Golden Dome’s cyber protection must be a design choice, not an afterthought

Jack Wilmer was the Chief Information Security Officer at the Department of War from 2019-2020 and is currently CEO of SIXGEN. Retired Lt. Gen. Charlie Moore served as Deputy Commander of USCYBERCOM from 2020-2022.

Last year, in a crowded conference hall in the Las Vegas desert, teams of caffeine-fueled hackers surrounded by laptops and radio gear attacked and took control of a simulated government satellite. Operators were locked out as participants seized functional control and redirected payload behavior in real time. 

Fortunately, the 2025 hack was a friendly demonstration. But the STARPWN Capture-the-Flag exercise, which was developed with the help of SIXGEN, a developer of advanced and defensive cyber capabilities, showed just how easily space systems can be infiltrated and exploited. If civilians could expose such vulnerabilities, what are U.S. adversaries capable of — and what could it mean for the Golden Dome missile shield? 

Public discussion of Golden Dome has so far focused on hypersonic weapons, drones, cruise missiles, maneuvering reentry vehicles, and space-based sensors. But the threat of cyber operations targeting the space and ground systems has remained mostly unexamined, which could imperil one of the most consequential national defense projects in decades. 

A missile-defense architecture can perform flawlessly in testing and still fail in conflict if its infrastructure can be manipulated, degraded, or denied. Golden Dome risks becoming a system that works beautifully in theory but collapses when America needs it most. As such, policymakers and the Golden Dome Program Office must address a fundamental question: What is the best path forward to protect the defensive shield from cyber vulnerabilities? 

Air and missile defense has traditionally been evaluated through a physical lens: sensor sensitivity, tracking accuracy, interceptor kinematics, and engagement timelines. But, cybersecurity is often treated as a late-stage requirement, with encryption, access controls, and compliance validation layered onto systems whose architectures are already fixed. 

This approach is incompatible with modern space systems and cyber threats. 

Golden Dome will depend on tightly coupled, software-defined space architecture. Space-based sensors, relay networks, ground processing pipelines, and command-and-control systems must operate in precise synchronization. That interconnectedness is necessary but creates potential vulnerabilities that adversaries can exploit. Rather than attacking satellites kinetically, they can target the architecture’s timing, data integrity, and trust relationships, producing effects that look like benign anomalies rather than hostile action. 

Some degree of ambiguity is normal in space operations. Radiation effects, thermal variation, orbital dynamics, and intermittent connectivity routinely produce irregular behavior. But malicious effects can masquerade as sensor noise, calibration drift, or operator error, allowing adversaries to act while defenders remain uncertain as to whether a problem even exists. 

For adversaries, the objective is not necessarily to destroy the system outright, but to induce hesitation, misalignment, or delays at precisely the moment missile defense timelines are the most dynamic and time sensitive. In an environment where seconds and minutes matter, this can cause the difference between mission success or mission failure. 

Over the past year, SIXGEN has worked across the civilian, commercial, and national security space enterprise, conducting mission support, red teaming, research, and operational exercises focused on real orbital cyberattack surfaces. A consistent pattern has emerged: Exploiting space-based cyber vulnerabilities can cause systemic disruption and mission failure. 

Therefore, the Golden Dome program must take the following actions. 

First, cybersecurity must be treated as a core engineering discipline, not a compliance exercise. Cyber requirements should be owned by the chief engineer and architected alongside RF, electrical, software, and mechanical engineering from the very beginning of system design. Additionally, the Program Executive Officers and the Missile Defense Agency should require cyber assessments at Preliminary Design Review and Critical Design Review, not just of individual components, but of the entire architecture. 

Second, it must be recognized that redundancy is not the same as security. While redundancy is critical, Golden Dome engineers must assume adversaries will attempt to manipulate the system. The architecture must be designed to detect, isolate, and operate through such attacks. Further, this resiliency must be tested by red teams exercising adversary tactics, techniques and procedures and cyber fault injection as part of developmental test and evaluation. 

Third, we must embrace cyber as a non-kinetic capability, not merely a vulnerability. Cyber-enabled electronic warfare and electronic warfare-enabled cyber operations represent real tools for shaping the battlespace both left and right of launch. Golden Dome investment portfolios should include dedicated funding lines for non-kinetic cyber capabilities, rather than assuming these effects will be provided “by other organizations” or absorbed by the existing cyber mission forces. 

Finally, on-orbit and ground systems need to be capable of distinguishing environmental anomalies from adversarial behavior. Ambiguity should be treated as a signal, not dismissed as noise. This approach requires acquisition incentives for cyber-instrumented avionics, authenticated telemetry, and secure update mechanisms, capabilities that are often cut when budgets tighten because their value is not immediately visible in performance metrics. 

Ultimately, Golden Dome will not fail because its hardware or software is incapable of performing its specified tasks. It will fail if leaders assume cyber risk can be deferred, diluted through redundancy, or reduced to compliance checklists. The architectural decisions made today will determine whether systems are resilient or fragile for decades to come.

Golden Dome must be designed as an integrated digital-physical architecture in which resilience, cyber assurance, and operational advantage are engineered from inception, not added later. Its success will hinge on the system’s ability to operate confidently in a contested and deceptive environment — distinguishing anomaly from adversary, sustaining mission assurance under pressure, and shaping the battlespace rather than merely reacting to it. Done right, Golden Dome will strengthen deterrence for decades. Done poorly, we will be trying to mitigate its vulnerabilities for decades.