Europe has taken a bold step into the future of space defence. For the first time in history, multiple satellites were used in a live cybersecurity competition, a groundbreaking effort to test and strengthen the cyber resilience of spacecraft orbiting Earth. The event, called CTRL+Space Capture-the-Flag (CTF), was hosted in the Netherlands and marks a milestone for global space security collaboration.
According to Orbital Today, the challenge was organized by D-Orbit and ethical hacking group mhackeroni, with support from the European Space Agency’s (ESA) Security Cyber Centre of Excellence and ESA Security Office. The competition concluded on 6 November 2025, symbolizing Europe’s growing commitment to protecting space assets from evolving cyber threats.
A First-of-Its-Kind Challenge in Orbit
This wasn’t just a simulation. The CTRL+Space CTF was the world’s first live, multi-satellite cybersecurity event — where ethical hackers interacted directly with operational satellites in orbit. The goal: to identify, analyze, and defend against potential attack vectors targeting real spacecraft systems.
Over 559 teams from around the world registered to compete in the qualifying round. Of these, 299 teams successfully solved at least one challenge, submitting 660 correct flags across 25 tasks crafted by mhackeroni. The final stage took place from 4–6 November at ESA’s ESTEC facility, coinciding with the Security for Space Systems (3S) conference.
Real Threats, Real Satellites
The finalists weren’t just answering theoretical questions — they were simulating live attacks and defences aboard satellites. Tasks included decoding telemetry data, sending command sequences, analyzing orbital positions, and probing onboard software for weaknesses.
This kind of hands-on experience mirrors the real-world challenges faced by space operators, where even a single misconfiguration or software bug can jeopardize critical systems and national security.
As Grazia Bibiano, D-Orbit’s Country Leader for Portugal, explained:
“Cybersecurity has become a fundamental pillar of the new space economy. At D-Orbit, we integrate it from the very first design stages because security cannot be an add-on — it must be built into the DNA of every system we send into orbit.”
Why It Matters
Space systems underpin essential global services — from GPS navigation and telecommunications to climate monitoring and defense operations. As more nations and private companies deploy satellites, the attack surface in orbit expands dramatically.
Europe’s first multi-satellite CTF signals a shift in mindset: space cybersecurity is no longer theoretical, it’s operational. By fostering collaboration among space agencies, cybersecurity professionals, and ethical hackers, Europe aims to build a framework of trust, transparency, and preparedness for future space missions.
For the Middle East and Africa (MEA), where several nations are investing heavily in space technology and satellite communications, this event offers valuable lessons. Integrating cybersecurity into spacecraft design, ground control systems, and data communication networks from the earliest stages is no longer optional, it’s mission-critical.
10 Recommendations for Security Teams in the Space and Critical Infrastructure Sectors
- Adopt a “Secure-by-Design” Approach: Embed security controls during system design, not after deployment.
- Implement Continuous Monitoring: Track satellite and ground station telemetry for anomalies.
- Conduct Regular Penetration Testing: Use ethical hacking exercises similar to CTFs for resilience assessment.
- Segment Ground Networks: Isolate mission-critical systems from public or corporate networks.
- Encrypt Data End-to-End: Ensure communication links between satellites and ground stations are secure.
- Update Firmware and Software Frequently: Prevent exploitation of known vulnerabilities.
- Apply Zero-Trust Principles: Verify every device and command before execution.
- Enhance Workforce Skills: Provide cybersecurity awareness training for mission operators and engineers.
- Collaborate Across Sectors: Build partnerships with private cybersecurity firms like Saintynet Cybersecurity for testing and consulting.
- Plan for Incident Response in Orbit: Develop detailed contingency playbooks for space-based cyber incidents.
Conclusion
The CTRL+Space challenge is more than a competition — it’s a wake-up call for the global space industry. Europe’s pioneering effort proves that real-time satellite cybersecurity testing is not only possible but essential. As satellites continue to shape our connected world, ensuring their security must be a shared mission between nations, industries, and ethical hackers alike.
The event’s success demonstrates that the future of space depends not just on rockets and orbits, but on resilience, collaboration, and the cybersecurity professionals defending our digital skies.
