Ask someone to picture an attack on a space system and they picture the satellite. Jamming. Spoofing. Something dramatic in orbit. It makes for a good headline, and it is mostly the wrong place to look.
The reachable attack surface in a space system is on the ground.
Where the real exposure lives
A space system is three segments: the space segment (the spacecraft), the link segment (the RF path between ground and orbit), and the ground segment (mission control, the ground data terminals, the operators, and the networks tying it all together). The spacecraft is hard to reach, expensive to touch, and protected by physics. The ground segment is a building full of computers.
That ground segment speaks standard protocols. It runs on hardware an attacker can fingerprint. It has operators who log in, software that needs patching, and network connections to other systems. In other words, it has all the same potential weaknesses as any enterprise network, plus the ability to command a spacecraft.
If you can reach the system that sends commands to the satellite, you do not need to attack the satellite. You attack the thing holding the keys.
Why this gets overlooked
Two reasons. First, the imagery problem: orbital attacks are more exciting to talk about, so they get the attention while the ground segment gets treated as ordinary IT. Second, the org-chart problem: the people who understand spacecraft and the people who understand network defense are often different teams, and the seam between them is exactly where attackers operate.
Frameworks like SPARTA exist precisely because the community needed a shared map of how these attacks actually work across all three segments. The recurring theme in that map is not exotic orbital wizardry. It is access, persistence, and command paths that start on the ground.
Hands-on is the next best thing to the real thing
This is the part that drove how we built our training. Slides and lectures lay the groundwork, but ground segment risk does not stick until people work with it directly. Short of turning students loose on a live national asset, hands-on exercises on a realistic range are the next best thing to the real thing. Put them in front of a ground station and tell them to break it, and the lesson lands.
That is why we built IRON GALAXY, our space cyber range. It is a multi-VM environment that simulates a satellite ground station network: a real mission operations stack, a firewall, full traffic inspection, and orbital contact windows that behave the way real ones do. Students do not read about the attack surface. They map it, exploit it, and then defend it.
The range is the capstone of our Cybersecurity Fundamentals for Space program, because the whole point of the program is to produce people who can do the work, not just describe it.
The takeaway
You cannot focus on just one part of the space enterprise. A strategy that starts and ends with the spacecraft leaves out the part an attacker would most likely go after. Secure the ground segment like the high-value target it is: the same rigor you would apply to any critical network, plus an understanding of what those systems can command.
That is the version we just finished teaching. The first instruction of our Cybersecurity Fundamentals for Space program is in the books, and we are grateful to every student for being so enthusiastic and engaged each day. The program is hands-on and capstoned on the IRON GALAXY range, where students map a real ground station network, exploit it, and then defend it.
If you want that hands-on version, that is exactly what our Cybersecurity Fundamentals for Space program is built to deliver.