"We Don't Understand How Interconnected Everything Is Until It All Falls Apart": Ulpia Elena Botezatu on Space as the Ultimate Domino, Why Cyber Attackers Target the Links Not the Satellites, and the Terrifying Beauty of Invisible Warfare

You're standing in line at Starbucks. Your card gets declined. Annoying, but whatever—you'll use cash. Except the ATM across the street is frozen. The traffic lights are blinking randomly. Your phone has no signal. The subway isn't running. Within hours, food is rotting in powerless refrigerators across the city.

This isn't a movie. It's what happens when someone decides to flip the switch on our space infrastructure. And according to Ulpia Elena Botezatu, Chair of the UN Committee on the Peaceful Uses of Outer Space Scientific and Technical Subcommittee, we're completely unprepared for what's coming.

"Life will be suspended as we know it," Botezatu tells me from a car heading to the airport, her schedule so packed she's conducting this interview while in transit to China, then Australia. "We won't have banking transactions. We won't have urban transportation. We won't have energy grids. We won't have anything."

This stark assessment comes from someone who occupies a rare position in the global space security apparatus. Botezatu isn't just another bureaucrat warning about theoretical threats. She's the person trying to get rival nations to sit at the same table and admit what they're building on the Moon. Her days are spent watching China, Russia, and the U.S. race to establish lunar footholds while the rest of the world pretends there are rules. Through her work coordinating European radars that track everything in orbit via the EU SST Partnership, she sees patterns that terrify her—not because of what we know, but because of what we don't.

"There's a massive disconnection between cybersecurity professionals and space technologists," she explains, choosing her words carefully—she's representing 95 member states, after all. "The IT security experts don't understand that space systems have ground segments, uplinks, downlinks—which are probably the most exposed components. Meanwhile, the space engineers aren't fully aware of the cybersecurity implications. They can't connect the dots."

Translation: The people protecting us from cyber attacks don't understand space. The people running our space systems don't understand cyber. And in that gap—that massive, gaping blind spot—lies the end of modern civilization as we know it.

As Chair of UN COPUOS STSc and someone at the forefront of space cybersecurity, what are the most critical vulnerabilities in our space infrastructure that keep you up at night? Which attack vectors are nation-states not adequately preparing for, and why is the international community struggling to address them?

"Let me provide some context about my current work," Botezatu begins, speaking quickly as her car navigates to the airport. "I've transitioned from being a researcher to doing representational work—basically facilitating dialogue between governments and member states at the UN. From that vantage point, though, I see a core problem."

After a pause to gather her thoughts, she dives into the heart of the issue. "This field of space cybersecurity is definitely emerging, but we haven't had deep enough conversations to confidently say we've got this under control. The disconnect I mentioned earlier is massive. While it's increasingly being addressed, we're not there yet."

Traditional security discussions have focused on obvious vulnerabilities, yet Botezatu sees a more complex threat landscape taking shape. "Most discussions I've heard center on the ground segment and supply chain vulnerabilities. The narrative goes: if a cyber attack happens, we lose everything—banking, transportation, energy grids." This awareness, she notes, came from American military exercises like 'A Day Without Space,' where they mapped system interdependencies.

The U.S. military's "Day Without Space" exercises, first conducted in the early 2000s, exposed shocking dependencies that most civilians never consider. GPS outages would affect everything from ATM transactions to power grid synchronization within hours. These exercises revealed that GPS timing signals serve as the invisible heartbeat for cellular networks, financial systems, and electrical grids.

Beyond these known vulnerabilities lie emerging threats that are getting insufficient attention. "The radio frequency domain is growing as a major concern," Botezatu explains. "We're seeing jurisdictional overlap between the International Telecommunication Union and UN COPUOS, creating gray areas nobody properly oversees. The ITU is driven by commercial entities, while UN COPUOS represents member states. Different perspectives, different languages, but the same critical vulnerabilities."

Technical threats are evolving faster than governance can keep pace. "Software-defined payloads offer tremendous flexibility but also tremendous risk," she warns. "We're seeing new forms of jamming and spoofing—not the crude interference of the past, but sophisticated uplink intrusions, signal manipulations, cross-link abuses. These attacks are becoming increasingly cheap and easy to automate."

Unlike traditional satellites with fixed functions, software-defined satellites can be reprogrammed in orbit—a capability that presents both promise and peril. The European Space Agency's OPS-SAT, launched in 2019, demonstrated this duality when it became the first satellite to be intentionally "hacked" as part of a security exercise.

Making matters worse, organizational weaknesses compound these technical vulnerabilities. "Nations struggle to link the cyber and space domains," Botezatu observes. "They fail to express the need for integrated approaches. We have these closed rooms—industry in one, experts in another, NGOs somewhere else, member states in their own bubble. We need genuine dialogue, not theater."

Your work bridges urban critical infrastructure resilience with space security. If a sophisticated adversary launched a coordinated cyber attack targeting both terrestrial and space-based infrastructure simultaneously, walk us through the cascade effects. What would break first, and how would it ripple through society?

"This scenario would be catastrophic," Botezatu says without hesitation. "Let me paint you a picture based on what we've already seen at smaller scales. If all satellite systems failed simultaneously, we'd experience complete chaos."

To illustrate the cascade, she draws from recent history. "Remember the blackout on the U.S. East Coast? I believe it was around 2008," she recalls, though she's actually referencing an earlier event. "It was just an energy grid failure, but it showed us what infrastructure collapse looks like."

The 2003 Northeast blackout affected 55 million people across eight U.S. states and Ontario, Canada. What began as a software bug in an alarm system at FirstEnergy Corporation in Ohio spiraled into something far worse. The bug failed to alert operators to the need to redistribute power loads. Within hours, cascading failures shut down 508 generating units at 265 power plants.

"In New York, it was chaos," Botezatu continues. "The internet was flooded with images of people stranded everywhere. Street lights failed. Subways stopped. Trains halted." Each failure triggered another. "People couldn't buy food because card readers weren't working. ATMs were dead, so no cash either. Food began rotting in stores without refrigeration. In homes, obviously no electricity meant no heat or air conditioning, no refrigerators, no TV, no internet. Everything collapsed in a domino effect."

Community resilience eventually emerged, though not immediately. "After about twenty hours—a day and a half—communities started self-organizing at a grassroots level. People figured out small-scale ways to survive." Yet she warns that was years ago, when our dependencies were simpler. "Today, the situation would be exponentially worse."

Modern interconnectedness has created new layers of vulnerability. "Our level of connection has deepened dramatically. We now have AI systems dependent on constant connectivity. We're living in a system of systems where vulnerabilities propagate instantly. The risks cascade through networks we don't fully understand."

Recent events underscore this cascading vulnerability. The 2021 Colonial Pipeline ransomware attack shut down the largest fuel pipeline in the U.S., causing gas shortages across the East Coast. Notably, the attack didn't target the pipeline's operational technology directly—it hit the billing system. Nevertheless, the company shut down operations as a precaution, demonstrating how cyber and physical systems are now inseparably linked.

With your involvement in the ATLAC initiative for lunar governance, we're entering uncharted territory. What cybersecurity nightmares await us on the Moon that don't exist in Earth orbit? How could adversaries exploit the current legal vacuum in lunar activities to establish strategic advantages?

"We're moving Earth's orbital challenges into truly uncharted territory," Botezatu begins. "Currently, only a handful of countries possess or are developing lunar capabilities. Soon, though, we'll see more actors—not just nation-states, but commercial entities, research institutions, even individuals with sufficient resources."

This expansion carries inherent tensions. "It's a double-edged sword," she acknowledges. "We need to explore, to push boundaries, to discover what the universe offers. Yet we don't know what conflicts might emerge or what vulnerabilities we're creating."

Remarkably, lunar cybersecurity discussions remain virtually non-existent. "In ATLAC, we haven't even reached the point of discussing lunar cybersecurity seriously," Botezatu admits. "I know there are conversations happening at the UN's International Committee on Global Navigation Satellite Systems about extending GNSS to lunar operations. The ITU discusses radio frequencies for lunar and cislunar space. These efforts, however, remain fragmented."

Current governance frameworks are already showing their limitations. The Artemis Accords, signed by over 30 nations as of 2024, attempt to establish principles for lunar exploration but notably lack specific cybersecurity provisions. Meanwhile, China and Russia's competing International Lunar Research Station initiative creates a parallel governance structure, further fragmenting oversight.

"We face complex jurisdictional challenges regarding the Moon," Botezatu explains. "In ATLAC, we're still figuring out how to get government, commercial, and academic stakeholders at the same table. We can't even get certain member states—I won't name them—to share basic information about their lunar operations."

Without coordination, risks multiply. "We desperately need a global coordination system for lunar activities," she insists. "For our October intersession, we're trying to encourage member states to share their lunar plans—when they're going, where they're landing, what they're doing. We might start with countries simply bragging about their capabilities. Hopefully, that leads to mapping real challenges and building cooperation."

The UN's structure offers a specific advantage here. "At the UN, every nation has one vote. We're all equal in that room," Botezatu points out. "That creates opportunities for dialogue that don't exist elsewhere. We need to leverage that equality to build consensus before it's too late."

Already, the stakes are becoming clear. China's Chang'e missions have demonstrated sophisticated lunar capabilities, including the first soft landing on the far side. SpaceX's Starship, designed for lunar missions, could enable rapid commercial development. Without cybersecurity frameworks, these capabilities could easily be weaponized or compromised.

Drawing from your experience with ESA, EU_SST Partnership, and ISO standards, there's clearly a push for international cooperation. But realistically, how do we achieve meaningful space cybersecurity collaboration when nations view space as a warfighting domain? What happens when standards meet realpolitik?

"Each organization I work with has different dynamics and degrees of success," Botezatu explains. "The EU Space Surveillance and Tracking partnership, for instance, includes 15 member states—soon to be 19. We pool our space situational awareness capabilities, sharing sensor data from radars and telescopes worldwide." Their mission is clear: "We track objects not in public catalogs, basically watching everything happening in orbit. The message is clear: we're united in this effort."

This unity requires careful balance. "It's an EU initiative with EU funding, but we maintain dialogue with the United States, Japan, and other partners," she notes. "Not in a military alliance sense, but as genuine civilian cooperation. Military personnel participate from various defense ministries, but civilians lead. It's not about fighting back—it's about developing capabilities and maintaining presence."

ESA takes this civilian approach even further. "ESA is strictly civilian," Botezatu confirms. "Unlike EU SST, where member states have both space agency and defense representatives, ESA avoids military involvement entirely. As a delegate to ESA's International Security Committee, I can confirm we only discuss military matters tangentially, such as addressing the impacts of Russia's aggression against Ukraine."

ISO standards reveal another dimension of cooperation—how technical collaboration can transcend, or stumble over, politics. "ISO is basically the UN of standardization," she explains. "Technical experts drive the process of defining standards, which should be apolitical. During voting, though, you see the politics emerge—who votes with whom, what alliances form."

A recent incident illustrates how easily cooperation can derail. "The United States found itself in tension with the European Union, Japan, and the UK over space traffic coordination standards," Botezatu recalls. "The conflict arose from misunderstandings about what the standards meant and how much authority each nation could exercise. Poor communication led to a year-long delay. Ultimately, though, it resulted in better standards."

Despite challenges, successful models exist. The Space Data Association, an industry-led organization sharing satellite position data, proves that cooperation is possible even among competitors. Members include traditional rivals like Intelsat, SES, and Inmarsat, demonstrating that mutual benefit can overcome competitive tensions.

After two years chairing the UN COPUOS Scientific and Technical Subcommittee, Botezatu has reached a cautiously optimistic conclusion. "Various formats and languages exist for cooperation," she observes. "While languages differ and definitions vary—especially between non-communicating countries—everyone wants to know what others are doing. Everyone wants to share their activities and learn about others' plans."

Her experience has been consistent: "I've never encountered a situation where someone refused to share anything. Everyone wants to talk." Political reality, however, creates friction. "Our complicated geopolitical context creates barriers. Political tensions infiltrate what should be technical discussions. Still, the desire for dialogue persists."

Your research focuses on SSA and space infrastructure resilience. Paint us a scenario where a non-kinetic cyber attack creates the same strategic effect as destroying satellites physically. What makes cyber attacks particularly attractive for adversaries who want deniability?

"Think of cyber as the new anti-satellite weapon, but far more accessible," Botezatu begins. "A skilled hacker—not an ethical one, but a black hat—can hijack aviation systems, maritime networks, emergency services. They can compromise SATCOM coverage, destroy GNSS integrity. The possibilities are extensive."

What makes these weapons particularly dangerous is their unpredictability. "With traditional anti-satellite weapons, we understand the damage potential. It's predictable, measurable," she explains. "But with cyber attacks, we can't fully map the cascading effects—the secondary, tertiary impacts. The domino effect might surprise even the attackers."

Economics alone make cyber warfare compelling. "Cyber attacks are attractive because they're cheap while causing disproportionate damage," Botezatu notes. "The level of systemic failure and societal disruption they create is massive compared to the investment required."

Beyond cost-effectiveness lies another advantage: deniability. "They offer plausible deniability," she continues. "Someone could alter GPS signals slightly—just enough to create chaos without obvious attribution. They could weaponize commercial satellites like Starlink." Evidence already exists of such attempts. "We know Russia has targeted Musk's satellites, but the response has been limited to patching. That reveals how seriously we're not taking this threat."

The 2022 Viasat cyberattack, which coincided with Russia's invasion of Ukraine, provides a concrete example. The attack disrupted internet service for tens of thousands of customers across Europe, affecting everything from wind farms in Germany to internet users in France—demonstrating how cyber attacks on space assets can have immediate, widespread terrestrial impacts.

Satellites face particular vulnerabilities due to their isolation. "Satellites are particularly exposed because they're isolated in orbit," Botezatu points out. "You can't physically access them for repairs like terrestrial servers. They need comprehensive security architecture, not just patches." Paradoxically, she suggests, "Securing satellites might be simpler than securing sprawling data centers—if we actually committed to doing it."

Looking at the convergence of your expertise - from urban security to space cybersecurity to lunar governance - what's the most dangerous blind spot in how we're approaching critical infrastructure protection? If you had unlimited resources and authority, what would you fix first to prevent catastrophic failure?

"Your question touches on my PhD thesis, where I connected urban and space domains," Botezatu reveals. "When we discuss urban systems, we mean everything—all infrastructure. When we discuss space, same thing. I basically wrote a thesis about everything and how it connects."

Her conclusion cuts to the core of our vulnerability. "The blind spot is our failure to connect the dots. We haven't achieved a full understanding of how systems of systems interact, how complex they've become." The scale of the problem defies comprehension. "It's impossible to protect everything. It's impossible to even map all vulnerabilities. We've lost the battle of complete understanding. We can't trace every signal, can't control every pathway."

This reality has forced a philosophical shift in security thinking. "At some point, security practice shifted from prevention to resilience," she explains. "We accepted that we can't protect against everything. Instead, we focus on bouncing back—returning to normalcy in reasonable time with reasonable resources, regardless of what hits us."

This concept of resilience over prevention echoes evolving thinking across multiple disciplines. The Stockholm Resilience Centre defines resilience as the capacity to deal with change and continue to develop—a definition now increasingly applied to critical infrastructure worldwide.

"The core issue is interdependency between incredibly complex systems," Botezatu continues, "from cloud computing to ground stations to spacecraft to end users." To illustrate, she brings it down to human scale: "Consider a person's day: turning on lights, checking phones, calling family. Every action connects to cyber and space systems." The full picture is overwhelming. "It's impossible to see all connections, but we must develop an integrated perspective."

Ultimately, what's at stake transcends technology. "What's at stake is our lifestyle, our way of life," she concludes. "That's why we desperately try to protect and control these systems. But it's not always possible. Sometimes it's impossible." Her final thought carries both warning and hope: "Just thinking about these questions is the starting point—and we're already decades late in starting."

Author's Analysis

Botezatu speaks with the exhausted clarity of someone who has spent years trying to bridge unbridgeable gaps—between cyber and space professionals, between commercial and military interests, between nations that won't even sit at the same table. The disconnection she identifies isn't just a communication failure; it's a fatal blind spot in our defense architecture. IT security experts obsess over firewalls while remaining ignorant that satellites have uplinks and downlinks hijackable with 1990s techniques. Space engineers build machines without grasping that software-defined payloads are open invitations for hackers to reprogram satellites in orbit. We've created heart surgeons who don't understand circulation working alongside cardiologists who can't find the heart.

Her recollection of the 2003 Northeast blackout serves as a preview of catastrophe—but that was just a power grid failure. When GPS, communications satellites, and weather monitoring all fail simultaneously, the community self-organization she describes after 20 hours becomes meaningless. You can't organize your neighborhood when every neighborhood on Earth faces the same crisis. The lunar governance challenge exposes our unpreparedness even more starkly: ATLAC can't even get nations to admit their Moon plans, let alone agree on cybersecurity protocols. We're watching a land grab 238,900 miles away where the stakes are measured in centuries and nobody's defined what "ownership" means. Building permanent lunar bases without discussing cybersecurity is like constructing a city without locks because crime hasn't been invented yet.

What makes Botezatu's testimony chilling is her matter-of-fact acceptance that "we've lost that battle" of understanding our complex systems. This isn't defeatism—it's honesty. We've built a civilization so interconnected that no single entity can map its vulnerabilities. The shift from protection to resilience she describes is admission of defeat: we can't stop attacks, so we're planning for recovery instead. Her observation that cyber attacks offer "plausible deniability" while being "far more accessible" than kinetic weapons should terrify anyone who grasps deterrence theory. Nuclear weapons deter because they leave unmistakable signatures. Cyber attacks that look like system failures? Deterrence collapses. Why launch a missile when you can make satellites betray their owners and claim ignorance? Her PhD thesis attempted to connect urban and space domains—"everything"—and concluded the interconnections are literally impossible to map. Every human action, from opening a refrigerator to calling family, corresponds to cyber and space systems. We haven't just built complex systems; we've woven them into existence itself. Now that fabric unravels, thread by invisible thread, while Botezatu rushes between capitals trying to get adversaries to talk before they act.

About Ulpia Elena Botezatu

Ulpia Elena Botezatu serves as Chair of the United Nations Committee on the Peaceful Uses of Outer Space (UN COPUOS) Scientific and Technical Subcommittee, where she coordinates space governance efforts among 95 member states. She is also Co-Chair of the Artemis Accords Lunar Activities Coordination (ATLAC) initiative and serves on the Editorial Board of Astropolitics.

With over a decade at the Romanian Space Agency and current work at Romania's National Institute for Research & Development in Informatics, Botezatu has become one of Europe's leading voices on space cybersecurity and critical infrastructure resilience. Her background spans urban security (PhD from Newcastle University), aerospace engineering (PhD from POLITEHNICA Bucharest), and international law (Nicolae Titulescu University).

Botezatu's career bridges the operational and strategic, from her early work as a landscape architect for Bucharest's City Hall to her current role shaping global space policy. She has held fellowships at the George C. Marshall Center, EURISC Foundation, and served with the United Nations. Her involvement with the European Space Agency, EU Space Surveillance and Tracking Partnership, and ISO standards development has positioned her at the intersection of technical capability and international cooperation.

Based in Bucharest, she continues to research space situational awareness, cybersecurity, and the resilience of space infrastructure while working to build consensus among nations that increasingly view space as a domain of strategic competition.