There’s a satellite in low-Earth orbit right now whose entire purpose is to be hacked.

Deloitte launched a microwave oven-sized cubesat from Vandenberg Space Force Base to serve as a live-fire cyber training range — a platform where military operators and defense contractors can attack, defend, and test resilience against cyber threats on an actual orbiting spacecraft.

That single fact tells you everything about where space cybersecurity is headed in 2026.

The problem: space is the soft underbelly

The Space Force’s own leadership describes cyberspace as the “soft underbelly” of space operations. And they’re not wrong.

Every critical space capability — satellite communications, GPS, missile warning, ISR — depends on ground systems, data links, and command-and-control infrastructure that runs through networks vulnerable to cyber attack. China’s PLA has a full spectrum of counter-space and cyber capabilities. Russia demonstrated it can target commercial satellite infrastructure when it hit Viasat’s KA-SAT network at the start of the Ukraine invasion. U.S. officials report that reversible cyber threats like signal jamming and sensor disruption occur on a near-daily basis.

The challenge is that traditional terrestrial cybersecurity practices don’t translate cleanly to space. You can’t easily patch a satellite that’s already in orbit. Continuous monitoring works differently when you have intermittent contact windows. The architectures span ground segments, orbital assets, and communication links — each with different threat surfaces and different constraints.

What the Space Force is doing about it

The USSF’s response is multi-layered, and it’s accelerating:

Mission Defense Teams. The Space Force is standing up dedicated cyber defense teams aligned to each Space Delta. These aren’t bolted-on IT security shops — they’re integrated into the operational structure, fusing cyber operations with electromagnetic warfare, missile warning, satellite communications, and space domain awareness. As one general put it, this is about building a “core identity” for the cyber workforce within space operations.

Cyber warrior development. The Space Force is shifting from time-in-grade career progression to competency-based development for its cyber workforce. Guardians will achieve proficiency levels — basic, senior, and master — based on demonstrated capability, not time served. This is a significant cultural shift for a military service.

Race to Resilience. The service’s initiative to achieve battle-ready architectures by 2026 is driving major investments in proliferated satellite constellations (harder to kill than a few exquisite assets), resilient communications, and anti-jamming and anti-spoofing technologies. The Space Development Agency’s Tranche 2 satellites are part of this, feeding real-time data to decision-makers across domains.

On-orbit training. Beyond Deloitte’s cyber range satellite, Mission Delta 9 — the Space Force’s orbital warfare unit — just received a live satellite specifically for practicing offensive and defensive maneuvers in space. This isn’t simulation. This is practicing space combat on actual orbiting hardware.

What this means for the defense industrial base

If you’re a defense contractor working in space — or adjacent to space through communications, ISR, or ground systems — here’s what matters:

Space cybersecurity requirements are expanding. The intersection of CMMC, NIST frameworks, and space-specific requirements is creating a compliance landscape that most organizations haven’t fully mapped. Existing cybersecurity frameworks lack consistent space-specific definitions. RAND research has found that DoD programs like CMMC “may not be flexible enough to allow companies to dynamically address risk” in space contexts, pushing toward compliance-based assessments rather than actual risk management.

Classification is the barrier. Multiple space leaders have flagged overclassification as a major impediment to moving faster on national security space. One industry executive called classification barriers “miserable,” arguing they limit the ability of the U.S. and allies to respond at the speed the threat environment demands. If you’re a space startup trying to work with the Space Force, navigating the classification maze is as important as your technology.

Spectrum dominance is the next frontier. The Space Force is elevating electromagnetic spectrum operations — including cybersecurity, anti-jamming, and electronic warfare — as a core capability area. After two decades of fighting adversaries who didn’t challenge U.S. spectrum superiority, the DoD is reckoning with the fact that near-peer competitors like China and Russia will contest the spectrum in any future conflict. This creates opportunities for companies building in spectrum management, EW, and secure communications.

ATO processes for space systems need modernization. The traditional RMF and ATO process was built for terrestrial IT systems with defined boundaries, regular patching cycles, and continuous monitoring capabilities. Space systems challenge every one of those assumptions. The gap between compliance frameworks and operational reality in space is one of the most important — and least discussed — challenges in defense cybersecurity.

The bottom line

Space isn’t a domain you can secure with firewalls and endpoint detection. It requires rethinking cybersecurity from the ground up — literally. The Space Force is making real moves to integrate cyber operations into its warfighting DNA, but the compliance and acquisition infrastructure hasn’t caught up.

For the defense industrial base, the message is clear: space cybersecurity is no longer a niche specialization. It’s becoming a core competency that the DoD expects from any contractor touching space-related missions. If your security architecture and compliance posture aren’t built for the realities of space operations, 2026 is the year to start fixing that.