NSA and ASD’s ACSC Release Joint Guidance on LEO SATCOM System Risks and Mitigations

FORT MEADE, Md.  – The National Security Agency (NSA) joins the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in collaboration with the Australian Space Agency and others in releasing the Cybersecurity Information Sheet (CSI), "Securing space: Cyber security for low earth orbit satellite communications.”

The report highlights high-level cybersecurity risks and mitigation strategies for users of Low Earth Orbit (LEO) satellite communication (SATCOM) systems. The risks and mitigations are detailed through the lens of the space segment comprising the satellites themselves; the ground segment encompassing satellite control centers, ground stations, gateways, and user terminals; the user segment that includes end-user devices, applications, and associated interfaces that connect to LEO SATCOM services; and the communication links and broader supply chain for LEO SATCOM systems.
 

The CSI suggests numerous mitigation strategies for the space segment and legacy space equipment, including implementing tailored security measures, and using frequency-hopping signals, redundant communication paths, and anti-jam antennas. For the ground segment, continuous monitoring and anomaly detection are essential. The user segment should focus on strengthening endpoint security and enforcing secure access practices.   

The report also provides frameworks for maintaining the resilience of critical networks, while offering valuable insights and guidelines for users to understand their roles and responsibilities in securing LEO SATCOM systems.

LEO SATCOM systems improve network resilience and enable emergency communications across both government and private sectors; however, as LEO satellite constellations grow, the attack surface open to adversaries increases, significantly increasing the risk to the system if the correct cybersecurity measures are not applied.
In LEO SATCOM networks, Confidentiality, Integrity, and Availability — known as the CIA triad — are critical to maintaining secure and reliable operations. LEO SATCOM systems face unique challenges due to their distributed architecture and limited physical access to space-based assets. They also rely on radio frequency links that are susceptible to jamming, spoofing, and interception.
Organizations that use LEO SATCOM services are encouraged to review this guidance and adopt the outlined cybersecurity mitigations.  

Other agencies co-sealing this CSI are the Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and Australian Space Agency.

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.
About the National Security Agency

Founded in 1952, NSA is a U.S. Department of War combat support agency and element of the U.S. Intelligence Community. The Agency’s mission is to provide foreign signals intelligence to policy makers and our military, and to prevent and eradicate cybersecurity threats to U.S. national security systems, with a focus on the Defense Industrial Base and the improvement of U.S. weapons’ security. From protecting U.S. warfighters around the world to enabling and supporting operations on land, in the air, at sea, in space, and in the cyber domain, NSA is committed to building public trust through transparency and protecting civil liberties and privacy consistent with our nation’s values.