The space industry plays a critical role in national security and economic life. Yet satellites, once deployed, are largely out of reach and difficult to update or repair, making their security design decisions effectively permanent. For the space sector, the quantum threat is therefore not a distant concern but a pressing challenge, as vulnerabilities introduced today could persist throughout a satellite’s operational lifetime.
At CYSAT Asia, the first ever conference in Singapore dedicated to cybersecurity in space, the panel ‘Satellite Infrastructure: When Can It Be Quantum Resilient?’ discussed the implications of quantum computing on space assets, how to future-proof satellites, and why regulation lags behind technology.
Why space systems are uniquely exposed
Prof. Michael Kasper, Chief Executive Officer at Fraunhofer Singapore Research, opened by commenting that space infrastructure is far more than the satellites that orbit the earth, and includes onboard computers, payloads, ground stations, user terminals, and the communication links binding them together. Each of these components, he remarked, is a potential attack surface.
“We know that these infrastructures are vulnerable… from data communication, telemetric services, GPS—could be a wide range,” he said, citing risks to data security and firmware integrity, among others. He also noted that kinetic threats, such as anti‑satellite activities, add another layer of uncertainty, citing the upticks in cyber attacks by nation-state actors. He further pointed out that satellites’ long design and deployment lifecycles—often spanning a decade or more—mean that systems launched today may operate with outdated security assumptions, making them particularly vulnerable to evolving threats over time.
For Anna Beata Kalisz Hedegaard, Chief Executive Officer and Co‑Founder of Quantum Security Defence Ltd, the stakes extend far beyond the satellites themselves, or even issues of national security and defence.
“We are not protecting infrastructure from only a business point of view. We are protecting our lifestyle,” she emphasized. GPS, global communications, financial transactions, and countless digital services rely on space‑based networks. A quantum‑enabled adversary capable of decrypting satellite communications could, she added, interrupt the trajectory of global progress.
The countdown to Q‑Day
The urgency is not hypothetical. Corey McClelland, Senior Director of Quantum Networking at IonQ, highlighted how quickly quantum computing is advancing. “We will have 20,000 physical qubits and 1,000 logical qubits by 2028,” he said, referencing IonQ’s roadmap, which brings the industry “very close to enabling Shor’s algorithm,” the quantum algorithm capable of breaking today’s widely used public‑key cryptography.
According to McClelland, operators are already worried. “Any of the satellites that are up today that use current encryption will be vulnerable,” McClelland warned. The threat is not only future decryption; it is also ‘harvest‑now, decrypt‑later’ attacks, where adversaries store encrypted satellite data today in order to decrypt it once quantum computers mature.
Post Quantum Cryptography (PQC) vs Quantum Key Distribution (QKD)
The panelists emphasized that the space industry should prepare for the quantum threat as soon as possible, beginning with implementing Post-Quantum Cryptography (PQC). PQC, they agreed, is the most practical and cost-effective solution as a first step.
According to Nicolas Pouymonbrat, Quantum Safe Technical Sales Manager at ID Quantique, however, PQC alone may not be enough to withstand threats to space assets.
He cautioned, “PQC, which is more of the algorithmic, mathematical path, has been standardized. In terms of implementation, it might be faster, because it’s software grade. But even the process of implementing PQC can raise risks.”
Pouymonbrat then argued that Quantum Key Distribution (QKD) – which uses principles of quantum mechanics to guarantee security – might prove to be a more reliable solution for the space industry. He pointed to the maturity of QKD, saying, “The technology has been in academia and research… for very, very long time. So in terms of the technology, it’s quite mature” he said. ID Quantique itself, he added, has been working on quantum-based security protocols for over 20 years.
Pouymonbrat added that while QKD is theoretically secure, it requires specialized hardware and careful engineering. Therefore, he said, the choice between PQC and QKD, or both, varies widely depending on the use case—telecom networks, satellite links, or financial institutions all have different requirements.
Designing satellites for a quantum future
Quantum resilience is not only about cryptography, but also about the design and architecture of the satellite itself. For example, as McClelland pointed out, basic cyber hygiene in satellite design can dramatically reduce risk.
He explained, “An example of that would be separating the satellite bus from the payload to make sure that it’s not an attack vector. As quantum computers become more viable and universally adapted to solve some of these problems, there are other things that we can do, as far as projecting what the attack vectors are on the specific designs of the satellites and the communication channels – whether RF or optical.”
But not all is doom and gloom, according to Hedegaard, who said that satellites will have a prominent role to play in the networks of the future.
“We are progressing in quantum computing. The threat isn’t the only part of it, but to actually be able to distribute [quantum] capabilities, we will need entanglement-based future networks…We will be transitioning as a civilization to the next level of doing business, communicating and also protecting different assets,” she said.
McClelland concurred, citing how IonQ’s customers are already looking for next-generation satellites. He pointed to IonQ’s recent acquisitions—Capella Space and Vector Atomic— and said they signal a broader shift toward quantum‑enabled satellite platforms.
McClelland described these next‑generation satellites equipped with Synthetic Aperture Radar (SAR), optical communications, and onboard quantum capabilities, which will launch as soon as 18 months’ time.
He said, “We just acquired Capella Space and Vector Atomic. Both have very unique product lines – Vector Atomic in the area of quantum atomic clocks, and then Capella, with their satellites and Synthetic Aperture Radar (SAR). So we’re seeing bus development for larger, new-generation of satellites that will enable SAR, quantum networks with optical communications, and with quantum capabilities on board. Those satellites will start to launch in about 18 months, and then we’re looking at upgrades on a continuous basis over the next couple of years.”
Why regulation and business lag behind technology
Even as technology advances, regulation lags. Hedegaard described the global landscape today, in which policymakers are struggling to keep pace. “Development of technology is not the same as implementing it,” she said. Regulators must understand not only the theoretical security of quantum technologies but also how to assess real‑world deployments.
Workforce shortages, unclear guidance, and the absence of enforceable standards all slow adoption. PQC is “quite there,” Hedegaard argued, but remains largely in the realm of recommendations rather than mandates. She added that without accountability, businesses hesitate to invest, and that human psychology also plays a role.
“If there is no direct attack, then you’re gonna postpone it,” she said. But once a quantum threat materializes, the world may respond with the same rapid mobilization seen during the COVID‑19 pandemic. The challenge is to prepare before the crisis.
Pouymonbrat added the lag is not limited to regulators, but that businesses can also be slow to act, citing cost, awareness, and regulatory uncertainty as the biggest barriers. He noted that highly regulated sectors—finance, government, aerospace—tend to move slowly unless policies explicitly require quantum‑safe measures. Awareness is also uneven. “More often than we think… people are not really aware, or they just read it in some news,” he said. “That is not enough to drive adoption.”
The panelists reached a clear consensus that satellite manufacturers should, at a minimum, begin implementing post-quantum cryptography (PQC) in their systems. They emphasized that while large-scale quantum threats may still be emerging, the long development lifecycles of satellites make early adoption essential. By starting now, manufacturers can better future-proof their infrastructure, mitigate long-term security risks, and ensure resilience against the next generation of cryptographic challenges.
