Cybersecurity in Space Is Hard; In Cislunar Space, It’s Really Hard

The distance between Earth and the Moon turns conventional cyber‑defense playbooks upside down. A round‑trip radio signal takes almost three seconds, and commands must be executed by onboard software without real‑time human oversight. Consequently, cislunar systems have to operate autonomously, embedding intrusion detection, patch management and fail‑safe logic directly into the spacecraft’s firmware. Because every sensor, telemetry stream and command link is software‑defined, the attack surface expands dramatically, making integrity verification a mission‑critical requirement.

Artemis’ multinational architecture amplifies those risks. More than 60 nations have signed the Artemis Accords, and private‑sector partners such as Firefly and Volta are supplying habitats, landers and orbital power grids. The diversity of security policies creates gaps that hostile actors can exploit, a concern echoed by former Air Force cyber analyst Matthew Lamanna, who urges a dedicated cybersecurity clause in the Accords. A 2024 GAO audit warned that NASA’s current guidance is advisory, not contractually binding, leaving critical lunar life‑support systems vulnerable to nation‑state and criminal threats.

Paradoxically, the very latency that hampers real‑time control can also deter common attacks. Christopher Stott of Lonestar Data notes that TCP/IP connections time out after seconds, rendering brute‑force password spraying ineffective across cislunar links. To keep data flowing, NASA and partners are deploying Delay/Disruption‑Tolerant Networking, while startups like Volta Space are building laser‑based power and high‑bandwidth optical links secured with Zero‑Trust principles. As commercial lunar ventures mature, embedding robust, interoperable cyber standards from the outset will be essential to protect both human life and the multibillion‑dollar investment in space infrastructure.