The pace of commercial space innovation is extraordinary. Private satellites are being launched at unprecedented rates, reshaping how we communicate, gather intelligence, and respond to global events. What once belonged solely to the domain of sovereign defence agencies is now increasingly dependent on privately owned infrastructure.

This shift brings remarkable opportunity — but also significant risk.

With a background in both military operations and cybersecurity, I’ve seen first-hand how critical infrastructure can become an unintended vulnerability when strategic planning fails to keep pace with technological change. We’re now witnessing a similar pattern in the space domain.

Governments — including defence and intelligence agencies — are becoming increasingly reliant on commercial satellite systems for mission-critical functions: secure communications, situational awareness, and rapid data transfer. But many of these commercial providers were not designed with national security in mind. The result is growing dependency on infrastructure that may lack the cyber resilience, threat visibility, operational safeguards, and properly trained or vetted personnel required in a contested environment.

This raises an uncomfortable but necessary question: who carries responsibility when private space infrastructure becomes a de facto extension of a nation’s security apparatus?

In an increasingly volatile geopolitical landscape, adversaries will continue to seek asymmetrical advantages. A commercial satellite — its people, processes, or technology being insufficiently secured — becomes a tempting vector for disruption. Not just for espionage or sabotage, but as a broader tactic to destabilise or discredit.

This is not theoretical. We’ve already seen targeted attacks against satellite networks used in both military and humanitarian contexts. The Viasat breach in Ukraine was a clear example of how quickly a space-based system can be pulled into conflict — and how murky the waters become when private actors are at the centre of accountability and response.

In regions like the UAE and the broader MENA space — where investment in space technology is accelerating, and where governments are proactively positioning themselves as global leaders in innovation — there’s a real opportunity to get this right. By embedding cybersecurity requirements into manufacturing, licensing, procurement, and strategic planning frameworks, governments can set a new benchmark for integrated resilience. It’s what I call Secure by Default.

But it won’t happen by accident. It will require:

• Defining minimum cyber standards for commercial space operators involved in national or regional operations
• Establishing accountability frameworks that clarify who is responsible when systems fail or are compromised
• Building collaborative mechanisms between government, defence, and industry that enable shared threat intelligence and coordinated response
• Securing not just the design — but the manufacturing facilities and the people building the systems

Most importantly, it requires a mindset shift: recognising that space, cyber, and national security are no longer separate disciplines. They are interdependent — and our policies, strategies, and investments must reflect that reality. Space is borderless, and the rules of engagement have changed.

We have a window of opportunity to shape those rules before they’re written by crisis. The regions and nations that take this seriously — that build integrated, forward-thinking systems now — will be the ones best positioned to lead in an increasingly contested, digital-first world.