Guidance

Cyber resilience in space

Published 30 September 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/unlocking-space-govbridge-resources/cyber-resilience-in-space--2

1. Introduction

This briefing explores the development of resilience within the space ecosystem, identifying potential hazards and threats, and outlining preparation strategies.

2. Overview

  • The security context of space

  • Risks facing the space ecosystem

  • How the UK Space Agency can help

  • Your responsibilities

3. UK Space Agency Security & Resilience

The UK Space Agency is an executive agency under the Department of Science, Innovation and Technology.

Space operations and their security involve multiple government entities including the Ministry of Defence (MoD), Foreign, Commonwealth & Development Office (FCDO), Department for Transport (DfT), and Department of Science, Innovation and Technology (DSIT).

The UK Space Agency has a small but agile team covering a wide range of policy areas:

  • Space Weather

  • Cyber

  • Spectrum

  • Investment Security

  • Critical Infrastructure

  • Physical & Personnel

  • National Risk Register

  • Exercising & Response

  • Licensing (National Security)

4. Security Context of Space

Space provides capabilities and potential for economic and national security advantages.

The domain has evolved from being dominated by state actors to now include private interests.

It is now congested, contested, and competitive.

The space economy is projected to be valued at $1.8 trillion by 2035 (World Economic Forum).

There is a distinction between dual-use and dual-purpose technologies.

The Outer Space Treaty (1967) governs the activities of states in the exploration and use of outer space, including the Moon and other celestial bodies.

5. The Space Ecosystem

The space ecosystem consists of communities of hierarchically independent yet interdependent heterogeneous participants who collectively generate an ecosystem value proposition.

6. The Utility of Space – Civil

Space is increasingly considered part of civil infrastructure.

It supports a range of functions within other critical infrastructure sectors.

Disruption to space services can result in cascading impacts through other systems.

Dependencies on space services emerge over time.

Space supports approximately 18% of the UK GDP, equivalent to around £370 billion.

7. Securing Innovation

“The security threat to the UK emerging tech industry is growing. But many such businesses remain vulnerable to attack.”

Key security principles include:

  • Know Your Threats

  • Secure Your Environment

  • Secure Your Products

  • Secure Your Partnerships

  • Secure Your Growth

For more information, search Secure Innovation NPSA.

8. Use of Force in Space

The Outer Space Treaty (OST) brings the UN Charter into force in outer space, prohibiting the use of force.

Elements of use of force include context, effects, gravity, and intention.

The treaty does not exclude certain capabilities and behaviours.

There is a lack of clarity in the meaning of ‘use of force’.

9. Protecting Intellectual Property and Services/ Help and Support

Everyone must protect intellectual property, assets, and services from both malicious actors and accidental events.

Demonstrating commitment to security is critical for business success.

Ensuring secure, robust, and recoverable services, systems, and processes can provide a competitive advantage and avoid costly retrofitting.

Help and support are available.

10. Cyber & Digital Security

Cyber Essentials is a government-backed scheme that helps organisations of varying sizes protect against common cyber attacks.

It includes self-assessment and technical verification (Cyber Essentials Plus).

Secure by Design is a framework for embedding cybersecurity practices in digital delivery and building resilient digital services.

Key principles of Secure by Design include:

  • Establish the context

  • Make compromise difficult

  • Make disruption difficult

  • Make compromise detection easier

  • Reduce the impact of compromise

  • Recover from compromise

11. Cyber & Digital security / Ground Station Technical Specification and Regulatory Review

The UK Space Agency has developed a tiered ground station technical specification that operators can voluntarily align with.

There is an ongoing regulatory review including:

  • EO Data Security policy and broader space-data regulations

  • Embedding national security and interest considerations in licensable space activities

  • Creating appropriate and proportionate requirements for protection of space systems

12. Partnerships

When forming partnerships, consider the following:

  • WHY are you collaborating?

  • WHO are you working with?

  • Conduct background checks – see NPSA Background Checks Guidance

  • WHAT are you sharing?

  • HOW are you protecting your innovation?

  • Use non-disclosure and other agreements

13. Personnel & Physical Security

  • Trusted Research: Jointly published advice by NPSA and NCSC supports the integrity of international research collaboration.

 It provides guidance to researchers, university staff, and funding organisations to protect sensitive research and intellectual property.

  • Informed Investment: There are risks associated with investment that can affect both business and national security.

Taking a security-minded approach from the start of investment planning can mitigate these risks.

14. Organisational Business Continuity

Business Continuity Management (BCM) is a strategic framework that enables organisations to rapidly restore operations during disruptions or crises.

It involves identifying potential risks such as natural hazards or cyber attacks and implementing measures to reduce their impact.

BCM ensures that critical functions can continue or quickly resume, minimizing financial and operational damage.

Resources include:

  • Business Continuity Management Toolkit – gov.uk

  • Business Continuity Institute

  • ISO 22301 – Business Continuity Management Systems

  • ‘Off the shelf’ books

15. Summary

You are part of the space ecosystem and its network of relationships.

Dual-use technologies introduce specific hazards and threats.

It is essential to secure your innovations.

There are a range of open programmes and guidance available to help you get started.

Back to top