Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-Riddle’s ARAPAIMA nanosatellite architecture, where we assume any off-the-shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt’s Cyber Physical - Attack Description Language (CP-ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-cost Root of Trust (RoT) Module, Global InfoTek’s Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.