Modular approach for ensuring smallsat cybersecurity

Small satellites largely rely on rapid development cycles and distributed ground segment services while using commercial off-the-shelf (COTS) components, which collectively introduce significant cybersecurity challenges. Constrained budgets, short mission timelines and limited onboard resources often prevent the adoption of security-by-design approaches traditionally used in larger space missions. Additionally, the use of COTS and standardized protocols makes the knowledge and tools required for an attack more readily available. This paper proposes a modular approach for strengthening small satellite cybersecurity that systematically addresses these constraints.
The proposed methodology decomposes a typical small satellite system into functional and technical modules across space and communication segments, while the ground segment is treated as a “bought service”. The modules are analyzed to identify security-critical components, such as onboard data handling units, communication links and command interfaces. For each identified module, potential threat vectors and corresponding security measures are derived, taking into account resource limitations and operational realities specific to small satellite missions providing an overview of security measures to protect the most critical components.
Furthermore, the paper analyzes a set of standards and guidelines, creating an understanding of availability, applicability and adequacy of structured methods for security assurance. This enables incremental improvements and informed trade-offs during system design, allowing mission designers to make educated decisions about their cybersecurity needs and options based on the mission-specific criticality of different modules. Particular emphasis is placed on the reuse of existing component certifications and standards where applicable, highlighting how modular certification can reduce development effort while increasing overall mission security.
By focusing on the most security-critical subsystems and adopting a modular, certification-aware framework, this approach supports practical and cost-effective cybersecurity implementation for small satellite missions.