Twins in Space - AI & DT for space cyber defence (part 1)

Twins in Space - AI & DT for space cyber defence (part 1)
Image by Alan Morales (https://www.pexels.com/@alanmoraales/)

Cyber adversaries are expanding their reach beyond terrestrial networks. Recently, incidents targeting satellite and space systems have demonstrated the potential for adversarial manipulation, operational disruption and sensitive data breaches. Such threats have significant implications for commercial enterprise and national security.

Precursor to my Counterspace talk at BSides Joburg 2025: https://bsidesjoburg.co.za/

Outmanoeuvring Threats Beyond Earth - Cyber Counterspace BSides Joburg 2025
As cyber adversaries expand their reach beyond terrestrial networks, the risk to space-based infrastructure—satellites, spacecraft, and critical communications has never been greater. Recent cyber incidents targeting satellite networks and space systems have demonstrated the potential for adversarial manipulation, data breaches, and operational disruption. These threats have significant implications for commercial enterprises, financial institutions, and national security.
pretalx

Key Takeaways

  • Understand the space domain, systems and counterspace.
  • Identify how it may exist or emerge in your threat landscape.
  • Map potential opportunities to innovate in your organisation.

Series Overview

  1. As an introduction, we will define various orbits and forms of counterspace.
  2. Discuss why cyber counterspace is important to all countries, including SA.
  3. We will breakdown basic space systems, including terrestrial components.
  4. Introduce a list of relevant frameworks developed for space cybersecurity.
  5. Get into the challenges, and opportunities, specific to cyber counterspace.
  6. Solutions to prevent counterspace attacks and improve space cybersecurity.
  7. Discuss what we are doing at Snode Technologies to innovate in this “space”.

Part 1 - Content

In this first article we introduce key terminology referenced in future installments.

  1. Twins in Space - Introduction
  2. What is Counterspace?
  3. What is a Space System?
  4. Where is Space exactly?
  5. Digital Twin (DT)
  6. Fully Homomorphic Encryption (FHE)
  7. Assured Micropatching (AMP)
  8. AI-based Threat Detection (Cyber AI)

Twins in Space - Introduction

Innovative technologies, such as Fully Homomorphic Encryption (FHE), AI-based threat detection and DT simulation, are revolutionizing space cybersecurity. Drawing from my experience in the design and development of Snode's Cyber-AI platform (Guardian), a globally patented real-time detection and response system, let us explore how cutting-edge security strategies like these help mitigate Cyber Counterspace threat exposures.

Snode Technologies
We defend the future
snode.comRoland Rieseberg

What is Counterspace?

Counterspace - deters, disrupts, denies, degrades or destroys space systems.

There are four main categories of Counterspace activity:

  1. Kinetic - like a missile (destructive projectile stuff);
  2. Non-kinetic - not a missile (e.g., information warfare);
  3. Electronic - like an EMP (electromagnetic pulse); &
  4. Cyber - software exploit against space infrastructure.

What is a Space System?

A basic space system comprises of a space and terrestrial ground and user segment.

Basic Space System (https://en.wikipedia.org/wiki/Ground_segment)

Where is Space exactly?

The theater of engagement exists across multiple orbits, including the following:

  1. LEO - low earth orbit;
  2. MEO - medium earth orbit;
  3. GEO - geostationary earth orbit;
Taken from Wikipedia (https://en.wikipedia.org/wiki/List_of_orbits)

So, where does space start? Well, LEO starts at 180 KM from the surface of earth.

Planes fly at 12KM from the earth surface (https://www.pexels.com/@elii/)

Digital Twin (DT)

A Digital Twin is a digital “mirror copy” counterpart of a physical (or digital) environment. It incorporates all changes, in real-time, and provides a digital copy of all attributes (over a time dimension). The concept of developing a “digital twin” date back to the 1960s at NASA (National Aeronautics and Space Administration). The term “Digital Twin” was first introduced by Dr Michael Grieves, an advisor to NASA, in 2002.

Taken from DIGITAL TWIN FOR INDOOR DISASTER IN SMART CITY: A SYSTEMATIC REVIEW (https://isprs-archives.copernicus.org/articles/XLVI-4-W3-2021/315/2022/isprs-archives-XLVI-4-W3-2021-315-2022.pdf)

Digital Twin has bi-directional communication between the original and mirror. So interestingly, these are two concepts that are often confused with Digital Twin:

  1. Digital model - no communication flow. &
  2. Digital shadow - one way communication.
Digital twin, model and shadow (https://www.pexels.com).

So, running a Formula 1 car in a wind tunnel simulation is more comparable to a digital model. While Snode's AI-based attack simulation is more aligned to a digital shadow.

Typical types of Digital Twin include:

  1. Monitoring;
  2. Predictive;
  3. Prescriptive;
  4. Autonomous;
  5. Imaginary; &
  6. Re-collective.
Types of Digital Twin (https://www.pexels.com).

Fully Homomorphic Encryption (FHE)

So, in general, we (1) process, (2) transmit and (3) store data. Now, when you think of data encryption during transmission (1) - you may think of SSL (secure sockets layer). Similarly, if you think "encryption at rest" (3) - you may think of hard drive encryption.

What about encryption during processing? Well that's where we look to decrypt and then process (3). Now, you think to yourself - but what if it was possible to process encrypted data - that's way more secure right? Correct, that's what we call FHE baby!

FHE is also known as the "holy grail" of encryption. Here is a cool paper for OpenFHE.

Indy asks,... seriously, you guys calling it the holy grail???

Assured Micropatching (AMP)

Legacy binaries, some of which have no associated source code, need to be assessed and patched for vulnerabilities. Micropatching is a mechanism for altering a compiled binary in a way the remediates or mitigates a vulnerability. This approach will identify, modify and remediate vulnerable binaries without adversely affecting the availability or functionality of the system.

Check out SHIVA from the "ELFMaster" website: https://arcana-research.io/

A (strcpy) vulnerability in C fixed using binary patching (https://arcana-research.io/shiva/)

AI-based threat detection (Cyber AI)

This is a broad topic, since there is a range of AI-based approaches to threat detection.

However, for the scope of this article, lets focus our attention on the most prevalent:

  1. The most common use case is machine learning (ML) for anomaly detection. This is both supervised and unsupervised learning ML algorithms that detect anomalies.
  2. Deep Learning (along with ML) for cybersecurity classification. This is one of my favourites, especially Bayesian Classification, which is used in your SPAM filter. Deep Learning can help classify malware and is also used in behavioural analytics.
  3. Reinforcement Learning which is used for adaptive defence. We use this in Snode's SOC for incident response automation, but its also used for prescriptive analytics.

If you keen to see and example of how we implement this at Snode check out this post:

Using AI for real-time attack simulation at scale (part 2)
This is the second article in a three part series, describing the process we follow at Snode Technologies to go from initial idea (part 1) to functional prototype (part 3). Quick recap (part 1) In the first part we decided to use AI-based attack simulation modelling, to help us prioritise
Art of DefenceNithen Naidoo

In the example (above), we split our AI-based solution into three sub-components:

  1. Classification and correlation.
  2. Attack simulation modelling.
  3. Supervised ML (re)-training.
Solution Design Sub-components

A detailed explanation of Cyber AI from ideation to prototype - and now in production.

Conclusion

In part 2, we will unpack the current challenges with regards to Cyber Counterspace.

Subscribe to be notified and as always, if I got anything wrong,...

References

The following websites serve as appropriate references for additional detail:

Types of orbits
Types of orbits
GitHub - advanced-microcode-patching/shiva: A custom ELF linker/loader for installing ET_REL binary patches at runtime
A custom ELF linker/loader for installing ET_REL binary patches at runtime - advanced-microcode-patching/shiva
GitHubadvanced-microcode-patching
Snode - the power of prioritising risk using AI - TechCentral
Artificial intelligence-driven cybersecurity is revolutionising business resilience.
TechCentralSnode
Arcana
Outmanoeuvring Threats Beyond Earth - Cyber Counterspace BSides Joburg 2025
As cyber adversaries expand their reach beyond terrestrial networks, the risk to space-based infrastructure—satellites, spacecraft, and critical communications has never been greater. Recent cyber incidents targeting satellite networks and space systems have demonstrated the potential for adversarial manipulation, data breaches, and operational disruption. These threats have significant implications for commercial enterprises, financial institutions, and national security.
pretalx