Quantum computing is advancing fast, and nations are racing to field the first machines powerful enough to break modern encryption. This race has direct consequences for the commercial space industry, and for satellite operators in particular.
As low Earth orbit (LEO) becomes an increasingly contested domain, satellite operators could face a wide range of threats from quantum computing as nation-states harness the technology for gray-zone operations, hostile actions below the threshold of open conflict, that are exceptionally covert and hard to attribute.
The timeline is also shorter than many assume. Estimates for “Q-Day,” the point at which a cryptographically relevant quantum computer arrives, increasingly point to as early as 2029 according to Google, Cloudflare, IBM and others, and the billions being poured into quantum research by the United States, China, the UK, France, Japan and other countries could accelerate that timeline further.
The industry needs to start preparing now, treating quantum as a mission assurance problem rather than a narrow cybersecurity one. This means assessing long-term exposure to espionage, identifying critical encryption dependencies, planning a migration to post-quantum cryptography and protecting the integrity of the data and systems that spacecraft, customers and national security missions rely on every day.
Espionage starts with harvest-now
The most common misconception about quantum computing is that the threat begins when a capable machine arrives. In reality, it is already underway. Intelligence agencies have repeatedly warned about “harvest now, decrypt later” operations, in which adversaries collect encrypted information today expecting to decrypt it upon the arrival of a powerful enough quantum computer.
For space companies, the exposure is unusually long-lived, since satellite architectures, sensor designs, command-and-control systems and government program data retain strategic value for many years, if not decades. While a LEO satellite may operate only a few years, the systems and mission data flowing across its links carry forward across every replenishment generation. Information intercepted today will still be valuable when quantum computing capabilities mature. And once that traffic is captured, no future patch can un-expose it.
When decryption goes live
Once nation-states field cryptographically-relevant machines, the threat to data operations becomes significantly greater. Encryption that currently protects communications, telemetry and command links could be broken in near-real time, resulting in continuous, active surveillance of operations as they happen. An adversary could watch a constellation’s health and status as its own operators do, track which assets are tasked against which targets and map command patterns and ground station relationships across an entire fleet.
For space operators, this would not be a single breach but an ongoing wave of exposure across the entire organization and its assets. The same cryptography that quantum threatens also secures ground networks, software update channels and corporate IT, much of it never designed to be swapped out. When that protection fails across so many systems at once, an operator faces a fleet-wide loss of confidentiality until every affected system is migrated.
Corrupted telemetry and the collision risk
An even bigger threat to operators is data manipulation. With quantum computing, adversaries will not just be able to read satellite data, but they will also be able to quietly modify it without anyone noticing where the commands are coming from.
This is because the same cryptography that keeps data private also verifies identities, authenticates commands and confirms that data has not been altered in transit. When those protections fail, operators can no longer trust what is in front of them. The first place that breaks down is the operational loop used to fly the fleet.
Mission operations teams depend on authentic telemetry and tracking data to manage spacecraft, plan maneuvers and avoid collisions, much of it generated from the operator’s own systems rather than the public catalog. If a nation-state adversary can forge that data, an operator might act on a position or health reading that looks legitimate but is not, or hold a maneuver they should have executed. This exposure widens as operators increasingly share their own high-precision ephemeris with space situational awareness and traffic coordination providers, where forged data could corrupt collision-avoidance decisions across the orbital environment.
In a regime already crowded with more than 18,000 active satellites and millions of pieces of debris, a corrupted operational picture poses a significant safety risk. Adversaries could induce it deliberately as a tool of gray-zone competition, particularly when geopolitical tensions increase. Even worse, quantum could enable the ultimate insider attack on satellite operations, letting an adversary impersonate the operators themselves, issuing commands the spacecraft accepts as authentic and effectively stepping into the control loop directly.
Manipulated downlinks and the customers who trust them
The next target is the mission payload itself, the data the satellite exists to deliver. If a state-backed actor can manipulate that downlink, the consequences ripple outward to everyone who relies on it: a defense customer fed false warning of a missile launch that never happened, a risk that grows as efforts like Golden Dome lean on space-based detection; a maritime agency chasing an RF signal that hides a vessel running dark; a commodity market moved by corrupted crop data days before official figures appear.
What makes this so dangerous is the absence of any obvious failure. The satellite will still appear to work normally while the underlying foundation has been quietly compromised and the data made untrustworthy. This carries considerable implications for both the customer’s operational needs and the provider’s contracts and reputation.
The perfect gray-zone weapon
Quantum is ideally suited to gray-zone competition for one reason: the operator may never know it happened.
Most adversarial actions announce themselves at some point, whether it’s a proximity operation in orbit or a cyberattack on the network. But quantum attacks are different because the forgery passes authentication as legitimate, making it nearly invisible to standard monitoring and security tools. Operators may not realize an attack is underway, and afterward may be unable to confirm whether data was maliciously altered or simply corrupted by a malfunction.
This invisibility is a key advantage, since the objective in most gray-zone operations is not to physically damage a satellite but to manufacture uncertainty. If satellite data and communications can no longer be trusted, that uncertainty cascades into every downstream decision. The difficulty of attribution also makes deterrence and response harder, raising the odds that adversaries such as China, Russia, Iran and North Korea will turn these tools against the commercial space sector.
What operators should do now
A critical liability for satellite operators is that spacecraft and ground systems rely on infrastructure that cannot be replaced quickly. This is why operators need to start preparing now.
Lead with crypto-agility, not endless inventory. Many companies spend months mapping every last dependency before taking any protective action, leaving their most important systems exposed. A full inventory still matters, but it should not be a precondition for getting started. The work that matters most is architectural: building the ability to swap algorithms without changing hardware or taking down the network. With that agility in place, a dependency found later can simply be migrated rather than forcing a redesign. From there, adopt the finalized NIST post-quantum standards, align with NSA’s CNSA 2.0 timeline for national security and government-facing systems and press vendors for concrete roadmaps now.
Prioritize by confidentiality lifespan. Identify which assets must stay secure for multiple years or even decades. Those face the greatest exposure to harvest-now-decrypt-later collection and should migrate first.
Protect integrity, not just confidentiality. Because manipulation and forgery outrank decryption as operational threats, give equal weight to authenticating commands, telemetry and identities, not only encrypting them.
The first strategic advantage delivered by quantum computing may come from quietly undermining confidence in what commercial satellite systems produce. As competition in orbit intensifies, operators must prepare with urgency for the expanded gray-zone operations that quantum will afford America’s adversaries.
Eddy Zervigon is the CEO of Quantum XChange.
SpaceNews is committed to publishing our community’s diverse perspectives. Whether you’re an academic, executive, engineer or even just a concerned citizen of the cosmos, send your arguments and viewpoints to opinion (at) spacenews.com to be considered for publication online or in our next magazine. If you have something to submit, read some of our recent opinion articles and our submission guidelines to get a sense of what we’re looking for. The perspectives shared in these opinion articles are solely those of the authors and do not necessarily represent their employers or professional affiliations.
