When Moonraker Suddenly Feels Real: 
The Hidden Cyber Gap in Space

Introduction: Space Infrastructure and Cybersecurity Risks

Back in the late 1970s, Moonraker sent James Bond into orbit to save humanity. It was a pop-culture exaggeration. Today much of it reads like a sober analytical scenario. Modern societies – Europe, the United States, and increasingly the Global South – depend heavily on satellite communication, navigation, Earth observation, and space-based timing services. These are no longer niche technologies. They are the invisible utilities enabling logistics, finance, critical infrastructure and military operations.

The war in Ukraine made this tangible: Elon Musk’s Starlink constellation became a strategic asset overnight. The line between commercial innovation and national security interest has blurred.

Germany’s new Space Security Strategy, published in 2025, acknowledges this reality. It highlights that space is not merely a passive environment but a contested operational domain. As the document puts it, space is “not only a potential theatre of global conflict, but increasingly a domain in which disputes are actively pursued.” And because space is infrastructure, it is also an attack surface – especially in cyberspace.

The question now facing Germany, Europe and many other nations is whether cybersecurity will be embedded as a foundational principle of space policy or remain an afterthought.

Space and Cyber: Functionally Intertwined

The idea that space and cyberspace are separate domains is outdated. They are functionally welded together. Cyberattacks are now considered, alongside debris cascades and extreme solar storms, among the most plausible triggers for the failure of entire satellite systems. If such a collapse occurred, it would not be a national problem but a global shock.

This risk is not theoretical. Cybersecurity played almost no role in satellite mission design over the past decades. By contrast, kinetic anti-satellite weapons have attracted political attention because they are dramatic and visible. Yet the silent digital compromise of orbital systems is the more realistic danger; it is cheap, scalable, and widely accessible.

We distinguish two types of attacks:

Electronic interference, such as jamming or spoofing, disrupts radio links between satellites and ground stations. The political dimension of this has grown. In 2025, thirteen EU member states filed complaints to the European Commission over Russian jamming that interfered with aviation and maritime navigation.

Cyberattacks target the software and networks connected to space systems – mission control, ground segments, telemetry links, payload operations. The 2022 Viasat attack at the start of Russia’s full-scale invasion of Ukraine remains the clearest demonstration of how strategically decisive digital disruptions in orbit can be.

These are not European issues alone. The United States, Japan, India and even emerging spacefaring nations report similar concerns. The vulnerability is systemic.

Why Cybersecurity in Space Is Exceptionally Hard

Transferring terrestrial cybersecurity practices to space is not enough. The domain is structurally different.

First, supply chains are opaque.
Satellites integrate hundreds of components and software elements from global vendors. Maintaining full transparency over versions, updates, and vulnerabilities is nearly impossible. This is not a German problem; it affects NASA, ESA, commercial operators, and new entrants from the Middle East and Asia alike.

Second, commercial off-the-shelf components dominate.
They lower costs but increase uniformity. A vulnerability in widely used components becomes a global weakness, not a local one. This uniformity now extends across continents, SpaceX, OneWeb, Kuiper, European small-sat manufacturers, all sharing similar technological baselines.

Third, the attack surface spans three segments: the satellite, the ground infrastructure, and the communication link. Most countries have historically focused on ground station security. Orbital assets themselves remain unevenly protected, and encrypted communication – although improving – is still far from universal.

Fourth, satellites live a long time.
Ten to fifteen years in orbit means enduring unknown future threats. Hardware cannot be upgraded once deployed. No other critical infrastructure system locks in vulnerabilities for such long cycles.

This is not merely a technical challenge. It is an economic one. Space services underpin global supply chains, financial systems, and military capabilities. Their disruption would have cascading global effects.

Space Security Requires International Solutions

Germany’s new strategy is an important step. But space security is inherently international. No country, neither Germany nor even the United States nor China can secure the domain alone.

Three international implications stand out.

1. Space resilience is a global public good.

Norms and standards for secure on-orbit operations are essential. The EU, the U.S. and Japan are beginning to coordinate, but major gaps persist. China and Russia operate separate standards. India, South Korea and Gulf states are expanding rapidly but lack comprehensive cybersecurity frameworks for their space sectors. Almost everywhere, cybersecurity standards are addressed in the form of best practices or recommendations, but not as regulations or norms. The weakest regulatory regime becomes the global vulnerability.

2. Regulatory misalignment hampers resilience.

NIS2 classifies the space sector as critical infrastructure, but only the ground segment. Similar inconsistencies exist elsewhere: the U.S. has debated for years whether commercial satellites count as critical national infrastructure; many emerging space nations regulate launch facilities but ignore cybersecurity obligations for satellites in orbit.

A globally interoperable regulatory environment is needed akin to ICAO in aviation or IMO standards for maritime safety.

3. Space is now commercial and commercial operators set de facto standards.

Large constellations (Starlink, OneWeb, Kuiper) and a growing landscape of small-satellite providers shape the technological future of the domain. Their security practices vary, and national regulators struggle to keep pace. Additionally, an overview of these practices for the operator in the complex supply chain is a challenging task. Germany’s strategy rightly points out that industry must integrate cybersecurity as a business necessity. The same applies to operators worldwide. Market forces alone will not correct the problem.

Conclusion: Space Security Is Economic and Societal Security

The new German Space Security Strategy sets the right priorities, but it is only the beginning. To treat space as critical infrastructure means planning long-term, building redundancy, enforcing security-by-design principles, and ensuring close coordination between governments and industry.

Most importantly, it requires acknowledging that space is already militarized, commercialized and digitalized and therefore vulnerable. The decisive question for Germany, Europe, and all spacefaring nations is whether they take the digital risks as seriously as the geopolitical ones. Waiting for a major incident before upgrading collective resilience would be costly.

Watching Moonraker today, the special effects may feel dated. The underlying message does not: security in space is security on Earth. And as global economies depend ever more on orbital services, addressing the cyber gap in space will become a test of international resilience; one that no nation can afford to fail.

Prof. Dr. Tim Stuchtey is Professor of Cybersecurity Economics at the German University of Digital Science and Executive Director of the Brandenburg Institute for Society and Security (BIGS).

Esther Kern is a research fellow at BIGS.

An earlier version of this text appeared in German at Tagesspiegel Background Cybersecurity.