Europe has completed its first in-orbit cybersecurity competition, marking a new step in space defence collaboration. The CTRL+Space Capture-the-Flag (CTF) challenge, held in the Netherlands, was also the world’s first live event involving multiple satellites.
A New Kind of Space Security Test
Organised by D-Orbit and ethical hacking group mhackeroni, with backing from the ESA Security Cyber Centre of Excellence and ESA Security Office, the event aimed to strengthen Europe’s ability to protect spacecraft from cyber threats. D-Orbit confirmed the competition’s completion on 6 November.
Hundreds Compete for the Top Spot
Interest was high, with 559 teams registering for the qualifying round. Of those, 299 solved at least one challenge, submitting 660 correct flags across 25 tasks designed by mhackeroni. The live final took place from 4–6 November at ESA’s ESTEC facility during the Security for Space Systems (3S) conference. Five finalist teams faced real-time cybersecurity missions aboard an operational satellite.
Simulating Real Threats in Orbit
Contestants tackled challenges based on real spacecraft operations. They decoded telemetry data, sent command sequences, analysed orbital positions, and probed onboard software for vulnerabilities — all skills vital to protecting satellites in the real world.
Building Cyber Resilience in Space
“Cybersecurity has become a fundamental pillar of the new space economy. At D-Orbit, we integrate it from the very first design stages because security cannot be an add-on, it must be built into the DNA of every system we send into orbit,” said Grazia Bibiano, D-Orbit’s country leader for Portugal.
