The official expressed concern that sensitive information — notably command data for European satellites — is unencrypted, because many were launched years ago without advanced onboard computers or encryption capabilities.

According to the article the satellites that were shadowed were:

Satellite Launch date RASCOM-QAF1R August 4, 2010 Eutelsat 3B July 2014 Eutelsat Konnect VHTS September 7, 2022 Astra 4A November 18, 2007 SES-5 July 9, 2012 Eutelsat KA-SAT 9A December 26, 2010 Eutelsat 9B January 30, 2016 Eutelsat 3C February 12, 2009

That wasn’t that long ago relative to encryption being done on computers.

I’m a software engineer in space and the things I’ve heard are astounding. Basically space software as a sector is super backwards and operated under a “We’re too far away to be hacked” mentality for way too long. Thankfully, that is changing, and the EU Space Act mandates cybersec in some cases

What I observe is not so much a “we’re too far away to be hacked” mentality, but rather a lackluster approach to software: “Software is just the cream on top that enables the real power of the hardware. So let’s have our hardware engineers do the software as a side exercise. Surely it can’t be that hard.” Then you get hardware engineers, most of whom are fucking stupid in terms of SW development, writing flight software.

My understanding is that in space systems, generally robustness trumps everything else, so old stable versions of everything are preferred. So it’s generally a very conservative software stack and process.