Building Anti-Malware for Space

Decades ago, when the U.S. military launched exquisite, custom-built vehicles into space, the threat of adversarial malfeasance to space operations did not necessarily need to be considered. The possibly of offensive cyber operations against American space assets was even further from thought.

Today, and certainly for tomorrow’s space domain, cyber threats need to be addressed, starting with cyber situational awareness, said Bryan Torielli from Deloitte.

Torielli, a space systems and cyber network architect for the company, spoke February 3 during AFCEA’s Rocky Mountain Cyberspace Symposium, held February 2-5 in Colorado Springs, Colorado.

Unfortunately, the mindset that space cyber protections are gratuitous persists, he warned.

“This journey started, I'd say, about 10 years ago, when we started doing ground segment cyber work, and the idea came to a few people, who are here in the room, ‘Hey why don't we do cyber for space systems,’” Torielli shared. “Doesn't that kind of seem like a good idea? But the first time we tried to talk to the government about satellite cybersecurity being important, the first government employee came back and said, 'But it's all the way up there.'”

Organizations are just beginning to construct cyber-related solutions that can be applied to space assets. Sandia National Laboratory and the Aerospace Corporation, the federally funded research development company (FFRDC), are also working on space-related cyber security, Torielli noted.

Deloitte, meanwhile, envisions an anti-malware construct applied to space vehicles.

“We are truly trying to effectively build an antivirus or an anti-malware use case,” he stated.

In March 2025, the company launched its first spacecraft into Low-Earth Orbit, courtesy of Space X, from Vandenburg Space Force Base, California. Known as Deloitte-1, the small but mighty satellite weighed only 10 kilograms (22 pounds), is 20 centimeters (CM) by 10 cm by 30 cm in size.

“The first thing we learned about space is no one will buy your space thing until you prove it works in space, and it is verified and tested,” Torielli laughed. “So, we decided to bootstrap some internal research funding and build and launch a satellite. Now this is the smallest satellite I have ever worked on, and yet it oddly means the most to me.”
 

Deloitte-1 is the first in a series of nine satellites that will be launched over the next 18 months as part of the company’s inaugural constellation.

The idea, the company said, is to “enable innovation, testing, training and space-based data insights,” through different payloads on the vehicles. For the eight other satellites to come, the company turned to Vienna, Virginia-based Spire Global Inc., a space-based data, analytics and space services firm, which will design, build and operate the eight vehicles.

At the heart of Deloitte-1’s testing is the new antimalware-like, space cyber solution. The so-called Silent Shield product is meant to be a predictive cyber analytic and anomaly detection system for on-orbit assets.

The out-of-band cyber intrusion detection system is designed to provide near real-time, predictive cyber analytics and anomaly detection, Torielli noted.

The tool is meant to ingest and analyzing data traversing the bus and payloads of space vehicles in-orbit, and alert operators on the ground about anomalous activity, along with any sensor, data and signal trust issues.

“We have developed analytics, so everything that comes in gets flagged, and then specific analytics, depending on the flag, are run against the individual pieces of data coming across the wire,” Torielli explained. “From there, we can detect anomalies, behavior, cyber attacks, random reboots, fluctuations, everything happening on the wire of the satellite.”

The cyber detection tool also has the ability to collect radio frequency (RF) signals across multiple frequencies. They will pair this RF data with geolocation information “to support use cases from maritime to earth health,” the company stated.

The onboard defensive cyber payload of the Deloitte-1 satellite will continue as a testbed for as long as the vehicle is in its Earth observation, heliosynchronous orbit, which is an estimated three-to-five years, Torielli noted.

During that time, the company will work on developing tactics, techniques and procedures (TTPs) for space-related defensive operations and threats. In addition, the company will continue to examine various cyber threat detection techniques, as it works to identify different threat actors’ TTPs and methods, to better illuminate actions cyber marauders might take against satellites.

“Satellites don't continuously talk to the ground,” Torielli continued. “They only talk to the ground once every couple hours, depending on the orbit. So, if I'm seeing a cyber attack happen, and then four hours later, I'm telling someone on the ground that cyber attack happened, and it's kind of too late. So, what's the point of all this? You need to learn what the attack looks like before you can develop a mechanism for automatically responding. That's the real point.”

To that end, the goal is to have cyber countermeasures that can autonomously neutralize cyber threats detected by onboard systems.

The payload does include an on-board environment for the testing of cyber effects, in addition to the cyber intrusion detection system.

Already, Deloitte has conducted “a series of cyberattack simulations and tests” about the Silent Shield tool’s effectiveness, a press release stated.

Lastly, the company attests that the solution also will provide independent validation of space data from sensors to operators, with the “ability to validate the integrity of the link segment, all in an out-of-band employment that does not introduce risk to the space vehicle, payloads or mission operations,” according to a company statement.

The Rocky Mountain Cyber Symposium is co-hosted by the AFCEA Rocky Mountain Chapter and AFCEA International. SIGNAL Media is the official media of AFCEA International.