Table of Contents
Fetching ...

Satellite Cybersecurity Across Orbital Altitudes: Analyzing Ground-Based Threats to LEO, MEO, and GEO

Mark Ballard, Guanqun Song, Ting Zhu

TL;DR

The paper addresses how ground-based cyber threats to satellites differ across orbital regimes ($LEO$, $MEO$, $GEO$) and proposes an altitude-aware framework by merging a public incident dataset with orbit-specific vulnerability proxies. It employs a data-driven approach to map incidents to enabling conditions such as weak encryption and TT&C irregularities, revealing that Encryption Weak and TT&C Anomalies are robust indicators across all orbits, while SEU-related risks and high uplink activity vary by regime. The main contributions are a differentiated threat profile by orbit, a proxy-based interpretation of attack pathways, and practical recommendations for cryptographic hardening and anomaly-based defense. The findings have practical impact for space operators seeking to reduce ground-based attack surfaces, mitigate debris risk, and pursue secure, sustainable, and resilient satellite operations.

Abstract

The rapid proliferation of satellite constellations, particularly in Low Earth Orbit (LEO), has fundamentally altered the global space infrastructure, shifting the risk landscape from purely kinetic collisions to complex cyber-physical threats. While traditional safety frameworks focus on debris mitigation, ground-based adversaries increasingly exploit radio-frequency links, supply chain vulnerabilities, and software update pathways to degrade space assets. This paper presents a comparative analysis of satellite cybersecurity across LEO, Medium Earth Orbit (MEO), and Geostationary Earth Orbit (GEO) regimes. By synthesizing data from 60 publicly documented security incidents with key vulnerability proxies--including Telemetry, Tracking, and Command (TT&C) anomalies, encryption weaknesses, and environmental stressors--we characterize how orbital altitude dictates attack feasibility and impact. Our evaluation reveals distinct threat profiles: GEO systems are predominantly targeted via high-frequency uplink exposure, whereas LEO constellations face unique risks stemming from limited power budgets, hardware constraints, and susceptibility to thermal and radiation-induced faults. We further bridge the gap between security and sustainability, arguing that unmitigated cyber vulnerabilities accelerate hardware obsolescence and debris accumulation, undermining efforts toward carbon-neutral space operations. The results demonstrate that weak encryption and command path irregularities are the most consistent predictors of adversarial success across all orbits.

Satellite Cybersecurity Across Orbital Altitudes: Analyzing Ground-Based Threats to LEO, MEO, and GEO

TL;DR

The paper addresses how ground-based cyber threats to satellites differ across orbital regimes (, , ) and proposes an altitude-aware framework by merging a public incident dataset with orbit-specific vulnerability proxies. It employs a data-driven approach to map incidents to enabling conditions such as weak encryption and TT&C irregularities, revealing that Encryption Weak and TT&C Anomalies are robust indicators across all orbits, while SEU-related risks and high uplink activity vary by regime. The main contributions are a differentiated threat profile by orbit, a proxy-based interpretation of attack pathways, and practical recommendations for cryptographic hardening and anomaly-based defense. The findings have practical impact for space operators seeking to reduce ground-based attack surfaces, mitigate debris risk, and pursue secure, sustainable, and resilient satellite operations.

Abstract

The rapid proliferation of satellite constellations, particularly in Low Earth Orbit (LEO), has fundamentally altered the global space infrastructure, shifting the risk landscape from purely kinetic collisions to complex cyber-physical threats. While traditional safety frameworks focus on debris mitigation, ground-based adversaries increasingly exploit radio-frequency links, supply chain vulnerabilities, and software update pathways to degrade space assets. This paper presents a comparative analysis of satellite cybersecurity across LEO, Medium Earth Orbit (MEO), and Geostationary Earth Orbit (GEO) regimes. By synthesizing data from 60 publicly documented security incidents with key vulnerability proxies--including Telemetry, Tracking, and Command (TT&C) anomalies, encryption weaknesses, and environmental stressors--we characterize how orbital altitude dictates attack feasibility and impact. Our evaluation reveals distinct threat profiles: GEO systems are predominantly targeted via high-frequency uplink exposure, whereas LEO constellations face unique risks stemming from limited power budgets, hardware constraints, and susceptibility to thermal and radiation-induced faults. We further bridge the gap between security and sustainability, arguing that unmitigated cyber vulnerabilities accelerate hardware obsolescence and debris accumulation, undermining efforts toward carbon-neutral space operations. The results demonstrate that weak encryption and command path irregularities are the most consistent predictors of adversarial success across all orbits.
Paper Structure (9 sections, 4 figures)

This paper contains 9 sections, 4 figures.

Figures (4)

  • Figure 1: Space & Cybersecurity Info Space Attacks Open-Database
  • Figure 2: Five Common Selected CIA-aligned Satellite Vulnerabilities
  • Figure 3: Prevalence of each vulnerability across LEO, MEO, and GEO from the open-source database 60 publicly documented incidents
  • Figure 4: Evaluation of Vulnerabilities to Attacks that are Overrepresented by Orbit