THE CYBEROBSERVER
Satellite Internet Constellations: New Attack Surfaces in Low Earth Orbit
Cyber Threat

Satellite Internet Constellations: New Attack Surfaces in Low Earth Orbit

As LEO satellite constellations become critical internet infrastructure serving military, commercial, and humanitarian users, their cybersecurity posture remains alarmingly immature — creating attack surfaces that span from ground stations to orbital assets.

Rina Takahashi

Policy Analyst, Digital Governance

Digital Policy
3 Jun 20263 min read
Satellite constellation visualization showing orbital paths

The Orbital Internet

In February 2022, one hour before Russian ground forces crossed into Ukraine, a cyberattack disabled Viasat's KA-SAT network across Europe. The attack — later attributed to Russian military intelligence (GRU) by the EU, UK, and US governments — deployed wiper malware (AcidRain) to satellite modems, bricking tens of thousands of terminals. The immediate target was Ukrainian military communications, but the blast radius extended to German wind farm control systems, French emergency services, and internet access across Central Europe.

This single incident demonstrated a reality the space cybersecurity community had warned about for years: satellite internet infrastructure is both militarily significant and deeply fragile. Three years later, the attack surface has expanded dramatically — yet the defensive posture of the industry remains inadequate.

Attack Surface Taxonomy

A satellite internet constellation presents attack surfaces at four distinct layers, each with unique constraints and threat models:

Ground Segment

Ground stations, network operations centers, and user terminals represent the most accessible attack vector. The Viasat attack exploited a VPN appliance vulnerability in the ground segment management network — never touching the satellites themselves. User terminals, manufactured at scale with cost optimization prioritized over security hardening, present consumer-electronics-grade attack surfaces connected to space-grade infrastructure.

8,000+

Active LEO satellites

Internet constellation assets in orbit

50,000+

Projected by 2030

Planned constellation expansion

0

International frameworks

Governing commercial satellite cybersecurity

Space Segment

The satellites themselves run software — and software has vulnerabilities. Unlike terrestrial systems, orbital assets cannot be physically accessed for remediation. Firmware updates must be transmitted via radio frequency uplinks, creating both a patching mechanism and a potential attack vector. A compromised command-and-control channel could theoretically enable an attacker to alter orbital parameters, disable transponders, or modify traffic routing at the constellation level.

Full analysis continues below

Register to read the complete assessment

The Cyber Observer is independent — no advertising, no vendor sponsorship, no editorial constraints. Registration gives you full access to all articles and briefings for 12 months. No payment required.

Register — 12 months free

Email only. No card. Unsubscribe anytime.