{"id":182121,"date":"2026-01-27T15:49:00","date_gmt":"2026-01-27T20:49:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/"},"modified":"2026-01-27T15:55:07","modified_gmt":"2026-01-27T20:55:07","slug":"capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/","title":{"rendered":"Capture-the-Flag in Space: D-Orbit Shares Lessons from Cyber Competition"},"content":{"rendered":"<p><a href=\"https:\/\/www.satellitetoday.com\/cybersecurity\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/\">Capture-the-Flag in Space: D-Orbit Shares Lessons from Cyber Competition<\/a><\/p>\n<p><a href=\"https:\/\/www.satellitetoday.com\/cybersecurity\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/\">https:\/\/www.satellitetoday.com\/cybersecurity\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-27 15:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.satellitetoday.com\">www.satellitetoday.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n    Photo: Via Satellite illustration<br \/>\nLast year, D-Orbit took the game capture-the-flag to space, hosting a cybersecurity competition conducted on a real spacecraft in orbit. The Capture-the-Flag CTF) cybersecurity competition took place at the European Space Research and Technology Centre (ESTEC) in the Netherlands during the Security for Space Systems (3S) Conference. D-Orbit worked alongside the European Space Agency (ESA) and Mhackeroni.<br \/>\nGrazia Bibiano, Portugal country leader for D-Orbit told Via Satellite the event demonstrated awareness on security for space systems and a commitment in the industry towards cybersecurity in space. For the European space ecosystem, Bibiano said it showed a willingness to embrace a different approach towards the security landscape.<br \/>\nFive finalist teams \u2014 ENOFLAG, Superflat, RedRocket, CzechCyberTeam, and PoliTech \u2014 competed in real-time cybersecurity challenges aboard\u00a0ION Satellite Carrier, D-Orbit\u2019s orbital platform. They tackled security scenarios including interpreting real telemetry data, sending command sequences, and interacting with onboard software to uncover and exploit vulnerabilities in a controlled environment isolated from the satellite\u2019s commercial mission.<br \/>\nDavide Avanzi, head of product and space security for D-Orbit told Via Satellite that the key takeaway was bringing together different mindsets in the practical, hands-on based cybersecurity doctrine and the space sector.<br \/>\n\u201cIt turns out that hacking a space system is not like attacking any other IT system on the ground. We have seen that there are a set of unexpected constraints that come into play when you want to interact with a satellite and want to hack it, that you don\u2019t find anywhere else,\u201d Avanzi said.<br \/>\nThe competition aimed to have a different feel because of the space component. Avanzi said. It\u2019s rare that security teams are able to get hands-on experience with actual satellites in orbit. While it\u2019s possible to simulate certain conditions on the ground, it\u2019s not the same as the full space environment with real data. \u201cFor us, it is important to have a scenario that is as realistic as possible for the players of the competition, which then provides us with real data on how attack and defense operations would play out in a real world scenario,\u201d he said.<br \/>\n\u201cThese are different conditions to when they are on the ground. On the other hand, space systems engineering often follows a traditional approach towards cybersecurity which might not be enough in modern times, where space has become a defense domain. Businesses are not exempt from this. They often just focus on the defence of the perimeter of the system and it does not take account modern techniques and approaches that we have seen in this competition,\u201d Avanzi added.<br \/>\nAnother key takeaway, according to Avanzi, is that it is important not to consider a spacecraft or a space system as an isolated object with a single clear perimeter to defend. He believes the industry should adopt a more defense-in-depth approach adapting proven IT security practices into the space domain. This means moving towards a more zero trust approach even on board.<br \/>\n\u201cYou must not presume all the components on board a satellite are secure because you put them there. A supplier could be breached, for example. Another good thing to do is improve the visibility on board a satellite into what happens on the spacecraft and on the ground. This enables a better understanding of what is happening even when the satellite is not in direct contact with the ground. You can then introduce more autonomous defence mechanisms to respond to those cyber attacks on the satellite,\u201d he said.<br \/>\nThe goal of the competition was not to discover real vulnerabilities in its satellites and space systems, but rather to simulate research and investments into this field by raising awareness. D-Orbit had real-world scenarios in mind, so it wanted to show like how tiny implementation details can make existing protocols vulnerable and how communications can be eavesdropped and reverse engineered, even without knowing the details about the data exchange in a protocol. \u201cWe have shown that encryption is not the panacea to the protection of systems. We need a more defense-in-depth approach that we need to take into consideration when we design spacecraft,\u201d added Avanzi.<br \/>\nMoreover, one of the hardware challenges showed how a compromised component of a spacecraft could take control of other functions and cause vulnerability. It shows that supply chains are a critical point of failure. Even one single hardware component or software that goes into the satellite and is compromised, could put at risk the security of the whole system.<br \/>\n\u00a0Designing and implementing infrastructure needed to securely host this kind of event, showed the company the need to re-evaluate and rethink the whole threat model of its own space infrastructure, Bibiano said.<br \/>\n\u201cWe need to identify new scenarios that were not taken into consideration when we first designed our system. Beyond all of this, the high value collaborations we have built, helped us strengthen the relationships between the institutional space sector and new space community, bringing us closer together,\u201d she said.<br \/>\nThe participation in this event is another sign of growing interest from the cyber community in space related topics.<br \/>\n\u201cWe have also seen that the space community is not exempt from cyber attacks. If security was merely a national space domain in the past, it is now a shared responsibility in the private sector, especially for new space companies, which usually take a more commercial and customised approach to space missions,\u201d she said. \u201cAny poorly defended system could be a target for different types of attackers. So, companies are increasingly in the crosshairs of financially motivated threat actors, that are turning their eyes up to the sky.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Capture-the-Flag in Space: D-Orbit Shares Lessons from Cyber Competition https:\/\/www.satellitetoday.com\/cybersecurity\/2026\/01\/27\/capture-the-flag-in-space-d-orbit-shares-lessons-from-cyber-competition\/ Publish Date: 2026-01-27 15:49:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":182122,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.satellitetoday.com\/wp-content\/uploads\/2020\/09\/mzFZL7LxQji5WxD44KFn_VS_100120_Cover-Image_Security-Tech.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-182121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182121"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=182121"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182121\/revisions"}],"predecessor-version":[{"id":182123,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182121\/revisions\/182123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/182122"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=182121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=182121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=182121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}