to you also, Olga Nasibullina, thank you for joining us.
Olga Nasibullina (20:33):
Thank you. Very happy to speak about this topic, we can make part two, three, four.
Mikkel Svold (20:43):
Yeah. It's absolutely something that we can dive more into and it's really interesting also considering the impact that potential threats to space infrastructure can wreak. It's a really big problem if something goes sideways in that sense. Thank you so much, both of you. And to you out there, dear listener, thank you so much for tuning in today. It was a pleasure having you on board. And if you have any questions, please do reach out to us at podcast@terma.com. That was podcast@terma.com. If you have any questions, if you have anyone you think we should be talking to, send us that email and we'll be looking at it.
(21:21):
Also, of course, if you like this episode, do please share it with your friends or colleagues or whoever you think might find this interesting. It really helps us spread the word. And I think especially today and actually also last time, those two points, cybersecurity for space and of course the whole new threat landscape is just really interesting and it's something that is worth sharing. So please do help us do that. I think that is it for now. Thank you so much for listening.