ESA Security Center: Europe is also defended in space

When Defense Minister Boris Pistorius warned emphatically at the Space Congress last September about threats in space from Russia and China, the public took notice. “Satellite networks are the Achilles’ heel of modern societies. Whoever attacks them can paralyze entire states,” the politician said. Accordingly, he announced a €35 billion security package for space projects. But how real are these cyberattacks in space? What concrete effects could acts of sabotage have? And how is Europe positioned in terms of security?

These questions are best answered on site at the new Cyber Security Operations Centre (C-SOC) of the European Space Agency (ESA), inaugurated in May 2025 at the European Space Operations Centre (ESA/ESOC) in Darmstadt. Here, Europe’s critical space infrastructure is to be protected from cyberattacks amid a highly sensitive geopolitical situation.

The European counterpart to Houston is housed in an unassuming building in an industrial area. Yet, after passing strict entry controls, visitors encounter a bustling scene. International staff discuss, in multiple languages, the upcoming launch of an Ariane 6 rocket in just a few days. For the third time this year, a heavy-lift rocket is set to launch from ESA’s launch facility in Kourou, French Guiana. The control center has long awaited this event. The Sentinel-1D satellite, part of the Copernicus mission, is intended to provide data for disaster relief teams, environmental agencies, climate scientists, and the Galileo navigation system.

Especially during highly publicized rocket launches, the threat from cyberattacks is particularly high, explains Dr. Markus Rückert, head of the new C-SOC. “The material and immaterial damage resulting from a failed launch would be incalculable. Accordingly, we are particularly vigilant during these days.”

The danger now comes not only from collisions with the ever-increasing number of government and private satellites in orbit. Intentional threats, in particular, pose challenges for ESOC. At the same time, digital vulnerabilities are increasing – just the loss of Galileo and GPS alone could virtually paralyze Europe.

The new ESA security center was deliberately designed for two locations: Darmstadt in Germany and Redu in Belgium. Belgium focuses on emails and data centers, while Germany is responsible for mission-critical IT systems that control satellites and process scientific data. Each ESA location can support and even replace the other if necessary. This redundancy is an important aspect of resilience and operational capability. The development of the new C-SOC cost about €26 million, with a five-year lead time, implemented in cooperation with an industrial consortium of 19 European companies.

View inside the Cyber Security Operations Centre

Cyber Security Operations Centre (C-SOC) at the European Space Operations Centre

| ESA - J. MAI

The core task of the C-SOC is to protect against digital attacks on nearly 30 satellites worth several billion euros, seven ground stations on three continents with three large 35-meter antennas, and the mission control systems. Operationally, this includes monitoring security events, threat analysis, incident management, and proactive threat research. Cyber risks range from ransomware to targeted satellite takeovers.

“It is not always possible to say exactly where attacks come from or whether they are primarily criminal or military in nature,” says Rückert. What is clear, however, is that Russia and China have rapidly expanded their capabilities for space warfare, according to the Ministry of Defense.

Existing security activities were consolidated in the new C-SOC. Work is cross-functional to monitor IT in offices, data centers, and in space simultaneously. This is important because hacker attacks always target vulnerabilities. These could be something as seemingly harmless as an email program in the administration. If a phishing attempt succeeds, the attacker moves step by step toward the satellite control system – a process known as lateral movement. Particularly critical are supply chain attacks, where attackers attempt to infiltrate systems via suppliers or software updates. “To implement the right cybersecurity measures, one has to think the unthinkable,” says Rückert. “Especially since the several thousand hacker attacks per month are becoming increasingly sophisticated and refined.” In addition to regular training, security engineers prepare for emergencies through simulations that recreate incidents. From these exercises, escalation levels are defined and procedural protocols developed.

The C-SOC is separated by only a glass door from the Network Operation Centre (NOC), where colleagues operate ESA’s worldwide network of ground stations 24/7, which in turn maintain contact with satellites in orbit. This allows the C-SOC cyber experts to draw on aerospace expertise on demand for risk assessments.

The combination of both areas is also helpful when assessing the potential consequences of a system shutdown. Without satellites, there would be no Earth observation, no navigation, no precise timekeeping, no communication, no secure financial markets, and no stable power supply. And because satellites must be constantly controlled, a shutdown could also lead to collisions or mission loss. "On the one hand, excessive protection must not paralyze operations," Rückert points out. "On the other hand, if something goes wrong here, it potentially affects all of humanity." For example, if a satellite were to fall under foreign control in a form of digital hostage-taking and be put on a collision course, the resulting space debris could make the orbit unusable for decades.

AI plays a supporting role in the C-SOC, but it is less significant than one might think. An algorithm regularly scans billions of data packets for anomalies and patterns. When irregularities appear, the sensitive system raises an alarm. However, the risk of false positives is relatively high. From that point, experienced analysts take over and make the final assessment of whether it is a real threat.

The principle that applies to the C-SOC also applies to ESA as a whole: technologies and systems are developed until they are ready for operational use. Afterward, industry takes over and can create business models from them. All tools are available license-free for ESA member states. Many successful companies, for example in control systems or telecommunications, are based on ESA technologies. Accordingly, the C-SOC also aims to equip European companies with tools and know-how for space cybersecurity.

A few days after the visit to the ESOC, the media reported a successful launch of the Ariane-6 rocket, placing the Earth observation satellite Sentinel-1D into orbit 700 kilometers above Earth. The launch was transmitted to the Darmstadt control center and celebrated there in the presence of ESA Director General Josef Aschbacher. Unnoticed by the public, the C-SOC team once again protected critical space infrastructure from cyberattacks. The threat level remains high – but Europe is prepared.