I wonder if this threat vector will change as more countries become space bound. Curious to see the JPL Security Coding Guidelines, whenever that is written.
AES-256 on both uplink and downlink sides. It's fast enough and the NSA thinks it's good enough. Put a timestamp inside the cleartext to prevent replay attacks and re-key the encryption module every so often to prevent cryptoanalysis from breaking your current key.