Redazione RHC : 13 September 2025 17:34
U.S. defense contractors are developing an artificial intelligence tool called Cyber Resilience On-Orbit (CROO) to detect cyber attacks on satellites by directly monitoring the behavior and telemetry of satellite systems in orbit. The goal is to identify anomalous behavior by leveraging machine learning and artificial intelligence, to understand the true state of satellites beyond simply protecting communication links.
The CROO tool was developed by Proof Labs, a space cybersecurity startup based in Albuquerque, New Mexico, with contributions from Big Bear AI, an AI solutions company in Virginia, and Redwire Space Systems, a Florida-based aerospace and defense company. The AI model is trained using high-fidelity synthetic satellite telemetry and other data generated by a digital model of the FireSat satellite built by Redwire.
Big Bear AI compiled a time series of 1.2 million rows of data by modeling FireSat telemetry and other data under both normal and hacked conditions. The data includes all information processed by the satellite’s flight software, allowing the model to learn patterns of normal operation and anomalies produced by adversarial scenarios.
Proof Labs points out that security solutions so far have focused primarily on the ground side of the network; encryption of satellite links protects data in transit but does not protect the satellite or its onboard functions. CROO therefore aims to detect or infer attacks even through data generated by unattacked devices or subsystems, with the intent of preventing sophisticated attacks similar to Stuxnet.
CROO will be distributed as software and can also be implemented as hardware installable on satellites; launch is scheduled for next year. Part of the funding comes from a research and innovation contract signed with the U.S. Air Force Research Laboratory in 2024, and the Space Force’s intended customer is the U.S. Air Force. Space Systems Command. The software will be offered to both military and commercial satellite operators.
According to technical managers, the telemetry set includes parameters such as reaction wheel speed, star tracker position, and solar angle reported by the onboard solar tracker. Big Bear has also stated its intention to share the data as a repository on GitHub to allow others to train their own AI models.
The designers emphasize the importance of understanding the real-world behavior of the satellite’s components: simulated attacks against FireSat primarily targeted the batteries, chosen because they would have generated noticeable noise in the telemetry. The selected attacks and simulated scenarios were designed to produce detectable physical or digital changes in the telemetry stream, allowing CROO to detect signs of compromise even when some subsystems appear uncompromised.
Redazione