Penetration testing in the space segment often involves specialized “cyber range” environments or digital twins to avoid putting the actual spacecraft at risk. This enhancement requires defining clear rules of engagement for these tests and ensuring that testers are appropriately trained to simulate real-world adversaries without triggering irreversible damage. Because replacing an on-orbit asset is extremely expensive, developers typically replicate flight conditions, signal latency, radiation effects, and restricted power budgets in a lab environment. Such “high-fidelity” testing ensures that discovered vulnerabilities accurately reflect how malicious actors might exploit fundamental components once in space, enabling more robust security fixes before launch or during scheduled update windows.
The [organization] shall coordinate penetration testing on mission critical spacecraft components (hardware and/or software).{SV-MA-4}{CA-8,CA-8(1),CP-4(5)}
Not all defects (i.e., buffer overflows, race conditions, and memory leaks) can be discovered statically and require execution of the system. This is where space-centric cyber testbeds (i.e., cyber ranges) are imperative as they provide an environment to maliciously attack components in a controlled environment to discover these undesirable conditions. Technology has improved to where digital twins for spacecraft are achievable, which provides an avenue for cyber testing that was often not performed due to perceived risk to the flight hardware.
The [organization] shall perform penetration testing/analysis: (1) On potential system elements before accepting the system; (2) As a realistic simulation of the active adversary’s known adversary tactics, techniques, procedures (TTPs), and tools; and (3) Throughout the lifecycle on physical and logical systems, elements, and processes.{SV-SP-3,SV-SP-4,SV-AV-7,SV-SP-11}{CA-8(1),SA-9,SA-11(5),SR-5(2)}
Penetration testing should be performed throughout the lifecycle on physical and logical systems, elements, and processes including: (1) Hardware, software, and firmware development processes; (2) Shipping/handling procedures; (3) Personnel and physical security programs; (4) Configuration management tools/measures to maintain provenance; and (5) Any other programs, processes, or procedures associated with the production/distribution of supply chain elements.