Satellites, Ships, and Aircraft Have the Same Cybersecurity Problem

Satellites, ships, and aircraft as cyber-physical domains that share the same underlying risks

Different platforms, the same underlying cyber risk.

A satellite, a ship, and an aircraft could not look more different. An attacker sees past the differences to the same weaknesses underneath. We have assessed all three, and from a broad enough vantage, the same cybersecurity flaws keep showing up.

Each one is a complex cyber-physical system assembled from dozens of subsystems, made by different vendors and integrated over years, sometimes running IT alongside OT. They often operate far from any defender or incident responder who could put hands on the problem, whether in orbit, at sea, or in the air. When we assess them, the specifics change but the weak spots line up.

What they share

Security was never designed in. These platforms were engineered for performance, safety, and reliability, on the assumption that they were isolated and physically protected. Almost none were built to stand up to a capable adversary, and that assumption stopped being true a long time ago.
IT and OT are less separated than anyone assumes. The "ordinary IT" side is usually a short walk from the systems that actually run the platform, whether that is a ship, a ground station, or an airframe.
You cannot patch your way out. These assets stay in the field for years, often out of reach and sometimes disconnected on purpose. Any defense that depends on shipping a fix fast does not really apply here.
The supply chain is deep and mostly invisible. A weakness introduced upstream, long before the system ships, rides quietly into the field with it.
The stakes are physical. When one of these systems fails, you are not counting lost records. You are weighing mission, safety, and the environment.
The real exposure is in the seams. Individual components may be fine. The trouble lives in the integration, in the trust assumed between parts and the interfaces nobody quite owns.
Detection is not protection. Most of the time the root cause is the design, not a control someone forgot to buy. These systems can often see that something is wrong but have no way to stop it spreading, because nothing in the architecture was built to contain an intruder.

What we find is rarely exotic. It is unauthenticated access that leaks configuration, storage left open on the inside, a network everyone swore was isolated that turns out not to be. The findings are mundane. The systems they sit inside are not, and that is the whole problem.

Why the usual playbook falls short

The reflex is to buy more: another tool, another dashboard, an audit to show the box is checked. That has its place, but it misses the actual problem. The issue is not a missing product. It is a design that made the attack easy in the first place. A clean audit tells you the paperwork is in order, which says very little about whether the system would survive contact with a capable adversary. On a satellite or a ship, that second question is the only one that counts.

The systems that hold up are the ones where security was a design input from the start: deliberate trust boundaries, separation between domains, least privilege, an honest accounting of the supply chain, and adversarial testing of the whole thing rather than the parts in isolation. None of that is as quick or cheap as buying a tool, which is exactly why it gets cut first. The cost does not go away, though. It waits for a real incident, and it grows while it waits.

We built two workshops around this

This is the thread that runs through our work across space, maritime, and uncrewed systems, and we have turned it into training you can take:

Foundations of Cyber-Resilient Engineering is a one-day workshop on secure-by-design: how to engineer resilience into complex and critical systems from the start instead of bolting it on at the end. Built for product designers, engineers, and IT professionals working on systems that touch the physical world.
Defending Complex Systems in the AI Era takes it further into AI. Bolting AI onto a product does not just add features, it adds attack surface. This workshop teaches how to find, prioritize, and mitigate cyber threats across AI-enabled architectures.

If you build or operate complex systems and want resilience designed in rather than bolted on, let's talk.

What they share

Security was never designed in. These platforms were engineered for performance, safety, and reliability, on the assumption that they were isolated and physically protected. Almost none were built to stand up to a capable adversary, and that assumption stopped being true a long time ago.

IT and OT are less separated than anyone assumes. The "ordinary IT" side is usually a short walk from the systems that actually run the platform, whether that is a ship, a ground station, or an airframe.

You cannot patch your way out. These assets stay in the field for years, often out of reach and sometimes disconnected on purpose. Any defense that depends on shipping a fix fast does not really apply here.

The supply chain is deep and mostly invisible. A weakness introduced upstream, long before the system ships, rides quietly into the field with it.

The stakes are physical. When one of these systems fails, you are not counting lost records. You are weighing mission, safety, and the environment.

The real exposure is in the seams. Individual components may be fine. The trouble lives in the integration, in the trust assumed between parts and the interfaces nobody quite owns.

Detection is not protection. Most of the time the root cause is the design, not a control someone forgot to buy. These systems can often see that something is wrong but have no way to stop it spreading, because nothing in the architecture was built to contain an intruder.

Why the usual playbook falls short

We built two workshops around this

This is the thread that runs through our work across space, maritime, and uncrewed systems, and we have turned it into training you can take:

Foundations of Cyber-Resilient Engineering is a one-day workshop on secure-by-design: how to engineer resilience into complex and critical systems from the start instead of bolting it on at the end. Built for product designers, engineers, and IT professionals working on systems that touch the physical world.

Defending Complex Systems in the AI Era takes it further into AI. Bolting AI onto a product does not just add features, it adds attack surface. This workshop teaches how to find, prioritize, and mitigate cyber threats across AI-enabled architectures.

If you build or operate complex systems and want resilience designed in rather than bolted on, let's talk.