Singapore’s ambitions in the fast-growing space economy are colliding with a sobering reality. Much of the satellite infrastructure that underpins emergency response, navigation and financial transactions was built at a time when cybersecurity was not a design priority, says David Koh, chief executive of the Cyber Security Agency (CSA) of Singapore. “That means vulnerabilities today are not just in orbit, but across the entire space value chain,” he told delegates at the inaugural Cysat Asia conference in Singapore on Thursday.
The warning comes as Singapore prepares to launch its National Space Agency on April 1, positioning the city-state to take a more active role in a sector that is rapidly commercialising. Officials say the growth opportunity is significant, but the security risks embedded in legacy systems are becoming harder to ignore.
The global space economy is projected to grow to about US$1.8 trillion ($2.29 trillion) by 2035, up from US$630 billion in 2023, according to a joint report by the World Economic Forum and McKinsey & Company. As satellite constellations multiply and space-based services become more tightly woven into daily economic activity, weaknesses across ground stations, control systems and supply chains are emerging as a systemic concern.
Legacy systems, modern threats
The security problem is not confined to satellites. Space infrastructure is now deeply integrated with terrestrial digital networks, creating what Jonathan Hung, executive director of Singapore’s Office for Space Technology and Industry (OSTin), describes as a cyber-physical ecosystem where attacks on the ground can have orbital consequences.
“Thousands of satellites operate in close proximity, supported by complex digital links across ground stations, data centres, cloud infrastructure and user networks. Every space system is now part of a larger ecosystem,” says Hung at the same conference.
See also: Space partnerships take centrestage as Singapore prepares national space agency
That interconnectedness was exposed in February 2022, when a cyberattack disrupted the KA-SAT satellite broadband network in the early days of Russia’s invasion of Ukraine. The satellite itself was not breached. Instead, attackers exploited a misconfigured virtual private network (VPN) in ground-based management systems, gained access to servers that manage software updates, and used legitimate management commands to deploy wiper malware to tens of thousands of modems across Ukraine and Europe.
The impact spread far beyond the intended military targets. Wind farms in Germany lost connectivity, while emergency communications were disrupted across several countries. The incident illustrated what Koh describes as the spillover effect of attacks in a shared domain.
“Space systems are only as secure as the weakest link. Attackers do not need to reach orbit to cause a global-scale impact,” he says.
See also: ST Engineering pushes further into orbit with new satellites and geospatial analytics
Commercial expansion compounds risk
The growing role of private operators is adding another layer of complexity. Private companies now design, own and operate much of the infrastructure supporting communications, navigation and Earth observation, expanding the attack surface while dispersing responsibility for security across multiple actors.
That shift is accelerating as telecommunications companies move to integrate non-terrestrial networks into future 6G architectures, extending security considerations beyond terrestrial networks and deeper into space-based systems.
“Rapid technological advances are accelerating the growth of the space industry and satellite deployments. That creates a larger attack surface and greater urgency to ensure security is built into design, deployment, governance and lifecycle management,” says Koh.
For small, highly connected economies like Singapore, the exposure is particularly acute. The city-state relies heavily on satellite-enabled services for logistics, digital banking and emergency response.
“A bad day in space can very quickly become a very bad day on the ground. These disruptions are not abstract. They affect communications, financial transactions, navigation, supply chains and emergency services that people depend on every day,” says Hung.
Security by design, not retrofit
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Both leaders emphasised that security must be embedded from the outset rather than added after deployment. This is why Singapore is pushing for a cybersecurity-by-design approach that extends beyond satellites to ground infrastructure, operations and end-of-life management.
The strategy includes strengthening multi-agency partnerships between government and industry. OSTin works with CSA to align standards, share threat intelligence, and coordinate incident response across the space and satellite sectors.
However, the fundamental challenge requires international cooperation. Space infrastructure operates across national boundaries, creating vulnerabilities that transcend any single country's ability to monitor or address.
"Cyber threats do not follow national boundaries, and vulnerabilities in one system can have cascading effects across many others. This makes international cooperation and shared norms indispensable,” states Hung.
As such, Singapore supports developing international norms and best practices for responsible behaviour in space, applying the same rules-based approach it advocates for in trade and cyberspace.
"Space, just like cyberspace, is a shared domain," says Koh. "The actions of one actor will have consequences for many others. This is why norms, governance, frameworks and international cooperation are essential for keeping space a safe and trusted domain."
One example of such cooperation is Singapore-based SpeQtral’s collaboration with international partners on satellite-based quantum key distribution technologies to enable ultra-secure long-distance communications. The effort, supported by OSTin, represents the type of cross-border, public-private partnership both leaders say is essential.
"Our collective futures depend on building strong partnerships between space operators, industry leaders, researchers and policy makers. Space holds enormous promise for connection, discovery, and shared prosperity, but this promise can only be realised if space is secure, resilient, and trusted,” asserts Koh.
