The increasing digitalization of the space industry and the rapid expansion of commercial space activities have increased the sector's exposure to cyber threats. As satellite operators and aerospace entities rely on Internet-connected devices (ICDs) for control, communication, and ground-based operations, their attack surface expands accordingly. Despite this growing risk, there remains a lack of standardized methodologies tailored to measuring real-world cybersecurity exposure of ICDs in the space sector. Existing frameworks often overlook the unique characteristics of space infrastructure, including persistent connectivity, long system lifespans, and limited patching opportunities. To address this gap, we propose the Risk Exposure Framework (REF), a methodology to quantify cybersecurity exposure using Internet-facing asset data. REF integrates elements from well-established risk assessment models with targeted analysis of exposed services, known vulnerabilities, and exploit availability. The framework calculates risk through a structured approach that combines Exposure and Likelihood scores based on observable attack surface metrics. Our methodology allows one to compare exposure levels across organizations and supports alignment with sector-specific cybersecurity requirements, and it is adaptable to other critical infrastructure environments where external exposure plays a central role in cyber risk. Unlike general-purpose frameworks, REF directly captures space-specific traits by relying on observable network exposure indicators and by aligning with the principles of attack surface measurement in space environments. REF quantifies the externally observable posture of space organisations, primarily ground-segment and enterprise networks, based on Internet-facing exposure and exploitability. The framework does not model spacecraft constraints, but it can reflect their downstream effects when those constraints manifest at network boundaries. This paper also examines how the REF methodology can support existing cybersecurity policy frameworks and risk assessment strategies in both Europe and the United States.
Assessing the attack surface of space organizations: A data-driven analysis / Casaril, F., Galletta, L.. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 164:(2026). [10.1016/j.cose.2026.104848]
Assessing the attack surface of space organizations: A data-driven analysis
Galletta L.
2026
Abstract
The increasing digitalization of the space industry and the rapid expansion of commercial space activities have increased the sector's exposure to cyber threats. As satellite operators and aerospace entities rely on Internet-connected devices (ICDs) for control, communication, and ground-based operations, their attack surface expands accordingly. Despite this growing risk, there remains a lack of standardized methodologies tailored to measuring real-world cybersecurity exposure of ICDs in the space sector. Existing frameworks often overlook the unique characteristics of space infrastructure, including persistent connectivity, long system lifespans, and limited patching opportunities. To address this gap, we propose the Risk Exposure Framework (REF), a methodology to quantify cybersecurity exposure using Internet-facing asset data. REF integrates elements from well-established risk assessment models with targeted analysis of exposed services, known vulnerabilities, and exploit availability. The framework calculates risk through a structured approach that combines Exposure and Likelihood scores based on observable attack surface metrics. Our methodology allows one to compare exposure levels across organizations and supports alignment with sector-specific cybersecurity requirements, and it is adaptable to other critical infrastructure environments where external exposure plays a central role in cyber risk. Unlike general-purpose frameworks, REF directly captures space-specific traits by relying on observable network exposure indicators and by aligning with the principles of attack surface measurement in space environments. REF quantifies the externally observable posture of space organisations, primarily ground-segment and enterprise networks, based on Internet-facing exposure and exploitability. The framework does not model spacecraft constraints, but it can reflect their downstream effects when those constraints manifest at network boundaries. This paper also examines how the REF methodology can support existing cybersecurity policy frameworks and risk assessment strategies in both Europe and the United States.| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S0167404826000246-main.pdf
accesso aperto
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
3.37 MB
Formato
Adobe PDF
|
3.37 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
