NASA is planning to build a major base on the moon. Before it can figure out how to pour lunar concrete or park rovers at the south pole, it has a more fundamental problem: the agency reportedly lacks mandatory cybersecurity standards for the operational technology that would keep astronauts alive once they get there.

That gap, between ambition and infrastructure readiness, is the subject of a recent SpaceNews analysis that argues the entire lunar base concept risks becoming a very expensive boondoggle unless federal agencies establish binding security requirements for space-based OT systems before construction begins. The argument is straightforward and hard to dismiss: retrofitting cybersecurity into physical infrastructure after the fact is orders of magnitude harder than designing it in from the start.

The $20 Billion Bet

NASA Administrator Jared Isaacman announced that the agency was canceling the Lunar Gateway orbital station and redirecting resources toward a surface base at the lunar south pole. Reports indicate the plan calls for three phases stretching over multiple years, with substantial budget allocations planned across these development stages.

The scope is enormous. According to BBC reporting, the base would include nuclear and solar power systems, crewed and uncrewed rovers, construction-site preparation equipment, a mobile communications network, a lunar GPS system, and constellations of observation and relay satellites. Each of those systems depends on operational technology: the hardware and software that directly monitors, controls, and automates physical processes.

Program executives have described the first phase as focused on establishing reliable lunar access and gathering ground truth at potential base sites. Subsequent phases would build out communications, navigation, and power infrastructure while supporting crewed missions. Later stages would enable long-duration human exploration with routine logistics missions.

That timeline is aggressive. And it is driven at least partly by competition: China has announced plans to land taikonauts on the moon in the early 2030s, a goal that has injected urgency into American planning.

What Operational Technology Actually Means on the Moon

Operational technology is the category of systems that controls physical infrastructure. Industry sources define it as the hardware and software that directly monitors, controls and automates physical processes and infrastructure in industrial systems. On Earth, OT manages power grids, water treatment plants, manufacturing lines, and oil refineries. On the moon, it would manage life support, power distribution, communications, environmental controls, and construction equipment.

The difference between Earth-based OT and space-based OT is not just a matter of distance. It is a matter of kind. A compromised power grid controller in Houston can be addressed by sending a technician to the affected substation. A compromised life-support controller on the lunar surface cannot. Space OT systems must operate autonomously, with remote mitigation as the primary intervention method.

That autonomy creates attack surfaces that don’t exist in terrestrial OT environments. Every uplink and downlink is exposed across the RF spectrum. Every command sent from Earth to the moon traverses a signal path that is, by definition, accessible to anyone with the right antenna and enough computational power. And the round-trip communication delay means that a system compromise could progress for seconds before a ground operator even knows it has happened.

The Stuxnet Precedent

The canonical example of OT vulnerability remains the Stuxnet virus, discovered in 2010, which successfully attacked Iranian nuclear centrifuges by targeting Siemens Programmable Logic Controllers used to regulate spin rates. The centrifuge facility was air-gapped from the internet. It did not matter. The malware found its way in through USB drives and exploited the gap between assumed security and actual security.

The lesson for lunar OT is direct. Physical isolation is not sufficient protection. A lunar base will need to receive commands and software updates from Earth. Those communication channels are potential attack vectors, and the autonomous nature of space OT means a successful intrusion could cause physical damage before anyone intervenes.

Security experts have argued that building a base on the moon before standardizing requirements like cybersecurity for uplink and downlink, security of common use infrastructure, and OT devices will make it nearly impossible to implement these protections after the fact.

Where the Standards Stand Today

The existing standards framework for space communications security is thin. The Consultative Committee for Space Data Systems created Space Data Link Security, a standardized method for adding authentication and encrypted communication to satellite data layers. That protocol was designed for satellite-to-ground communication, not for the kind of complex, multi-system infrastructure a lunar base would require.

The U.S. Space Force awarded a contract to implement Zero Trust architecture across satellites, mesh networks, and ground stations. That initiative remains incomplete, and its scope is limited to Space Force assets. It does not extend to NASA’s civil space infrastructure or the commercial systems that will form the backbone of lunar base operations.

The gaps are specific and identifiable. There are no mandatory encryption standards for lunar OT devices. There are no defined requirements for edge computing devices that would operate on the lunar surface. AI safety protocols for autonomous systems remain undefined. And the question of who is responsible for setting these standards is itself unresolved.

The Institutional Vacuum

The U.S. National Space Council, which historically served as the coordinating body for space policy across federal agencies, is not currently operating in its traditional capacity. That absence matters because the cybersecurity challenges of a lunar base don’t fit neatly into any single agency’s jurisdiction, and there is no functioning mechanism to force the question.

Consider what happens when a commercial contractor building the base’s power distribution system needs to know what encryption standard to implement on its control hardware. NASA’s Office of the Chief Information Officer handles IT security for the agency’s networks but has no mandate over operational technology aboard spacecraft or surface infrastructure. CISA, which oversees critical infrastructure protection on Earth, has no authority over assets beyond the atmosphere. The Department of Defense sets cybersecurity requirements for military space systems through Space Force, but a civil lunar base falls outside its jurisdiction. The contractor, facing a hardware design freeze and a launch window, has no single authority to call. So it builds to whatever internal standard its engineering team considers adequate, or whatever the contract’s vague “industry best practices” language can be interpreted to require. The chipset ships without a binding encryption standard because no one had the authority to impose one.

This is a pattern that repeats across American space policy. NASA can design a nuclear reactor for the moon but struggles with the institutional infrastructure to manage its own data systems. The agency is technically brilliant and bureaucratically fragmented. A lunar base amplifies both qualities.

Why “After the Fact” Doesn’t Work

The core argument from industry analysts is about construction sequencing. Cybersecurity for OT systems is not a software patch you apply after the hardware is installed. It is an architectural decision that shapes hardware selection, communication protocols, power system design, and operational procedures. If the base’s environmental control system uses a particular chipset without encryption capability, you cannot add encryption later without replacing the chipset. If the power distribution network uses a protocol without authentication, you cannot authenticate commands without redesigning the protocol.

The analogy on Earth is instructive. Industrial control systems built in the 1990s and 2000s without cybersecurity considerations are now the most vulnerable points in American critical infrastructure. Retrofitting security onto those legacy systems has cost billions and taken decades. The lunar base has the advantage of starting from scratch, but only if security requirements are established before the first hardware ships. And the Artemis program is already moving fast. Artemis II launched on April 1, sending four astronauts on a trajectory around the moon. NASA has indicated that the initial phase of the base effort will span the late 2020s, with a significant increase in lunar mission cadence. Hardware decisions are being made now.

The Signal Problem

There is also a geopolitical dimension. If the United States is building a lunar base in direct competition with China’s moon landing ambitions, the security of that base is a national security question as much as an engineering one. A lunar base whose OT systems can be compromised by a state-level adversary is not a strategic asset. It is a liability.

Security analysts have argued that demonstrating the hard work of mandating the protection of OT systems is a signal that shows serious intent.

That framing matters in Washington. Space policy decisions are always partly about signaling: to allies, to adversaries, to Congress, and to the commercial sector. Isaacman’s decision to halt Gateway and redirect toward a surface base was itself a signal about priorities. But signals about ambition need to be matched by signals about seriousness, and mandatory OT security standards would be one such signal.

Congressional funding for space programs will require ongoing review of the entire architecture. That review is an opportunity to attach cybersecurity mandates to the authorization. Whether anyone in Congress is asking the right questions about OT security is another matter.

What Happens Next

The window for getting this right is narrow and closing. NASA’s Phase 1 contracts for site survey and access infrastructure are expected to be awarded in the next 12 to 18 months. Once those contracts lock in hardware specifications and communication architectures, the cost of imposing retroactive cybersecurity requirements escalates by orders of magnitude. The decisions that determine whether this base is secure or vulnerable are not being made in 2030. They are being made now, in procurement offices and engineering reviews that most of Washington is not paying attention to.

There are specific pressure points where intervention is still possible. The next NASA authorization bill, likely to move through committee in 2027, could include binding OT security requirements as a condition of base funding. The Space Force’s Zero Trust initiative could be expanded by executive directive to cover civil space infrastructure and commercial partners operating under NASA contracts. And NASA’s own procurement process could mandate compliance with NIST cybersecurity frameworks for all OT hardware before contracts are finalized, a step the agency has the authority to take without congressional action.

The agency’s track record on integrating security into its programs from the start is not encouraging. The Air Force Research Laboratory’s support for Artemis II equipment testing shows productive cross-agency collaboration is possible, but it tends to happen on hardware and mission-specific challenges rather than on systemic policy questions like cybersecurity architecture.

The gap between the idea of a moon base and the reality of a moon base will determine whether the substantial investment produces a lasting human presence or a very expensive pile of unprotected hardware on the lunar surface. Three things need to happen before Phase 1 hardware ships: someone in the executive branch needs to designate a lead agency for space OT cybersecurity, NASA needs to write binding security requirements into its base contracts, and Congress needs to make those requirements a condition of continued funding. None of those steps is technically difficult. All of them are politically inconvenient. And the clock on every one of them is running out.

Photo by Soly Moses on Pexels