What Are Satellites & How They Work | Satellite Security

Understanding Satellites: The Foundation

A satellite is any object that orbits another object in space. In the cybersecurity context, we focus on artificial satellites — engineered systems placed into Earth orbit to perform communications, navigation, Earth observation, scientific research, or military missions. Before we can secure these systems, we need to understand how they work, where they operate, and what makes them fundamentally different from terrestrial infrastructure.

As of early 2026, there are over 12,000 active satellites in orbit, with projections exceeding 100,000 by the end of the decade. Every one of them represents a potential attack surface.

Orbital Mechanics: Where Satellites Live

The orbit a satellite occupies dictates its latency, coverage area, lifespan, and — critically — its security posture. An attacker’s ability to intercept signals, jam communications, or physically threaten a spacecraft depends heavily on orbital parameters.

Orbital Classifications

Parameter	LEO	MEO	GEO	HEO
Altitude	160–2,000 km	2,000–35,786 km	35,786 km (exact)	Varies (500–39,000+ km)
Orbital Period	90–127 minutes	2–24 hours	23 hrs 56 min (sidereal day)	12–24 hours
One-Way Latency	1–7 ms	70–125 ms	~240 ms	Varies with position
Round-Trip Latency	2–14 ms	140–250 ms	~480 ms	Varies with position
Coverage per Sat	Small footprint (~1,000 km)	Medium footprint	~1/3 of Earth’s surface	Regional, high-latitude
Constellation Size	Hundreds to thousands	20–30 typically	3 minimum for global	2–3 for regional
Typical Use Cases	Imaging, broadband, ISR	Navigation, comms	Broadcast, weather, comms	Arctic comms, early warning
Examples	Starlink, Planet Labs, ISS	GPS, Galileo, O3b	Intelsat, GOES, SBIRS	Molniya, Tundra, SDS

Low Earth Orbit (LEO): 160–2,000 km

LEO is the most congested orbital regime and the foundation of modern mega-constellations. Satellites here move at approximately 7.8 km/s and complete a full orbit in roughly 90 minutes.

Key characteristics from a security perspective:

Short contact windows — A ground station may only have 5–15 minutes of visibility per pass, constraining both data throughput and the window for command-and-control (C2) operations.
Doppler shift — Relative velocity causes significant frequency shifts that receivers must compensate for, which introduces complexity that attackers can exploit.
Atmospheric drag — Satellites below ~600 km require periodic orbit-raising maneuvers, consuming finite propellant. An attacker who compromises propulsion commands could deorbit a spacecraft.
Radiation environment — Lower radiation than MEO/GEO, enabling use of commercial-off-the-shelf (COTS) processors with greater computational capacity (and larger attack surface).

SpaceX’s Starlink constellation exemplifies LEO at scale: over 6,000 satellites as of 2026, operating at approximately 550 km altitude, with inter-satellite laser links forming a mesh network in space.

Medium Earth Orbit (MEO): 2,000–35,786 km

MEO is dominated by navigation constellations. The GPS constellation operates at approximately 20,200 km with 31 operational satellites in six orbital planes.

Security-relevant properties:

Van Allen radiation belts — MEO passes through the inner radiation belt (~1,000–6,000 km) and the outer belt (~13,000–60,000 km). Radiation-hardened components are mandatory, which limits computational capability and makes hardware updates impossible.
Longer contact windows — Ground stations have extended visibility, but this also means adversaries have longer windows to attempt signal interception or jamming.
Navigation signal structure — GPS, Galileo, GLONASS, and BeiDou all broadcast open signals that are, by design, receivable by anyone. This creates inherent vulnerabilities to spoofing and meaconing attacks.

Geostationary Orbit (GEO): 35,786 km

A satellite in GEO orbits at exactly the rate Earth rotates, appearing stationary relative to the ground. This is ideal for broadcast communications and persistent weather observation.

Security implications:

Fixed position — Predictability simplifies both legitimate operations and adversarial targeting. An attacker knows exactly where to point a directional antenna.
High latency — The ~480 ms round-trip delay makes real-time interactive protocols challenging and affects TCP performance significantly.
Long operational life — GEO satellites are designed for 15–20+ year missions. Systems launched in 2010 may run on processors and encryption from the mid-2000s, creating legacy vulnerability challenges that cannot be physically remediated.
High-value targets — A single GEO satellite may serve an entire continent. Compromising one asset can have outsized impact.

Highly Elliptical Orbit (HEO)

HEO satellites follow elongated orbits that spend most of their time over a specific region (the apogee), providing quasi-geostationary coverage at high latitudes where GEO satellites have poor elevation angles.

Molniya orbit — 12-hour period, ~63.4° inclination, used by Russia for Arctic communications and early warning.
Tundra orbit — 24-hour period, similar inclination. Used for persistent high-latitude coverage.
Satellite Data System (SDS) — U.S. military relay satellites in HEO that support polar-region communications for strategic assets including submarines.

Security note on HEO: The variable altitude means the satellite transitions through different radiation environments and experiences changing signal path lengths during each orbit. Ground station tracking is more complex than for GEO, and the elliptical orbit creates periods where the satellite is closer to Earth (perigee), potentially making it more vulnerable to ground-based directed energy or ASAT threats.

Orbital Debris and the Congested Environment

As of 2026, the U.S. Space Surveillance Network tracks over 35,000 objects larger than 10 cm in orbit. An estimated 1 million objects between 1 cm and 10 cm are untracked but capable of destroying a satellite on impact. This debris environment has direct security implications:

Conjunction events require satellites to perform collision avoidance maneuvers, consuming limited propellant
Debris fields from ASAT tests (China 2007, Russia 2021) have created persistent hazard zones
Attribution challenges — Distinguishing between a debris impact and a deliberate attack can be difficult without comprehensive space situational awareness (SSA)
Mega-constellation density increases the probability of close approaches and the complexity of traffic management

Satellite Architecture: The Four Segments

Understanding satellite system architecture is essential for threat modeling. Every satellite system comprises four interdependent segments, each with distinct attack surfaces.

graph TB
    subgraph SPACE["SPACE SEGMENT"]
        BUS["Satellite Bus<br/>Structure, Power, Thermal,<br/>ADCS, Propulsion, OBC"]
        PAYLOAD["Payload<br/>Transponders, Cameras,<br/>Sensors, Processors"]
        BUS --- PAYLOAD
    end

    subgraph GROUND["GROUND SEGMENT"]
        TTC["TT&C Stations<br/>Telemetry, Tracking,<br/>Command"]
        NOC["NOC / SOC<br/>Network & Security<br/>Operations Centers"]
        GW["Gateways<br/>Internet Backbone<br/>Interconnect"]
        MC["Mission Control<br/>Orbit Determination,<br/>Maneuver Planning"]
        TTC --- NOC
        NOC --- GW
        NOC --- MC
    end

    subgraph USER["USER SEGMENT"]
        TERM["User Terminals<br/>VSAT, Handheld,<br/>Shipborne"]
        RX["Receivers<br/>GPS, GNSS,<br/>Broadcast"]
        MODEM["Modems & Routers<br/>DVB-S2 Decoders,<br/>IP Encapsulators"]
        TERM --- MODEM
        RX --- MODEM
    end

    subgraph LINK["LINK SEGMENT"]
        UL["Uplink<br/>Ground-to-Space<br/>Command & Data"]
        DL["Downlink<br/>Space-to-Ground<br/>Telemetry & Data"]
        CL["Crosslink / ISL<br/>Satellite-to-Satellite<br/>Optical or RF"]
        FL["Feeder Links<br/>Gateway-to-Satellite<br/>High Throughput"]
        USERL["User Links<br/>Satellite-to-Terminal<br/>Service Delivery"]
    end

    SPACE <-->|"Uplink / Downlink"| GROUND
    SPACE <-->|"User Links"| USER
    SPACE <-->|"Inter-Satellite Links"| SPACE
    GROUND <-->|"Terrestrial Networks"| USER

Space Segment

The space segment encompasses all assets in orbit. Each satellite consists of two primary components:

The Bus (Platform)

The bus provides all housekeeping functions that keep the satellite alive and operational:

On-Board Computer (OBC) — The flight computer that executes commands, manages subsystems, and runs autonomous fault protection routines. Modern OBCs range from radiation-hardened SPARC processors (e.g., LEON4 at ~250 MHz) on traditional missions to COTS ARM processors with radiation-tolerant designs on NewSpace platforms. The OBC is the most critical target for cyber intrusion — compromising it grants full spacecraft control.
Attitude Determination and Control System (ADCS) — Maintains spacecraft pointing using star trackers, sun sensors, gyroscopes (reaction wheels or control moment gyroscopes), and magnetorquers. An ADCS compromise could point antennas away from ground stations (denial of service), orient solar panels away from the sun (power starvation), or direct imaging sensors at unauthorized targets.
Electrical Power System (EPS) — Solar arrays generate power (typical range: 1 kW for small sats to 25+ kW for large GEO platforms). Battery systems (lithium-ion) sustain operations during eclipse periods. Power bus voltages are typically 28V or 100V unregulated. Manipulating power management could damage subsystems or deplete batteries.
Thermal Control System (TCS) — Manages extreme temperature swings (sunlit face can exceed +150°C while shadowed face drops below -150°C). Uses heaters, radiators, heat pipes, and multi-layer insulation (MLI). Thermal manipulation could freeze fuel lines or overheat electronics.
Propulsion System — Chemical thrusters (hydrazine, bipropellant), electric propulsion (ion, Hall-effect), or cold gas for small sats. Propulsion commands are among the most safety-critical — unauthorized maneuvers could cause collision, deorbit, or movement to an adversary-controlled orbit.
Communications Subsystem — Antennas, transponders, amplifiers (TWTAs or SSPAs), and frequency converters that form the spacecraft’s link to the ground. This is both payload and bus component on communications satellites.

The Payload

The payload is the mission-specific equipment:

Communications payloads — Transponders that receive, amplify, frequency-convert, and retransmit signals. Modern high-throughput satellites (HTS) use digital transparent processors (DTPs) or on-board processors (OBPs) for flexible bandwidth allocation.
Earth observation payloads — Electro-optical cameras, synthetic aperture radar (SAR), multispectral/hyperspectral imagers, infrared sensors.
Navigation payloads — Atomic clocks (rubidium, cesium, hydrogen maser), signal generators, and navigation message upload equipment.
Scientific instruments — Spectrometers, particle detectors, magnetometers, and other mission-specific sensors.

Ground Segment

The ground segment comprises all Earth-based infrastructure:

Telemetry, Tracking, and Command (TT&C) stations — Dedicated antennas that upload commands to and receive telemetry from spacecraft. TT&C links use dedicated frequencies (typically S-band at ~2 GHz) separate from payload data. These stations represent high-value targets — compromising TT&C access is equivalent to gaining root access on the spacecraft.
Network Operations Center (NOC) / Security Operations Center (SOC) — Monitors constellation health, manages bandwidth allocation, detects anomalies. The NOC is increasingly connected to corporate IT networks, introducing traditional cyber attack vectors.
Gateways — High-throughput ground stations that interconnect the satellite network with terrestrial internet backbones. Starlink operates 100+ gateways globally. Each gateway is a potential point of traffic interception or injection.
Mission Control Center (MCC) — Performs orbit determination, conjunction assessment (collision avoidance), maneuver planning, and anomaly resolution. Compromise of the MCC could enable unauthorized maneuvers.

User Segment

The user segment includes all end-user equipment:

VSAT terminals — Very Small Aperture Terminals ranging from 0.75m to 2.4m dishes used for enterprise and maritime communications. Many older VSATs lack encryption entirely.
Handheld receivers — GPS receivers, satellite phones (Iridium, Thuraya, Inmarsat), and IoT devices with satellite connectivity.
Consumer terminals — Starlink Dishy, Hughes Jupiter, Viasat modems. These are mass-produced consumer devices with all the associated firmware and supply chain risks.

Link Segment

The link segment encompasses all RF and optical communication paths:

Uplink — Ground-to-satellite transmission. Higher frequency and power than downlink to overcome free-space path loss.
Downlink — Satellite-to-ground transmission. Constrained by spacecraft power and antenna gain.
Crosslink / Inter-Satellite Link (ISL) — Satellite-to-satellite communication. Modern constellations increasingly use optical (laser) ISLs for high-bandwidth, low-latency, and difficult-to-intercept links. Starlink’s laser ISLs operate at ~100 Gbps.
Feeder links — High-capacity links between gateways and satellites, carrying aggregated traffic.
User links — Links between satellites and end-user terminals, carrying individual user traffic.

Frequency Bands

Satellite communications use designated frequency bands, each with distinct propagation characteristics and security implications.

Band	Frequency Range	Wavelength	Characteristics	Typical Uses	Security Notes
L-band	1–2 GHz	15–30 cm	Low attenuation, wide beams, good penetration	GPS (1575.42 MHz), Inmarsat, Iridium, ADS-B	Easy to jam/spoof with low-power equipment
S-band	2–4 GHz	7.5–15 cm	Good atmospheric penetration, moderate bandwidth	TT&C, weather radar, some mobile satcom	TT&C links are high-value targets
C-band	4–8 GHz	3.75–7.5 cm	Rain fade resistant, mature technology	Legacy VSAT, video distribution, military	Wide beams make interception easier
X-band	8–12 GHz	2.5–3.75 cm	Military-allocated, good resolution	Military comms (WGS), SAR imaging, deep space	Restricted allocation provides some security
Ku-band	12–18 GHz	1.67–2.5 cm	Good bandwidth, moderate rain fade	DTH television, VSAT enterprise, Starlink	Most commonly intercepted band
Ka-band	26.5–40 GHz	7.5–11.3 mm	High bandwidth, significant rain fade	HTS broadband, 5G backhaul, military (AEHF)	Narrow spot beams improve spatial security
V-band	40–75 GHz	4–7.5 mm	Very high bandwidth, severe atmospheric loss	Next-gen HTS, feeder links	Atmospheric absorption limits intercept range
Q-band	33–50 GHz	6–9.1 mm	Similar to V-band	Feeder links, experimental	Limited current deployment

Security principle: Lower frequency bands (L, S, C) use wider beams and lower power, making them easier to intercept and jam. Higher frequency bands (Ka, V) use narrower spot beams that provide inherent spatial isolation, but are more susceptible to weather-based denial of service (rain fade).

Communication Protocols Overview

Satellite communications rely on specialized protocols designed to handle the unique constraints of space-based links. These protocols become attack surfaces when they lack authentication, encryption, or integrity verification.

DVB-S2 and DVB-S2X

Digital Video Broadcasting - Satellite, Second Generation is the dominant standard for satellite broadband and video distribution. DVB-S2X (the extension) adds finer modulation granularity and support for very low signal-to-noise ratios.

Modulation: QPSK, 8PSK, 16APSK, 32APSK, up to 256APSK (S2X)
Coding: LDPC + BCH concatenated forward error correction
Framing: Generic Stream Encapsulation (GSE) for IP traffic, MPEG Transport Stream for video
Security gap: The base DVB-S2 standard does not include encryption. The optional DVB-CSA (Common Scrambling Algorithm) and newer DVBCISSA provide content encryption, but many deployments transmit in the clear. The DVB-RCS2 return link standard includes optional AES-128 encryption.

CCSDS (Consultative Committee for Space Data Systems)

CCSDS protocols are the standard for government and scientific space missions. Key protocols include:

Space Packet Protocol — Packetized telemetry and telecommand with application process identifiers (APIDs)
TM/TC (Telemetry/Telecommand) — Structured command uplink and telemetry downlink frames
Proximity-1 — Short-range link protocol for relay communications (e.g., Mars rovers to orbiters)
CCSDS Space Data Link Security (SDLS) — The encryption standard for space links, supporting AES-GCM for authenticated encryption. Adoption is increasing but far from universal.
Bundle Protocol — Delay-tolerant networking for deep space, where round-trip times can exceed 40 minutes

Security gap: Many legacy missions use CCSDS TM/TC frames without SDLS, transmitting commands and telemetry in cleartext. An attacker who understands the frame structure and knows the spacecraft’s APID map can craft valid-looking commands.

VSAT Protocols

VSAT networks use various proprietary and standardized protocols:

DVB-RCS2 — The standardized return channel for interactive VSAT systems
SCPC (Single Channel Per Carrier) — Dedicated carrier assignments for high-throughput links
MF-TDMA (Multi-Frequency Time Division Multiple Access) — Shared access schemes for bursty traffic
Proprietary: Hughes Jupiter, Viasat SurfBeam, iDirect — Each with proprietary encapsulation and, in many cases, proprietary encryption

IP over Satellite Challenges

Running IP traffic over satellite links introduces protocol-level vulnerabilities:

TCP performance — Standard TCP congestion control interprets the high latency as congestion, throttling throughput. Solutions include TCP acceleration proxies (PEPs — Performance Enhancing Proxies) that split the TCP connection. These PEPs terminate and re-originate TCP connections, breaking end-to-end encryption models like TLS.
Asymmetric links — Many VSAT systems have significantly higher downlink capacity than uplink (e.g., 100 Mbps down, 3 Mbps up). This asymmetry can be exploited for reflection/amplification attacks.
Encapsulation overhead — IP packets are encapsulated in DVB-S2 frames via GSE or MPE (Multi-Protocol Encapsulation), adding headers that may leak metadata even when payload is encrypted.
DNS and NTP — Satellite terminals often use operator-provided DNS and NTP servers. Compromising these enables cache poisoning and time-based attacks.

We’ll explore these protocols in depth in Satellite Communication Protocols Deep Dive.

The Modern Space Ecosystem

The space industry has undergone a dramatic transformation over the past decade. Understanding the current landscape is critical for assessing the threat environment.

The NewSpace Revolution

Traditional space (often called “OldSpace”) was characterized by government-funded programs, bespoke hardware, decade-long development cycles, and costs exceeding $10,000/kg to orbit. NewSpace has disrupted every aspect of this model:

Launch cost collapse — SpaceX’s Falcon 9 reduced costs to ~$2,700/kg. Starship targets <$100/kg. This 100x reduction has enabled entirely new mission architectures.
COTS components — NewSpace satellites increasingly use commercial processors (ARM Cortex, NVIDIA Jetson), commercial Linux distributions, and software-defined radios. This reduces cost but imports the entire terrestrial cyber threat landscape.
Agile development — Software-defined satellites can be reprogrammed in orbit. Starlink pushes firmware updates to its constellation regularly. This enables patching but also introduces software supply chain risks.
Venture capital funding — Private investment in space companies exceeded $15 billion annually by 2025, funding hundreds of startups with varying security maturity.

Mega-Constellations

The most significant structural change in the space environment is the rise of mega-constellations:

Constellation	Operator	Orbit	Satellites (Planned)	Status (2026)	Primary Service
Starlink	SpaceX	550 km LEO	~12,000 (Gen1) + 30,000 (Gen2)	6,000+ active	Broadband internet
OneWeb	Eutelsat OneWeb	1,200 km LEO	648	~600 active	Enterprise/maritime
Project Kuiper	Amazon	590–630 km LEO	3,236	Early deployment	Broadband internet
Lightspeed	Telesat	1,000 km LEO	198	In development	Enterprise connectivity
Guowang	China SatNet	LEO	~13,000	In development	Broadband internet
Hanwha	Hanwha Systems	LEO	~2,000	In development	Broadband, 6G backhaul

Mega-constellations introduce novel security challenges: the attack surface scales with satellite count, software homogeneity means a single vulnerability affects thousands of assets, and the sheer volume of RF emissions creates a dense signal environment.

Commercial Operators

Traditional operators continue to dominate GEO communications:

SES (Luxembourg) — Operates the O3b MEO constellation alongside a GEO fleet. Provides government and enterprise services globally.
Intelsat (USA) — One of the largest GEO fleet operators. Merged with SES in 2025 to form a combined fleet of 100+ satellites.
Eutelsat (France) — Merged with OneWeb, operating both GEO and LEO assets. Serves video, broadband, and government markets.
Viasat (USA) — Operates the ViaSat-3 HTS constellation for broadband. Notably, Viasat’s KA-SAT network was the target of the 2022 Russian cyberattack during the Ukraine invasion.

Military Space

Military satellites represent the highest-value and most hardened targets:

GPS (USA) — 31 operational satellites providing positioning, navigation, and timing (PNT). GPS III satellites include the M-code military signal with anti-jam and anti-spoof capabilities.
SBIRS (Space-Based Infrared System) — Missile warning constellation in GEO and HEO. Detects ballistic missile launches via infrared sensors.
WGS (Wideband Global SATCOM) — Military broadband communications in GEO. Provides X-band and Ka-band services to U.S. and allied forces.
AEHF (Advanced Extremely High Frequency) — Protected military communications using EHF band with advanced anti-jam, low probability of intercept (LPI), and low probability of detection (LPD) waveforms. Replaced Milstar.
SDA Transport and Tracking Layers — The Space Development Agency is building a proliferated LEO constellation for missile tracking and military data transport, representing a shift from exquisite GEO assets to resilient distributed architectures.

CubeSats and Small Satellites

The standardization of the CubeSat form factor (1U = 10x10x10 cm) has democratized access to space:

Academic institutions can now build and launch satellites for under $100,000
Startups use CubeSats for technology demonstration and early revenue generation
Nation-states with limited space budgets can establish sovereign space capabilities
Commercial imagery — Companies like Planet Labs operate 200+ “Dove” 3U CubeSats providing daily global imaging

Security concern: CubeSats often have minimal security — no encryption on command links, default credentials, limited processing power for cryptographic operations, and development teams without security expertise. These low-cost platforms represent the softest targets in the space ecosystem.

The Software-Defined Satellite

A significant trend reshaping the security landscape is the shift toward software-defined satellites. Traditional satellites had fixed, hardware-determined capabilities. Modern platforms are increasingly reconfigurable:

Digital transparent processors allow dynamic reallocation of bandwidth, frequency, and coverage beams via software commands
Software-defined radios (SDRs) on spacecraft can change modulation, coding, and waveform parameters after launch
On-board AI/ML processors (e.g., Intel Movidius on ESA’s PhiSat-1) enable on-orbit data processing and autonomous decision-making
Virtualized payloads — Platforms like Thales Alenia Space’s Space Inspire allow operators to reconfigure between broadcast, broadband, and government missions in orbit

This flexibility is powerful, but it transforms the satellite from a static hardware target into a dynamic software target. Every reconfigurable parameter is a potential vector for misconfiguration or malicious manipulation. A compromised software-defined satellite could be repurposed entirely — its transponders redirected, its coverage beams reshaped, its processing capabilities co-opted.

Satellite-as-a-Service and Ground Station Networks

The operational model for satellite access is also evolving:

Ground Station as a Service (GSaaS) — Companies like AWS Ground Station, Microsoft Azure Orbital, and KSAT provide on-demand ground station access via cloud APIs. This lowers the barrier to satellite operations but introduces cloud security dependencies and shared-tenancy risks.
Satellite-as-a-Service — Operators sell transponder capacity, imaging tasking, or connectivity as cloud-like services. The customer may never know which specific satellite serves their traffic.
Open-source ground software — Projects like SatNOGS provide open-source ground station networks, democratizing access to satellite telemetry reception. While valuable for education, this also means anyone can monitor satellite downlinks globally.

Key Takeaways for Security Professionals

Every segment is an attack surface — Space, ground, user, and link segments each present distinct vulnerabilities. A comprehensive security assessment must address all four.
Physics constrains security — Orbital mechanics, RF propagation, and the speed of light impose real constraints on what security measures are feasible. You cannot firewall a radio beam.
Legacy systems are permanent — Unlike terrestrial IT, you cannot physically access a satellite to replace hardware. A satellite launched with weak encryption in 2015 will operate with that weakness until end of life, potentially into the 2030s.
NewSpace trades security for speed — The use of COTS components and agile development enables rapid capability deployment but imports the full spectrum of terrestrial cyber vulnerabilities into space systems.
The ecosystem is interconnected — A vulnerability in a consumer VSAT terminal can provide a foothold into the satellite network, which connects to ground infrastructure, which ties into critical terrestrial systems.

Understanding these fundamentals is the prerequisite for understanding why satellite security matters and for developing effective defensive strategies.