Likelihood: LOW
Impact: VERY HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is low because no active exploitation of space system infrastructure is confirmed and successful attacks require significant technical sophistication, nation-state-level capability, or insider access to ground segment or C2 systems; however, impact is rated very_high because the absence of a standardized security framework for space architectures means that a successful attack on widely shared satellite timing or communications infrastructure could simultaneously cascade into power grid synchronization failures, GPS-dependent financial settlement disruptions, and transportation outages across multiple critical sectors with no mature playbook for coordinated response.
Treatment rationale: The systemic dependency of multiple critical infrastructure sectors on unframeworked space-based services makes acceptance or transfer insufficient — the organization must actively inventory its space-based service dependencies, classify them as critical or non-critical, and build compensating controls (redundant timing sources, degraded-mode operating procedures, vendor assurance requirements) while the regulatory landscape matures.
Third-Party / Supply-Chain Risk
Organizations consuming commercial satellite communications (e.g., VSAT providers, GPS timing services, LEO broadband platforms) have no standardized basis under NIST SP 800-161 to assess or contractually require cybersecurity controls from space-system vendors, because no purpose-built framework currently governs ground segment interfaces, C2 link security, or satellite supply chain integrity; this creates an unquantified third-party dependency risk that cannot be managed through standard vendor risk assessment tools.
Loss Exposure (illustrative)
Magnitude: very high — illustrative $10M–$500M+ for a sector-anchor organization (e.g., major financial institution or grid operator) experiencing a multi-day GPS timing or satellite communications outage, scaling to systemic losses across dependent sectors in a worst-case shared-infrastructure scenario
Frequency: Illustrative: for a single organization with unaudited space-based dependencies and no compensating controls, a materially disruptive space-system incident (whether cyber-caused or not) is plausible at a frequency of once per decade at current threat maturity, rising as adversary capability and geopolitical tension increase
Annualized: Illustrative ALE framing: at 0.1 events/year frequency and a conservative $10M single-loss estimate for a mid-tier critical infrastructure operator, annualized exposure is illustratively ~$1M/year — this figure rises sharply for organizations with no redundancy and direct operational dependency on a single satellite service
Basis: Loss magnitude driven by: (1) cascading nature of space-based timing/comms dependency across financial settlement, grid synchronization, and transportation coordination, meaning a single outage propagates across multiple revenue and operational streams simultaneously; (2) absence of a mature incident-response framework specific to space systems extending recovery timelines; (3) frequency estimate anchored to low-but-non-negligible nation-state threat actor interest in satellite infrastructure, no confirmed active exploitation, and historically rare but consequential incidents affecting GPS/satellite services. No third-party statistical sources cited.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Operational disruption caused by a space-based service outage attributable to a cyberattack on a shared satellite provider may implicate business-interruption or contingent business-interruption coverage under a cyber policy — verify with broker whether your policy covers cascading losses from attacks on third-party critical infrastructure you do not operate.
• Regulatory reporting obligations under sector-specific rules (e.g., NERC CIP for energy, TSA directives for transportation) may be triggered if a space-system disruption causes a reportable operational impact — verify with counsel whether your incident-reporting obligations extend to upstream third-party infrastructure events.
