"Space Is Absolutely Contested": Interim Director Erik Mudrinich of UNL on Legal Convergence, Attribution in the Gray Zone, and Why the Next Crisis Will Require a New Kind of Attorney
In 1988, a 23-year-old graduate student at Cornell University named Robert Tappan Morris released a self-replicating program onto the early internet. Within 24 hours, roughly 6,000 of the 60,000 computers connected to the network had been disabled. Morris became the first person convicted under theComputer Fraud and Abuse Act, a statute passed just two years earlier. The law existed, in part, because legislators had watched the 1983 film WarGames and were alarmed that America had no legal framework for prosecuting unauthorized computer access.
Nearly two decades earlier, in 1967, the Outer Space Treaty was opened for signature during the Cold War, establishing the foundational rules for state activity in orbit. It prohibits nuclear weapons in space, prevents any nation from claiming sovereignty over celestial bodies, and requires signatories to conduct their activities with "due regard" for the interests of other states. As of 2025, approximately 114 countries are parties to it. Its language has not been substantially updated since the Johnson administration.
These two bodies of law — one governing a domain that barely existed when it was written, another drafted before any human had set foot on the moon — now converge on the same operational reality: nearly every space operation runs through cyber systems, and cyber threats to those systems can carry serious national security implications. The challenge is that most legal education treats them as separate subjects, if it covers them at all.
Erik M. Mudrinich spent 23 years as a judge advocate in the U.S. Air Force and Space Force, serving in senior legal positions at three combatant commands: U.S. Cyber Command, U.S. Strategic Command, and U.S. Space Command. His assignments included Deputy General Counsel at Space Command, Chief of International and Space Law at Space Operations Command, and Chief of Cyber Operations Law at Cyber Command and NSA. After retiring, he returned to his alma mater, the University of Nebraska College of Law, where he now serves as Acting Director of the Space, Cyber, and National Security Law Program, one of the only academic programs in the country that teaches all three disciplines as a unified field. He also founded Swede Space Solutions, a consultancy advising commercial space companies and defense organizations on regulatory compliance, export controls, and operational space law.
What follows is a conversation about legal frameworks that struggle to keep pace with the technology they were written to govern, commercial space companies that routinely stumble into national security territory without recognizing it, and what Zen Buddhism's concept of shoshin — the beginner's mind — has to do with practicing law at the edge of contested domains.
Space law and cybercrime law both emerged in response to technologies their authors could not have fully anticipated. What parallels do you see in how these two bodies of law developed, and does one offer lessons for the other?
Most people do not realize that space law predates cybercrime law by two decades. The Outer Space Treaty was ratified in 1967. The Computer Fraud and Abuse Act arrived in 1986. Both were reactions to specific moments of anxiety: the Treaty to Cold War nuclear escalation, the CFAA to a growing awareness that networked computers could be exploited in ways that existing criminal statutes could not address. And both, as Mudrinich notes, face new challenges that have only deepened with time.
Mudrinich's own career illustrates the pattern. He graduated from law school in 1999, when Windows 95 was still prevalent, and his law school offered a single one-credit elective called "Internet Law." His early interest in international law, shaped in part by both parents being from Germany, led him to the Air Force JAG Corps. For his first decade, he worked as a military prosecutor and defense counsel. Many of those cases involved computer crimes. At the same time, he was following the peer-to-peer music-sharing wars, Napster, Kazaa, LimeWire, and the legal questions they raised about digital property and unauthorized access. A formative moment came at the Department of Defense Cybercrime Conference, an annual gathering that mixed law enforcement, DoD participants, and hackers. "I went to that conference and became really enthralled with computer technology," he says. The Air Force then sent him to the University of Nebraska for an LL.M. in space, cyber, and telecommunications law. "That's really the huge pivot of my career, where I had found an area that I was hyper-interested in."
The structural parallel between space law and cyber law is something he now teaches to his students.
"The law usually follows the technology," Mudrinich says. "There's always a bit of a lag, especially when you have emerging technologies." The Outer Space Treaty has been in effect for nearly 60 years, and its core principles remain relevant. But the friction now is application. How do rules written for an era of state-sponsored rockets and orbital science experiments apply to rendezvous and proximity operations, on-orbit satellite servicing, or commercial resource extraction?
The same pattern played out in cyber. The CFAA was narrowly scoped when it passed, covering mainly government and financial institution computers. It took the Morris Worm incident and subsequent amendments to begin expanding its reach. Even now, as Mudrinich points out, artificial intelligence is generating new categories of cybercrime faster than legislatures can respond.
"I tell the students that law follows the code in the cyber realm," he says. The observation applies equally to space. In both domains, the technology sets the pace, and the legal framework adjusts after the fact. The question for practitioners is how to operate effectively in the gap as the law catches up.
The Nebraska program teaches space, cyber, and national security law as interconnected disciplines. Most schools, if they cover these areas at all, treat them separately. What gets lost when you only have one piece of the puzzle?
The Space, Cyber, and National Security Law Program at the University of Nebraska has operated since 2008, making it one of the earliest academic programs to recognize the convergence of these fields. It offers J.D., LL.M., and J.S.D. degree tracks and has contributed to applied research through initiatives like the Woomera Manual on the International Law of Military Space Activities and Operations, published by Oxford University Press in 2024, which represents the first comprehensive treatise on existing international law governing military conduct in space.
Mudrinich is an alumnus of the program, having completed his LL.M. there in 2011. After retiring from the military, the school asked him to return as an adjunct professor, and he now teaches National Security Law, National Security Space Law, and International Cybersecurity while guiding the program's strategic direction as interim director.
The core of his argument is simple and informed by decades of operational experience. These domains do not operate in isolation, and the attorneys advising on them should not be educated in isolation either.
"You rarely have any sort of space operations without cyber underpinning it, or vice versa," Mudrinich says. "And both of those domains have significant national security consequences." At most law schools, a student might encounter a standalone cyber course or, more rarely, a mini-course on space law. But these offerings are not connected. The result, in Mudrinich's view, is attorneys who can advise on one piece of a problem but miss the full context.
"If you only understand one piece of the problem, you're going to give incomplete counsel to your clients, or you can become overly confident in one particular area and not see potential pitfalls in another." He frames it as a matter of professional competence. An attorney advising a commercial space company on satellite operations who does not understand the cyber vulnerabilities of those systems, or the national security implications of their products, is operating with blind spots.
What he is building at Nebraska, in practical terms, is a generation of lawyers who can walk into a meeting at the Pentagon, a commercial space company boardroom, or an international negotiation and understand the full terrain. "My understanding of cyber helps me be more effective when I advise clients on space," he says. "And my expertise in space helps me do the reverse." The cross-pollination is not incidental. It is, he argues, the baseline requirement for competent legal practice in these fields.
The Nebraska program hosts conferences across the United States and is internationally known for its flagship event, the Washington, D.C. Space Law Conference, and has hosted events with U.S. Strategic Command, U.S. Space Command, and partners across the Department of Defense. It is one of only a handful of programs worldwide operating at this intersection, alongside institutions like McGill University and the University of Leiden. The program maintains an active presence on LinkedIn.
Technology outpaces legal frameworks in virtually every domain. In space and cyber, the pace is accelerating. How do you build legal systems with enough foresight to remain relevant as capabilities change?
This is the question that practitioners in both space and cyber law confront daily, and it does not have a clean answer. The pace of development in artificial intelligence alone has outstripped most regulatory bodies to keep up. Space is experiencing a parallel acceleration: commercial companies are developing capabilities that would have been the exclusive province of nation-states a decade ago, from on-orbit satellite servicing to rendezvous and proximity operations to asteroid mining. Each new capability introduces legal questions that existing frameworks were not designed to address.
Mudrinich describes a methodology. Part of it is structural. He treats collaboration as a professional necessity — maintaining a network of people working in adjacent areas and using newsletters, conferences, and professional communities to stay current. The field moves too fast to track alone.
Part of it is attitudinal. "If you find an area that you're interested in, your curiosity is like an engine," he says. "It pushes you forward fairly quickly."
He practices what he preaches. He uses a discipline he calls "batch reading" — devoting an entire month to deep reading on a single topic. One month might focus on cyber operations, another on rendezvous and proximity operations. The method forces depth rather than surface familiarity with any given subject.
And part of it is analytical. Mudrinich is not an engineer or a programmer, and he does not pretend to be. But he maintains enough technical fluency to understand how new technologies work, and then asks the follow-on question: "What are the legal implications of this technology? What are the regulatory gaps?"
The ability to spot legal issues in emerging technology is a core skill he tries to develop in his students. "The only way to do that is to maintain curiosity and a community, and to look at things every single day as they're coming out." It is, in his framing, less a matter of building perfect legal systems and more a matter of training practitioners who can think clearly under conditions of uncertainty.
Spoofing attacks, jamming, and other forms of electronic interference in space have surged dramatically. Attribution is difficult by design. How do you build legal frameworks around acts that are essentially deniable?
The escalation in non-kinetic interference with space systems has been well documented. GPS spoofing attacks on commercial aviation increased dramatically through 2024, and similar techniques have been directed at commercial and military shipping. These activities occupy what Mudrinich and other practitioners refer to as the "gray zone" in international law: below the threshold of armed attack, difficult to attribute with confidence, and designed to be deniable.
The attribution challenge is not unique to space. Terrestrial cyber operations face the same structural problem. Adversaries use onion routing, VPNs, and compromised intermediary systems to obscure their identity. In space, the toolkit is different, involving jamming, spoofing, dazzling, and rendezvous operations that can be ambiguously characterized. Still, the effect is the same: it is difficult to determine who did what, from where, and with what intent.
The legal frameworks under consideration include the Outer Space Treaty's Article IX provisions on "due regard" and "harmful interference," evolving norms of responsible behavior in space, and ongoing efforts to define which specific behaviors warrant monitoring, response, or legal consequences.
Companies like True Anomaly, which has developed its Jackal autonomous orbital vehicle for rendezvous and proximity operations, represent the dual-use dimension of this challenge. Technologies built to inspect debris or monitor the orbital environment can, in different hands, serve as counterspace weapons. Space domain awareness, the ability to see and understand what is happening in orbit, is a precondition for any legal framework to function. Without the ability to observe and attribute behavior, rules remain abstract.
Mudrinich frames it plainly for his students: "Space is absolutely contested now. It's congested, it's complex, and these new technologies, a lot of them dual use or commercial, are really challenging these frameworks." The parallels between attribution challenges in cyber and attribution challenges in space, he suggests, offer a useful lens. Practitioners who understand both domains are better positioned to advise on either.
The international dimension adds another layer. I asked whether any allied nations have frameworks the U.S. could learn from. Mudrinich notes that most allied countries share broadly similar views on obligations under the Outer Space Treaty and have developed tenets of responsible behavior in space. NATO has recently become more involved in space security and cybersecurity, issuing strategies for how the alliance should approach these domains. The practical emphasis, he says, is on sharing information, sharing space-domain awareness, calling out malicious or dangerous behavior, and avoiding actions that could degrade the environment long-term. The United States and its allies are generally in close coordination on these matters, but coordination and enforceable legal frameworks are not the same thing. The gap between norms and consequences remains wide.
Commercial space companies often develop technologies they consider purely commercial, only to discover they have national security implications. What patterns do you see, and where do companies most often get caught off guard?
Mudrinich advises organizations across the commercial space spectrum, from early-stage startups to established industry players. Through that work, he has observed a recurring pattern: companies develop a capability with genuine enthusiasm and purely commercial intent, and then encounter regulatory constraints they did not anticipate.
He identifies three areas where this most commonly occurs.
The first is export controls. A startup develops an on-orbit servicing capability and views it as exclusively commercial. Then it seeks to partner with an international entity or sell to a foreign company and encounters the International Traffic in Arms Regulations and, depending on the technology, the Export Administration Regulations governing dual-use items. "They realize their technology can be potentially dual use," Mudrinich says, "and then they kind of step across that line of, now we're in national security territory." The U.S. Space Force is among the largest government clients in sectors such as launch and satellite communications, making it difficult to draw a clear line between commercial and defense applications.
The second involves data. Companies collecting imagery or sensor data from orbit face questions about how that data is gathered, who can purchase it, and under what regulatory conditions. The national security implications of space-derived data — particularly high-resolution Earth observation — are significant and not always obvious to founders focused on commercial markets.
The third, and perhaps the most consequential, involves proximity operations and space domain awareness. Companies developing technologies to repair, refuel, or inspect satellites are building capabilities with inherent dual-use potential. "Those same technologies can also be used as a counter-space threat," Mudrinich notes. "That dual use can put them squarely in a national security conversation, whether they intended their technology to be there or not."
His advice is consistent: bring legal counsel who understands both the commercial and national security landscapes into the conversation early. "If you're able to do that with an attorney being your guide, it's a competitive advantage," he says. In his experience, companies that delay this step spend months correcting compliance problems that early engagement could have prevented. Those that engage early can navigate the regulatory environment proactively — a strategic asset, not a burden.
You describe yourself as a student of Buddhist and Stoic philosophy. That is not an obvious background for national security law. How do these frameworks shape the way you approach legal questions in contested domains?
This was, in a sense, the most unexpected part of our conversation. The national security space is not typically associated with contemplative philosophy. But Mudrinich's interest is genuine, long-standing, and, as he describes it, deeply practical.
"Philosophy brings a foundation to any sort of work that you do," he says. "It brings your ethics and your values and a sense of compassion into the things that you do." He studied philosophy as an undergraduate at St. Olaf College before attending law school, and the thread has run through his career since.
The Stoic dimension is about operational clarity. Marcus Aurelius, Epictetus, and the broader tradition emphasize distinguishing between what is within your control and what is not. For a military attorney working in high-tempo environments, this distinction is not abstract. "What you can do is impact the things that you can control." The framework also provides, as he puts it, "a sense of calm when things can be incredibly high-paced or stressful."
The Buddhist dimension is about awareness and presence. It is, in practical terms, about listening. "Having a beginner's mind when you're approaching things" comes from Shunryu Suzuki, the Zen monk who taught that a student's mind, open and unassuming, is more valuable than an expert's certainty. Mudrinich applies this directly to legal practice: approaching problems without the assumption that you already know the answer, listening to contrary perspectives, and resisting the impulse to default to confidence when the situation calls for curiosity.
He connects it to Rick Rubin's The Creative Act. "When you start reading about consciousness and how people think, you can bring that to the technical world." The argument is that the human element underlies everything in these domains. Artificial intelligence, cyber operations, and space systems are all, ultimately, governed by human decision-makers. "Having people who are grounded and who can listen and who can take pause before making important decisions is a really strong asset," he says. "I think, certainly for national security, having those viewpoints makes for a safer global environment."
The logic holds. In domains where decisions carry consequences measured in geopolitical risk, the ability to remain calm, listen carefully, and resist premature certainty is not a philosophical luxury. It is, in his framing, a professional requirement.
What would you say to a law student who is interested in space, cyber, or national security law but does not know where to start?
"I think a lot of students are interested in these areas, but perhaps are reticent about reaching out and finding out more," Mudrinich says. His advice is straightforward, and it echoes something I have heard from nearly every person I have interviewed for Sirotin Intelligence: the barrier is almost always psychological, not structural.
LinkedIn, he points out, is a remarkably effective tool for this. Not just for job searching, but for direct outreach. "In my experience, 90% of people are more than happy to speak with you and walk through what it's like working in this sector, or here are some pitfalls, or here's a curriculum that you can follow." He practices this himself, taking calls regularly with students from around the world who reach out through the platform.
The advice extends to identifying a specific curiosity and following it. Programs like the Nebraska Space, Cyber, and National Security Law Program exist precisely for this purpose, but formal education is only one path. Reading voraciously, attending conferences, subscribing to newsletters, and staying engaged with the practitioner community are all accessible starting points.
"Approaching people with a sense of humility and a sense of curiosity" is, in Mudrinich's view, the common thread. The tools to connect are free. The willingness to use them is the variable.
Looking ahead five years, how do you see space law evolving as the domain becomes more contested?
Mudrinich was present for two of the most significant institutional milestones in military space history: the stand-up of U.S. Space Command and the activation of the U.S. Space Force. That experience informs a forward-looking view that is less speculative than it is observational. He sees the trends already in motion and projects them forward.
"Space has been a contested domain for quite some time," he says. What changes over the next five years is the density and sophistication of activity. In-space Servicing, Assembly, and Manufacturing (ISAM) will mature. Lunar exploration will intensify, along with the potential exploitation of extraterrestrial resources. Companies like AstroForge are developing asteroid-mining technologies that will test the boundaries of Article II of the Outer Space Treaty, which prohibits national appropriation of celestial bodies but leaves the legality of commercial resource extraction in doubt. More nations will develop dedicated space forces and command structures, following the precedent set by the United States with the Space Force and its operational Deltas.
"The Outer Space Treaty underpins all these technologies, and now it's really how actors are going to be moving forth and conducting themselves," he says.
The treaty itself is unlikely to be replaced. No successor instrument commands the political conditions that made the OST possible in 1967. What will evolve is interpretation, application, and the slow accumulation of norms designed to fill the space between what the treaty says and what current technology makes possible.
Cross-domain legal competence — the argument that runs through Mudrinich's academic work — will only become more important. "Understanding national security law, understanding cyber and AI, and understanding space capabilities and how all three of those things can influence each other," he says, is a strength for attorneys entering this field.
The commercial sector's role will continue to expand, and with it the complications. More companies will find themselves operating in the space between commercial innovation and national security sensitivity. The attorneys who can navigate that terrain with fluency across all three domains will, in Mudrinich's assessment, be the most valuable practitioners in the field.
Author's Analysis
It is 2030. A commercial space company headquartered in Austin, Texas, has just completed a successful on-orbit refueling demonstration, extending the life of a geostationary communications satellite by four years. The technology is elegant, the business case is sound, and three allied nations have expressed interest in licensing the platform for their own constellations. The company's general counsel, a graduate of Nebraska's Space, Cyber, and National Security Law program, flags a problem during the partnership review: one of the prospective licensees plans to sublicense the refueling adapter to a third country whose space agency has undisclosed ties to a sanctioned military program. The export control implications are significant. The ITAR re-transfer analysis alone will take months. Meanwhile, intelligence reports indicate that a foreign adversary has begun maneuvering an inspector satellite toward the newly refueled asset, testing proximity thresholds in what appears to be a gray-zone operation.
The company's leadership faces a decision that requires fluency in commercial space regulation, export control law, international treaty obligations, cyber vulnerabilities in the satellite's command-and-control architecture, and the national security implications of the proximity operation. In the recent past, each dimension would have required separate counsel. A single attorney trained in cross-domain practice can now see the full picture and advise accordingly.
Mudrinich's argument is not that every attorney needs to become an expert in space, cyber, and national security law simultaneously. It is that the boundaries between these fields are dissolving faster than most institutions have recognized, and the practitioners who understand the interactions will be the ones who prevent the most consequential mistakes. The question is whether legal education will adapt to that reality before events force the issue — or whether the next generation of space lawyers will learn cross-domain competence the hard way: in the middle of a crisis, with incomplete information and no time to consult a second specialist.
About Erik M. Mudrinich
Erik M. Mudrinich is the Interim Director of the Space, Cyber, and National Security Law Program (LinkedIn) at the University of Nebraska College of Law and founder of Swede Space Solutions. His career includes 23 years as a judge advocate and military officer, with senior legal positions at U.S. Cyber Command, U.S. Strategic Command, and U.S. Space Command. Key assignments include Deputy General Counsel at U.S. Space Command, Chief of International and Space Law at Space Operations Command, and Chief of Cyber Operations Law at U.S. Cyber Command/NSA. He holds an LL.M. in Space, Cyber, and Telecommunications Law from the University of Nebraska (2011), a J.D. from Mitchell Hamline School of Law (1999), and a B.A. in Political Science from St. Olaf College (1996). He teaches National Security Law, National Security Space Law, and International Cybersecurity, drawing directly on operational experience to prepare students for legal challenges across government, industry, and international practice. The Nebraska program hosts international conferences and contributes applied research through initiatives such as the Woomera Manual on the International Law of Military Space Activities and Operations.
Get exclusive insights from our network of NASA veterans, DARPA program managers, and space industry pioneers. Weekly. No jargon.