This blog post was created based on the transcript from episode 254 of the Exploring Information Security podcast. First draft by Gemini; edited by a human.

For decades, the concept of space security was relegated to science fiction or the classified halls of government agencies. Today, however, our entire way of life—from the synchronization of power grids to global financial transactions—is predicated on data traversing the stars.

In a live recording of the Exploring Information Security podcast, I sat down with Tim Fowler, CEO and founder of Ethos Labs LLC, to discuss why space is the ultimate culmination of all security specializations.

The "Veil of Obscurity" is Lifting

Historically, space systems relied on a "veil of obscurity" or technological supremacy for protection. Because it was so difficult and expensive to communicate with an orbiting satellite, security was often deprioritized in favor of pure operations.

Fowler notes that this obscurity is now gone. With the rapid commercialization of space, the technological barriers to entry have plummeted. The focus on security is still well behind and is likely too be a repeat of history where organizations will have to scramble to bolt on security.

Why Terrestrial Life Depends on Space Security

One of the most sobering points of the discussion was the real-world impact of a space-based security event. While many associate GPS only with navigation, it is actually the primary timing source for critical terrestrial infrastructure.

Financial Systems: Stock exchanges rely on GPS timing for transaction synchronization.
Power Grids: America’s "just-in-time" grid uses space-based timing to desynchronize or ramp production.
Pipelines: Crucial infrastructure synchronization is often tethered to orbital data.

A disruption in space doesn't just stay in orbit; it can cause rolling blackouts or freeze ATMs right here on the ground.

The Encryption Gap and Integrity Risks

A persistent challenge in the field is the lack of basic encryption. Fowler reported being surprised if even 50% of current space signals are encrypted, often due to the operational complexities of managing keys in orbit.

Furthermore, encryption only solves for confidentiality, not integrity. Even an encrypted signal can be captured and "replayed" by an attacker, leading a satellite to process potentially malicious commands because it lacks the layers to verify the signal's integrity.

Integrating Security with Development

Fowler argued that the most effective way to secure the "Final Frontier" is by moving security closer to operations.

Security Involved Early: The best model involves physically placing security testers (like penetration testers) directly within development teams.
Offensive Education: Teaching developers how to attack their own software is one of the most effective proactive measures to stop vulnerabilities before they launch.

The Future of Space Security and Ethos Labs

Despite the challenges, the industry is seeing an uptick in security engineering roles. For those looking to get involved, resources like the Aerospace Village and specialized training platforms are becoming more accessible.

Fowler also teased exciting developments for Ethos Labs in early 2026, including:

"Fun Size" Hardware: A new, smaller hardware platform that is easier to manufacture and ship.
On-Demand Classes: For the first time, hardware classes will be available in a guided, drop-shipped on-demand format.
Centralized Repository: A new brand under Ethos Labs aimed at being a one-stop-shop for space security videos, blog posts, and training.

Final Thoughts: AI and the Human in the Loop

Our discussion concluded with AI’s role in space. While AI is excellent for anomaly detection and "busy work" like high-speed sensor analysis, Fowler insists that mission-critical decisions must always have a human in the loop. In space, a misunderstood data point can rapidly escalate into a hostile international incident.

Want to dive deeper? Check out ethoslabs.space for more information on the upcoming hardware kits and space security training.

This blog post is based on a podcast I recorded with Tim Fowler back in January. I’ve used ChatGPT to take the episode transcript and turn it into a blog that I have reviewed and edited. Check out the episode: https://www.exploresec.com/eis/219

The Rise of Space Cybersecurity

Cybersecurity has long been a critical focus in terrestrial technology, but as the space industry continues to expand, the need for security in orbit has never been more urgent. One person leading this charge is Tim Fowler, the creator of TEMPEST, a 1U CubeSat educational project designed to bring hands-on security training into the realm of space systems.

In a recent Exploring Information Security podcast episode, I sat down with Fowler to discuss TEMPEST, its impact on cybersecurity education, and why space security needs a shift in focus.

Why Space Security Matters

The rapid expansion of satellite technology means that more devices than ever before are being launched into space—often without robust security measures. Fowler highlighted that traditional approaches to securing IT systems don’t always translate well to space-based infrastructure.

Some of the key concerns include:

Unsecured Communication Links – Space systems often rely on unencrypted signals, making them susceptible to interception.
Satellite Hijacking – Attackers could take control of a satellite’s operations and disrupt services or use it for malicious activities.
Supply Chain Vulnerabilities – Many CubeSats are built from commercial off-the-shelf components, which can introduce security risks.

TEMPEST allows students and professionals to experience these risks firsthand in a controlled environment, making it an essential tool for training the next generation of space cybersecurity experts.

What is TEMPEST?

TEMPEST—an acronym for Tim’s Endeavor into Manically Producing Educational Space Technologies—is a modular, intentionally vulnerable CubeSat that provides cybersecurity professionals, students, and researchers with a hands-on way to test and hack satellite systems.

Fowler, an expert in space cybersecurity, launched the project to address a major gap in the industry: most CubeSat kits focus on functionality, but none include security as a fundamental component. TEMPEST is designed to fill that void by allowing users to simulate attacks, build defenses, and understand real-world space security challenges.

A Hands-On Approach to Learning

TEMPEST was designed to be modular and hackable. Fowler structured the CubeSat with intentionally built-in security flaws to simulate real-world attack scenarios. Users can explore:

Radio frequency (RF) security and satellite communications.
Embedded system vulnerabilities within the CubeSat’s flight computer.
Software-defined radios (SDRs) for signal interception and manipulation.
Security hardening techniques to counteract common attack vectors.

The first generation of TEMPEST hardware debuted at Wild West Hacking Fest in 2024, where attendees were able to test, break, and improve upon the system in real time. Fowler also runs training sessions where participants assemble and experiment with the CubeSat, learning about space security hands-on.

The Accidental Broadcast Storm

One of the most entertaining moments Fowler shared was an unexpected security lesson during a training session. When a room full of students powered up their TEMPEST CubeSats simultaneously, the devices inadvertently started talking to each other, creating a self-replicating “broadcast storm.”

This unintentional experiment highlighted a crucial lesson in satellite security: small design choices can have major consequences. Even unintended interactions between satellites can create denial-of-service conditions or unexpected network behaviors, reinforcing the importance of secure communication protocols in space systems.

What’s Next for TEMPEST?

While TEMPEST is currently only available through Fowler’s space cybersecurity training courses, plans are underway to release a public version that allows more people to engage with the project.

Upcoming developments include:

A new defensive security course focused on satellite protection strategies.
Open-source release of older TEMPEST versions, allowing users to build their own CubeSats.
Expanded training opportunities at major security conferences in 2025.

Where to Learn More

If you’re interested in learning about space cybersecurity and hacking CubeSats, TEMPEST offers a unique and invaluable resource. Keep an eye out for future training sessions and updates by following:

🌐 EthosLabs.space – Fowler’s main site for TEMPEST training and updates.
🎙️ Exploring Information Security Podcast – Listen to the full episode for an in-depth discussion on TEMPEST.

Final Thoughts

Space cybersecurity is one of the most exciting frontiers in infosec, and projects like TEMPEST are helping shape the future. By providing a hands-on, educational platform for space security, TEMPEST ensures that the next generation of security professionals is ready to defend our critical space infrastructure. 🚀

What are your thoughts on space cybersecurity? Let’s discuss in the comments!