Research and analysis

Cyber risks of cloud computing in the ground segment of the space sector

Published 8 August 2025

Executive summary

This report examines cyber security risks associated with the use of cloud computing in the ground segment of space systems, particularly in the context of Ground Station/Segment as a Service (GSaaS).

It is the product of a three-month study involving desk research, interviews with stakeholders from industry, academia, and government, and a workshop to present interim findings and gather feedback. The purpose was to understand the cyber security risks and implications of the use of cloud technology in the ground segment.

The adoption of GSaaS is rapidly expanding due to its cost efficiencies, scalability, and operational flexibility. Cloud integration improves accessibility, enables seamless handovers across global ground stations, and optimises resource utilization. However, this transition introduces new cyber security challenges that require careful management.

Cloud integration expands the attack surface, but its security implications depend on implementation. Proper security measures — including strong authentication, access controls, and workload separation — can mitigate risks, whereas misconfigurations or poor security practices could introduce vulnerabilities.

Cloud technology can also enhance cyber resilience for satellite operations by providing access to more ground stations across wider areas. This approach requires the use of strong authentication and encryption between the satellite operator and the satellite to reduce the potential for confidentiality and integrity attacks at the ground station.

Different GSaaS models present unique risks, particularly relating to Operational Technology (OT) security and in securing the attack surface. The shared responsibility model in cloud services requires clear delineation of security obligations between GSaaS providers and users to prevent accountability gaps.

Legacy systems also pose persistent vulnerabilities, as many were not designed with modern cybersecurity practices in mind. Integrating these systems with cloud-based GSaaS solutions requires careful consideration to avoid exposing outdated interfaces and insecure protocols.

The cyber security maturity of the space sector remains varied, with larger organisations often having stronger security practices, while smaller satellite operators may lack the necessary expertise and resources.

To address these challenges, stakeholders emphasized the importance of government support — particularly in assisting smaller players across the supply chain. This includes promoting security certification schemes, funding cybersecurity training, and encouraging the adoption of existing best practices and frameworks.

Increased threat modelling, red teaming, and continuous monitoring can enhance security posture. By fostering industry-wide awareness and best practices, stakeholders can ensure that GSaaS adoption remains secure, resilient, and aligned with mission-critical space operations.

1. Introduction

Overview

This report has been performed on behalf of by the Cyber Security and Digital Identity Directorate (CSDI) from within the Department for Science, Innovation and Technology (DSIT) to examine cyber security risks associated with the use of cloud computing in the ground segment of space systems, particularly in the context of Ground Station/Segment as a Service (GSaaS). To perform this Actica Consulting has been commissioned to compile this report and perform the steps outlined in this section.

It is the product of a three-month study involving desk research, interviews with stakeholders from industry, academia, and government, and a workshop to present interim findings and gather feedback. The aim of the work was to understand the cyber security risks and implications of cloud technology use in the ground segment.

Purpose

The purpose of this report is to summarise the findings of the research undertaken and subsequent analysis to explore the cyber security risks unique to the use of cloud computing in the ground segment of space systems.

This report contributes to understanding the growing significance of the use of cloud technology in the ground segment for national security, economic resilience, and the evolving space sector landscape.

Status

This document is an updated final version released to the Department for Science, Innovation and Technology (DSIT).

Context

Ground segments are the ground-based infrastructure required to facilitate command and control of the space segment of satellite systems. In recent years, cloud computing services are having an increasingly significant impact on the ground segment in space technology, with commercial applications across a range of sectors.

The adoption of GSaaS is rapidly expanding due to its cost efficiencies, scalability, and operational flexibility. The use of cloud technologies can improve accessibility, enable seamless handovers across global ground stations, and optimise resource utilization. However, this transition introduces new cyber security challenges that require careful management.

Methodology

This study was conducted in three key phases:

1. Desk Research: A short literature review was performed to establish baseline knowledge and identify key areas of concern related to GSaaS security (which can be found in Appendix D).
2. Stakeholder Interviews: Discussions were conducted with representatives from industry, academia, and government to gather diverse perspectives on GSaaS risks and cloud integration challenges. Some interviews were conducted over more than one session, with each interview lasting at least one hour. The list included GSaaS service providers, Ground Station Operators, Cloud Service Providers, Satellite Operators and supply chain solutions providers.
3. Stakeholder Workshop: A collaborative workshop was held where findings from the research and interviews were presented, allowing stakeholders to provide feedback and refine the final analysis.

During the desk research, we identified key academic figures with expertise in space systems and cyber security, and representative industry organisations across the sector. We were supported in this effort by the UK Space Agency and relevant trade bodies. In several cases, outreach was made through generic contact channels, with varying success. Despite these limitations, the final pool of stakeholders brought strong expertise and insight into GSaaS and cybersecurity risks in the ground segment.

Our industry stakeholders included a diverse range of organisations. These ranged from long-established players with decades of experience to major hyperscale cloud providers. We also engaged with emerging entrants and established satellite operators. On the software side, participants included traditional solution providers as well as organisations offering more modular, cloud-native approaches. This diversity provided a broad view of the evolving GSaaS ecosystem. A full list of organisations involved in the study can be found in Appendix C, which also indicates whether each organisation was interviewed, attended the workshop, or participated in both.

A topic guide for the questions asked during interviews is appended to this report (see Appendix B).

Each interview followed a semi-structured approach, beginning with general questions to understand the participant’s perspective on GSaaS and cybersecurity. We then tailored subsequent questions based on their role—for example, GSaaS providers, satellite operators, cloud service providers, government bodies, or academics. The interviews aimed to explore the unique risks and operational challenges associated with cloud integration and the GSaaS model. As more interviews were conducted, we built upon earlier insights to refine and deepen our exploration of key issues.

In total, 25 interviews were conducted between January and March 2025, with each session lasting approximately one hour. Several participants engaged in follow-up interviews for further clarification. These interviews involved 25 different organisations, comprising 6 government bodies, 6 academic institutions, and 13 industry organisations. In some cases, multiple individuals from the same organisation participated in the interviews.

The data collected from interviews was analysed to identify recurring themes, as well as areas where stakeholder opinions diverged. When analysing differences in opinion, we considered several factors: the stakeholder’s level of involvement in the specific topic, the strength and clarity of their supporting arguments, and whether their views were echoed by others from different sectors or organisations. This helped us weigh the credibility and relevance of different perspectives.

The stakeholder workshop provided a valuable opportunity to present our interim findings and gather direct feedback from participants. This allowed us to validate our interpretation of the interview data, clarify ambiguities, and refine our final conclusions in light of broader stakeholder reflections. The workshop was attended by 33 individuals representing 20 different organisations, including 3 academic institutions, 7 government bodies, and 10 industry participants.

This report presents final conclusions based on insights gathered from all three phases, reflecting industry trends, security concerns, and best practices as identified through this structured approach. The information gathered from the three stages has been collated into a set of findings and conclusions included in this report. This report also covers the analysis performed on risks faced by different cloud integration models for GSaaS, covering both ground station and ground segment as a service providers.

Structure

The structure of the remainder of the document is as follows:

• Section 2 provides some background information about the space sector ground segment;
• Section 3 outlines the findings from the desk research and interviews performed;
• Section 4 contains analysis of the risks faced by implementation models with cloud integration;
• Section 5 summarises the conclusions found based on the evidence discussed;
• Appendix A provides a glossary of abbreviations used in this document;
• Appendix B contains the topic guide which was used as input to the interviews and discussions with stakeholders;
• Appendix C has a list of the organisations who participated in the study;
• Appendix D contains a list of the literature relevant to creating this report; and
• Appendix E contains a data flow diagram showing information flows in a ground station system.

2. Background

This section presents an overview of the ground segment of the space sector to provide relevant background information for this report.

The Growing Importance of Satellite Systems

Modern satellite technologies play a central role in both civilian and defence operations. They enable essential services in communication, navigation, and surveillance (CNS), contributing significantly to economic growth, social development, and environmental monitoring. With increasing dependence on space-based services for critical operations — such as emergency response, military coordination, and transportation systems — the risks arising from cybersecurity vulnerabilities in space assets are becoming more pronounced.

Emerging Cyber Threats to Satellite Infrastructure

Satellites and their supporting infrastructure are no longer immune to cyber threats. As digital systems evolve, so does the threat landscape, exposing satellites and their control networks to potential exploitation. These vulnerabilities can result in wide-reaching disruptions — from interrupted communications to compromised national security. The emergence of satellite mega-constellations further increases complexity and expands the attack surface, complicating efforts to maintain secure operations across globally distributed systems. This reinforces the need for robust cyber defences that protect the availability, integrity, and continuity of space-based services.

Space Systems as Cyber-Physical Systems

Space systems are a unique type of Cyber-Physical System (CPS), where embedded computation, control, and communication processes are tightly integrated. The close interconnection of hardware and software introduces unique challenges. Traditional physical threats — such as jamming or electronic interference — can now manifest in cyberspace, while cyber incidents can produce physical consequences, such as degraded performance or mission failure.

Interdependence with Critical Infrastructure

Cyberspace underpins many essential functions in modern society, including finance, emergency response, and national defence. As such, the compromise of satellite systems could have cascading impacts across multiple critical infrastructure sectors.

The Critical Role of the Ground Segment

Among the segments of space infrastructure — typically classified as Space, Launch, Link, Ground, and User — the Ground Segment is particularly significant. It frequently supports multiple missions at once, handling all control and mission data. Unlike the space segment, ground infrastructure is physically accessible, which increases its attractiveness to adversaries. Depending on its architecture and implementation, a compromised or misconfigured ground segment can jeopardize multiple missions, potentially resulting in severe consequences.

Clarification on GSaaS Terminology and Scope

The term GSaaS (Ground Segment/Station as a Service) is used broadly in the space industry to describe service models where satellite operators access ground segment capabilities provided by third-party suppliers.

The concept of providing a network of ground stations for satellite operators has existed for decades, with a number of organisations offering such services. However, the term GSaaS is relatively new, gaining prominence with the entry of cloud service providers (CSPs) into the space industry.

The focus of this report is specifically on GSaaS solutions that leverage cloud technology. These cloud-integrated services enable shared, multi-tenant infrastructures, offering benefits such as scalability, flexibility, and cost efficiency.

It is important to note that not all GSaaS implementations involve cloud technology, and GSaaS offerings can vary widely. Some GSaaS providers offer hardware, antenna infrastructure, and time-slot access for satellite operators; others extend to providing Satellite Command & Control over the cloud, encompassing telemetry, mission planning, and operational control – see Figure 1. For the purposes of this report, GSaaS refers exclusively to services leveraging cloud technology within the ground segment of space systems.

Figure 1: Ground Segment Components (adapted from NIST-IR8401^{[footnote 1]})

UK Regulatory Oversight

Role of the CAA and Ofcom

In the UK, space activities are regulated by two main authorities:

• The Civil Aviation Authority (CAA) is responsible for licensing spaceflight activities — including the launch, procurement of launch, and operation of satellites — under the Outer Space Act 1986 (OSA) and the Space Industry Act 2018 (SIA).
• Ofcom regulates the use of radio spectrum and satellite communication frequencies. Its remit is limited to spectrum licensing and does not cover spaceflight activity itself.

Ground Segment Considerations in CAA Licensing

There is currently no dedicated regulatory framework specifically governing ground station infrastructure in the UK. However, ground stations are routinely included in the scope of satellite operator licence applications. As part of its assessment process, the CAA may request information on the ground stations to be used, including those provided by third parties. While the CAA does not directly regulate ground station providers — particularly those based outside the UK — it may assess associated cybersecurity risks. Operators may be required to demonstrate how those risks are managed, including through supply chain evaluation, data protection controls, and third-party access restrictions.

Influence Through Licensing Conditions

Although the CAA lacks direct regulatory authority over ground station providers, it can impose licensing conditions that influence cybersecurity practices. This includes requiring mitigations and third-party assurances where appropriate. This approach reinforces the need for cybersecurity due diligence—particularly in Ground Segment as a Service (GSaaS) and cloud-based mission architectures—where the ground segment may serve multiple clients over shared infrastructure.

Ofcom Licensing Requirements

Ofcom requires a licence for the following activities:

• Operating an Earth station in the UK, including ground stations used for uplink or downlink;
• Providing GSaaS using UK-based antennas;
• Using a third-party UK-based ground station for satellite operations;
• Operating a satellite using radio frequencies affecting the UK, even if control is from abroad;
• Procuring ITU filings via Ofcom (either as a UK-based operator or by requesting the UK to act as the notifying administration);
• Using or leasing UK spectrum rights for services such as:
  • Satellite broadband;
  • VSAT (Very Small Aperture Terminal);
  • Broadcasting or telemetry downlinks

Organisations do not need an Ofcom licence:

• if the ground station is located outside the UK and does not use UK-assigned spectrum;
• for use of foreign ground station services with no transmissions into or reliance on the UK;
• for satellite operations — including launch, command, and control — that are entirely managed outside UK territory and spectrum.

Voluntary Cybersecurity Framework from UKSA

At present, the UK Space Agency (UKSA) serves as an advisory body and is preparing a voluntary cybersecurity framework for ground stations and the ground segment. The framework will introduce three assurance levels: bronze, silver, and gold. According to UKSA, organisations will first conduct a self-assessment, after which UKSA will fund an independent audit to verify the reported level. This tiered model has been welcomed by stakeholders as a flexible and proportionate approach that accommodates organisations with varying cybersecurity maturity levels, without placing excessive burden on smaller entities.

Primary Elements of Ground System and their Functions

A small typical satellite mission has the following elements within the ground system architecture:

1. Ground Station Terminal: Transmitter and receiver information located at the ground station to transmit and receive information. This includes related hardware such as antennas. These may be in a Radio Frequency (RF) or in an optical wavelength.
2. Mission Operations Centre (MOC): The MOC commands the spacecraft; monitors spacecraft performance; and requests and retrieves data as necessary.
3. Payload Control Centre (This can also be located within MOC): issue commands and receive responses from payloads that are hosted on a different organisation’s bus (i.e. the payload is residing in a space vehicle where the space vehicle bus operations are executed by an independent MOC).
4. Ground Station Data Storage and Network: Provides live connectivity to MOC for commands and telemetry; and temporarily stores data to be retrieved by the MOC.

The primary elements of a ground system are summarised in Table 1.

Table 1: Primary Ground System Elements and their Functions – adapted from NASA^{[footnote 2]}

Element	Function
Antenna Systems	Responsible for transmitting and receiving signals between satellites and ground stations.
Telemetry Systems	Collects satellite data and sends operational commands from ground stations to satellites.
Data Processing Systems	Processes and analyses satellite-generated data for end-user applications
Network Infrastructure	Facilitates secure and efficient communication between ground system components and external users.
Control Centres	Monitors and manages satellite operations, including mission planning and troubleshooting.

3. Findings

This section presents the findings from our interviews with stakeholders across the sector. These insights were used to identify key themes and risks associated with cloud integration in the ground segment of space systems. They were subsequently shared and validated during a stakeholder workshop. The conclusions presented here reflect a synthesis of those inputs, supported by relevant academic literature and footnoted references.

Introduction

This section presents the following information identified through stakeholder discussions:

• sector cyber security background, identifying how GSaaS services have historically been provided and the variation in how they are provided today, and the cyber security maturity of the sector;
• the benefits arising from the use of cloud technology in the ground segment;
• challenges and risks introduced by cloud technology and the impact on existing risks;
• dependencies and impacts of compromise; and
• the role of government, regulation and standards.

Sector Background

Legacy Systems and Modernisation

One of the challenges, which was identified by a number of stakeholders, was the large amount of legacy technology in ground infrastructure within the space sector. These technology components have not been designed with modern cyber security principles and present persistent vulnerabilities. This is partially due to the relatively long lifetime of both satellite operations and other physical components such as antennas, compared to standard IT technology lifetimes. Many of these legacy systems have been built and operated with an “if it ain’t broke, don’t fix it” mindset, which has led to outdated security practices.

Because of the historically specialised nature of space and satellite systems, the sector has relied on the use of security through obscurity and obfuscation. This approach was natural at the time of implementation, due to the fact that ground stations were in general not widely connected and what connections had been implemented were to internal networks within trusted organisations. Some ground stations have traditionally been partially air-gapped, with limited external connectivity, further reducing past security concerns but increasing modernization challenges.

There is, in general, good recognition of these issues and several legacy systems are currently undergoing modernization, while in other cases, separate infrastructures are being built to address cyber security and operational needs. However, there remains currently a large amount of legacy technology still in operation.

Variability of GSaaS and Cloud Integration Models

The capabilities and practices of security implementation vary widely across the sector, based on the size, age and requirements of service providers.

Several interviewees noted that large players, including major Cloud Service Providers (CSP), tend to have robust security mechanisms, often driven by military and government requirements. In the ground segment, larger traditional providers are more likely to have military contracts and adhere to stricter security requirements.

Stakeholders also emphasized that, due to the various roles ground segments can perform there is no standardised way to implement and offer GSaaS services. This means that GSaaS providers will have their own unique implementation and associated risks.

The cloud can be integrated partially or fully into the ground segment in various ways. As noted in both stakeholder interviews and literature review, this includes larger overall cloud integration of the missions operation centre and ground stations as well as being able to perform a subset of either of these parts of the ground segment such as command and control of the satellite, antenna controls at the ground station or the data processing aspects^{[footnote 3]}.

According to the interviews conducted with industry groups, smaller service users and software solution providers often deprioritize security due to limited resources or lack of perceived necessity, choosing to prioritise expanding essential business functions over their cyber security capabilities.

Sector Cyber Security Maturity

According to several stakeholders, the cyber security maturity of the space sector remains relatively low, as the industry has historically relied on security by obscurity. Unlike traditional IT sectors, cyber security was often not a major consideration in space operations.

However, stakeholders noted that this mindset of the sector is now changing as space systems become more accessible and interconnected. The rise of GSaaS and low-cost satellite solutions, such as CubeSats, has lowered entry barriers, increasing both commercial adoption and cyber security risks.

Over the last 3-4 years, the sector has started to mature, with greater adoption of cyber security best practices. However, it is still evolving from a low base and has a long way to go in terms of fully addressing the growing threat landscape.

Awareness is improving, particularly among larger players and those offering their ground stations are becoming more aware of the importance of cyber security. Some stakeholders also noted a regional disparity, with the U.S. generally perceived as further ahead in cyber security maturity and investment compared to Europe.

Despite these improvements, some stakeholders highlighted structured threat modelling and red teaming exercises are underutilized in the space sector, resulting in a lack of understanding and/or visibility of cyber security vulnerabilities and risks.

Benefits & Inevitable Integration

Many of the industry stakeholders that we consulted considered the adoption of the Ground Station/Segment as a Service (GSaaS) model, which enables multiple users to share a globally distributed network of ground stations, to be almost inevitable due to its strong business case.

By eliminating the need for building and maintaining dedicated infrastructure, GSaaS significantly reduces costs, increases accessibility, and ensures seamless handovers between ground stations, allowing for more efficient mission operations.

The on-demand nature of cloud resources supports mission growth and operational flexibility, especially for smaller and newer players. This flexibility also allows GSaaS providers to better optimise the use of the ground stations they offer to multiple customers.

Additionally, access to multiple ground stations dispersed across different locations enables seamless handover between stations. This ensures extended communication windows, allowing for faster uplink, downlink, and operational tasks that would otherwise require multiple separate passes. This approach enhances resilience by reducing reliance on any single ground station, ensuring continued operations even in the event of localized outages or failures.

GSaaS allows ground stations with idle capacity to monetise downtime by offering access to multiple users, improving efficiency and revenue generation.

The growing market of small satellite operators presents new revenue opportunities, enabling providers to serve a broader customer base.

Challenges, Risks and Opportunities

Cloud Integration and Attack Surface Expansion

There are some differences amongst stakeholders on whether cloud integration increases the attack surface. There is a strong direction however, especially among industry stakeholders, to move towards cloud integration and use it as part of building more resilient and secure systems.

The general opinion has been that cloud integration increases the attack surface of space-ground systems by introducing multiple interfaces and communication channels that can potentially be exploited^{[footnote 4]}.

It should also be noted that an increased attack surface does not necessarily mean that a system is more vulnerable, the exact implementation of cloud into the ground segment is an important factor. If the integration is implemented insecurely, risks can increase or new ones can arise; if implemented with best practice the risks can be mitigated and there is the potential to enhance the overall cyber security resiliency of the organisation.

Strong authentication, access control, and customer separation is critical for securing cloud-integrated space systems. The service user takes responsibility for securing their applications and adopting best practices when using the cloud, alongside the service provider which has responsibility for the security of the service itself.

It is important to note that shared ground segments and multi-mission antennas have been a well-established concept in the space sector for many years, even before cloud integration. Traditionally, firewalls and time-controlled proxies were used to segment and isolate different users, ensuring secure access to shared infrastructure during allocated time slots. There is, and remains, a need for separation between service users to ensure that malicious or compromised users are not able to break out of their virtual containment and affect other users’ operations.

Cloud security is a mature discipline, and discussions indicate that cloud service providers invest heavily in cyber security, often implementing more advanced security controls than legacy on-premise systems. Technologies such as hypervisor-based isolation provide strong tenant separation, reducing attack surfaces and preventing unauthorized access compared to platform and application-based separation methods that may be used in traditional shared service provision.

Cloud integration enhances security through the increased use of virtualisation, improved isolation, account separation, and network segmentation. While shared systems may introduce new risks, cloud-based models offer superior monitoring, access controls, and segmentation compared to legacy systems, making them a viable option for secure satellite operations.

Cyber-physical systems, unlike traditional cloud setups, require distinct considerations due to the Command and Control (C&C) elements involved. These integrate computational and physical components, where commands issued from ground stations can directly influence physical satellite operations, such as antenna positioning, satellite C&C, and payload C&C. These real-time interactions increase the risk of cyber threats causing physical damage or operational disruptions, making security a critical aspect of cyber-physical systems in the space sector.

Shared Responsibility

The shared responsibility model of cloud services introduces challenges in delineating security obligations^{[footnote 4]}.

Unlike traditional on-premise environments where organisations have full control over security, the cloud follows a shared responsibility model. The cloud provider is responsible for securing the infrastructure, network segmentation, and physical security of the ground stations, while customers must ensure the security of their applications, data encryption, access control, and compliance with relevant regulations.

If security responsibilities are not fully understood, gaps in accountability can arise, particularly in areas such as data security, incident response, and compliance enforcement. This lack of clarity may lead to misconfigurations, security blind spots, or vulnerabilities that attackers can exploit.

This shared responsibility is further complicated by the use of Operational Technology (OT) such as antenna and the satellites themselves, the responsibility of ensuring that physical hardware is functional and working is up to the GSaaS provider. The responsibility of the satellite itself can be shared between the GSaaS provider and satellite operator based on the shared responsibility of each organisation.

Organisations adopting GSaaS must have a clear understanding of their security obligations and implement best practices to mitigate risks effectively in the same way that they would when moving their on-premises IT systems to the cloud^{[footnote 4]}.

Visibility, Data Ownership, and Platform Control

Loss of visibility into data flows, processing locations, and storage practices is a major concern among several stakeholders from industry, academic as well as government bodies. The diffuse nature of cloud resources complicates regulatory compliance and incident response.

Data sovereignty concerns were raised, particularly regarding reliance on US-based hyperscale cloud platforms and the need for EU-based sovereign cloud solutions. Some organisations had concerns about the loss of control over the geographical locations where data could be routed.

Resilience and Hybrid Architectures

There are a number of opportunities around resilience that arise from the use of cloud technology.

Several stakeholders noted during interviews that hybrid architectures — combining multiple ground station providers and diverse infrastructure setups — can improve resilience. Redundancy measures, such as utilizing different GSaaS providers, can mitigate risks from single-provider outages as well as ensuring that a larger number of locations can be available for disaster recovery activities. This view is also supported by recent research, which emphasizes how integrating diverse infrastructure setups contributes to improved robustness and reduced risk of service disruption^{[footnote 3]}.

Operational Technology

Unlike many traditional enterprise IT systems, space-ground systems interact directly with physical infrastructure — such as satellites and antennas — meaning that successful cyber-attacks can lead to physical or mission-impacting consequences. These may include alteration of satellite positioning, loss of functionality, or disruption of services that underpin elements of Critical National Infrastructure (CNI), such as communications, navigation, or Earth observation. The risks extend beyond data loss to include potential operational failure or degradation of essential services^{[footnote 5]}.

Several interviews with key stakeholders highlighted that space-ground systems share characteristics with traditional industrial control systems, particularly in terms of control loops and command protocols. Space-ground systems have unique vulnerabilities, including timing attacks and command injection, which can be particularly critical during launch and other time-sensitive operations. These attacks could disrupt mission-critical processes, making cyber security a key concern in satellite command and control.

Ensuring secure authentication for satellite commands and real-time monitoring of anomalous activity is crucial to protecting space-ground operations.

While cloud integration does not always expose these vulnerabilities, some stakeholders raised concerns during interviews that the implications of integrating satellite command and control (C&C) into the cloud are not yet fully understood. Further research is needed to assess how cloud-based C&C affects the attack surface and whether existing security models are sufficient.

Supply Chain Risks

Some stakeholders identified supply chain risks as one of the most significant cybersecurity security risks in the ground segment.

It was noted that state actors, rather than typical cybercriminals, are considered the main threat when it comes to exploiting supply chain weaknesses. This includes both hardware and software components

An industry stakeholder also highlighted that verification of software libraries using cryptographic checksums is still not widely adopted, making the software supply chain particularly vulnerable.

Cloud-based GSaaS models increase reliance on third-party providers. Stakeholders pointed out that organisations often lack visibility into how these providers implement security controls, which complicates efforts to assess supply chain risk exposure.

Stakeholders recommended that organisations adopt vendor assurance measures, such as security audits and clear contractual security requirements, to mitigate these risks.

Advanced Persistent Threats

Nation-state actors and Advanced Persistent Threats (APTs) continuously monitor, collect intelligence, and potentially exploit vulnerabilities in space-ground communication.

While APTs are a persistent threat to space systems, reported incidents in the sector have primarily targeted traditional, non-cloud-based infrastructures. However, cloud adoption changes the exposure of certain attack vectors.

While APT threats exist in both traditional and cloud-based systems, GSaaS adoption introduces new potential attack vectors, including cloud-based exploitation techniques.

Physical Threats

Physical security risks of individual ground stations remain important. However, some stakeholders noted during interviews that the introduction of cloud enhances resilience by enabling distributed operations, meaning that an attack on one ground station may not significantly disrupt overall service availability. This view is supported by recent research, which demonstrates that on-demand access to multiple cloud-based ground stations can reduce single points of failure and extend daily contact opportunities with satellites^{[footnote 6]}.

Depending on satellite coverage and the location of other ground stations, communication can often be rerouted, reducing the impact of localized attacks. For example, the ASTERIA mission leveraged AWS Ground Station services in multiple locations (e.g., Oregon and Ohio) to maximize uptime and mitigate potential downtime caused by issues at a single site.

Jamming, relay, and spoofing attacks pose significant threats to ground station (GS) communications. However, having a large network of ground stations reduces the impact of jamming, as alternative stations can ensure continued operations, even if one station is affected. This perspective was also raised during interviews, where some industry stakeholders pointed out that the unavailability of a single ground station does not significantly affect operations when a broad network of ground stations is available. Such redundancy ensures robustness and contributes to the overall resilience of the system.

Long-Term Viability

Some interviewed organisations expressed concerns about long-term reliance on cloud providers, particularly regarding forced upgrades and discontinued services. This can be a significant issue for satellite operations with long lifetimes.

Cloud services should provide guarantees for long-term mission support as part of their Service Level Agreements, especially for projects with multi-decade operational lifetimes.

Vendor Lock-In

A number of stakeholders identified risks associated with vendor lock-in, particularly if the service provider stopped providing the required services or changed the nature of the provision. The risks are particularly significant due to the niche nature of GSaaS offerings and the fact that there are limited numbers of GSaaS providers in the sector. The niche nature also results in a lower likelihood that it will be possible to migrate easily between different systems.

Critical Dependencies and Impacts

Space systems support critical national infrastructure (CNI) through services like Global Navigation Satellite System (GNSS), weather forecasting, and communications^{[footnote 5]}.

Aspects of CNI that would be affected include the transport sector for all of land, sea and air as many of these rely on accurate satellite-based location services as part of their essential function.

Satellites are also used as primary or secondary communication systems for a number of sectors such as telecommunications. This means that loss of confidentiality, integrity, and availability of communication satellites can have widespread consequences. A single ground segment service provider failure could disrupt multiple dependent systems, raising concerns about systemic vulnerabilities.

Encryption of command and telemetry data remains inconsistent, with many organisations still transmitting unencrypted data despite improvements in authentication.

Denial-of-service attacks in space-ground systems differ from traditional IT environments: in space, a lack of data can be as disruptive as an overload. Techniques like frequency/amplitude modulation and noise injection present unique denial-of-service risks^{[footnote 7]}.

Government Role & Regulatory Gaps

Governments are increasingly recognized as necessary enforcers of baseline security standards.

However, stakeholders highlighted the need for a balanced approach — one that ensures security without imposing excessive regulatory burdens that could stifle innovation.

A key concern raised in one of the interviews was the financial and operational burden of cybersecurity compliance for small and medium enterprises (SMEs). A stakeholder emphasized that government-backed programs — such as funding for security certifications and streamlined compliance frameworks — would help SMEs adopt security best practices without excessive costs.

Other stakeholders emphasized that regulations should not “reinvent the wheel” but instead build upon existing security frameworks such as those developed by ESA and the U.S. government. There was strong agreement that leveraging already established frameworks — such as NIST standards, ITAR regulations, and ESA security guidelines — would be more effective than creating new regulations from scratch.

At the same time, international collaboration remains crucial. Given the global nature of satellite operations, regulatory approaches should be harmonized across jurisdictions. A lack of standardization in security frameworks across different countries creates compliance challenges for GSaaS providers operating in multiple regions

While government involvement is essential, stakeholders cautioned against over-regulation, which could discourage smaller companies from entering the GSaaS market. Instead of strict mandates, a guidance-based approach was widely preferred. This approach should include:

• Training programs to support industry-wide cybersecurity awareness;
• Security best practice initiatives; and
• Collaborative industry-wide frameworks to help SMEs adopt security controls without excessive administrative burdens.

Throughout the interview process, there emerged agreement that international cooperation is needed to develop consistent space cyber security standards, particularly for encryption and interoperability.

4. Model analysis

There are a number of different ways in which cloud technology can be integrated into the ground segment. In this section, we provide a functional model for the provision of GSaaS services and map to three different approaches for cloud integration. We identify the different threats and risks associated with each approach.

Overview

To support the findings presented in Section 3, this section includes a series of diagrams that illustrate different GSaaS models and data flows to help clarify the various architectures, identifying common components, risks faced by these models, and interactions between systems. These diagrams have been made by combining the information gathered from several sources including research reports, publicly available information about how GSaaS is implemented, how ground station systems are implemented, and information from the stakeholder workshops performed.

Given the complexity of the GSaaS landscape, these models aim to provide a representation of different ways to introduce cloud technology into GSaaS services, offering enough detail for meaningful analysis while maintaining simplicity for clear understanding.

It is important to note that the diagrams presented do not represent an exhaustive catalogue of industry implementations, nor do they correspond precisely to any specific GSaaS provider. Instead, they serve as indicative models to explore potential approaches taken by various providers and the associated security considerations.

We have developed three GSaaS models to illustrate the potential impact of cloud technology on ground station operations. These models are the legacy model, API-access model, and full cloud model.

In addition to these ground station models there are two diagrams for ground segment as a service providers: the mission management model and the full control model.

This section explores various cloud integration approaches used in ground segment services. These models provide a foundation for discussing the security implications of GSaaS, highlighting how different deployment strategies influence risk exposure and attack vectors.

Reference Model

Figure 2 shows a functional reference model for the ground segment. It outlines the main components and the connections between them for general operation and essential functions. The diagram is split into five vertical segments, each representing a different role or logical service provider type. The blocks represent systems and arrows represent defined communication channels between these systems. The systems identified can be implemented in different ways and different locations, such as remote antenna site, on-premise back-office location, virtualised within a data centre, or within a cloud platform.

Figure 2: GSaaS Functional System Diagram

Data Flows

A full data flow diagram can be seen in Appendix E which contains a display of the various data storage locations and flows of data between these, with processes that initiate and feed into each other. This data flow diagram has been used to develop the system diagrams used in the figures in this section.

Ground Station

These systems include the physical antenna array as a core element around which the rest of the system is built to support and interact with. These antennae are responsible for taking data from a cache or data stream and uplinking that to a satellite based on configurations and angles that it is given. It also performs the role of downlinking data from satellites into a local ground station cache (if present) or streaming the data directly to a storage location.

The data items, where they are initiated and where they are used, are listed below:

• Satellite Commands & Data for ingestion (processed in the ground station cache where present, or streamed directly) – A customer will prepare a set of commands and data that needs to be uploaded to the satellite as part of their C&C responsibilities. These should be protected using end-to-end encryption along with integrity checks, such as message authentication codes or digital signatures, to prevent attacks such as replay and spoofing. However, many legacy satellite systems do not implement full end-to-end security mechanisms.
• Antenna Data for Positioning and configuration (processed by the antenna cluster controller) – These are generally given in the form of ephemeris data or Two-Line Element Sets (TLEs) and other files which can be used by antenna operators and antenna equipment to ensure that they know which direction to point in and which frequencies that should be used to communicate. This data can include information on the satellite’s orbit and can originate from public sources of satellite positioning data or from the customer themselves.
• Scheduling Data – This information is provided by a scheduling system and is used to identify the information specific to the customers that have been allocated time slots in the shared use of the ground station. It provides information on which customers should have access to the antenna or which sets of ephemeris/satellite location data and antenna configurations needs to be used to ensure that a satellite can be tracked for a communication session. This scheduling information also informs which commands and data needs to be uplinked or downlinked for this communication session.

Ground Station Service Provider

A ground station service provider is responsible for providing the customer-facing elements of the Ground Station service. It manages the data and connections between multiple GSaaS users and at least one or more antenna locations; the service provider is generally responsible for much of the scheduling and data management as well as being the organisation which usually creates and maintains the infrastructure that GSaaS users and ground stations use.

The key data items used by the GSaaS users are as follows:

• Scheduling data (managed by the scheduling manager) – This data is used for configuration and ensuring that GSaaS users and ground stations are able to set up and prepare for communication sessions.
• Uplink and downlink data (managed by the uplink / downlink manager) – The uplink / downlink manager systems manage the data of multiple customers; these systems may be implemented such that customers connect via application programming interface (API) connections to send commands or retrieve data for various communications sessions between GSaaS users and satellites. This can also be achieved with the GSaaS provider sending or receiving the data from endpoints that the GSaaS user manages.
• Antenna data for positioning and configuration (processed by the antenna control manager) – Similar to the uplink and downlink data this data and these systems are retrieved from the GSaaS users or can be accessed through a set of interfaces. In addition to this functionality public satellite data is also collected before it is sent to the ground station systems that are in use.

Missions Operation Centre / Satellite Operator

As shown by Figure 2, the systems within this segment have a great deal of intercommunication. These communications are not detailed further in this report as they are not as important to the overall threats and risks associated with the cloud use of GSaaS. These systems are primarily responsible for the management of data related to the users’ satellites; this includes the commands and data uplinked to the satellite as well as the decoding and processing the data downlinked and managing the data packages of payload operators.

This segment is particularly critical for the cybersecurity of the satellite data, as the data processing and management component of the mission operations centre is responsible for encryption and decrypting of commands, data, and telemetry data of satellite communications.

The key pieces of information and relevant systems to these are as follows:

• Scheduling information – the GSaaS customer is responsible for booking times in the scheduler through either a dedicated website or API. This can then be used to schedule a communication session with the satellite as well as being able to check the availability of the sessions or cancelling one in the future. This needs to be coordinated with the other data to ensure that the communication sessions are able to collect the correct data and uplink or downlink the expected information.
• Satellite data (data processing & distribution) – these systems are responsible for preparing and processing all the data needed for a satellite communication. This data is configured and managed by the satellite owner and any data from the satellite is decrypted, processed and sent to the satellite operator’s storage location. This data also includes telemetry and tracking data used as part of positioning the satellite and ensuring that commands for the satellite are processed correctly.
• Antenna configuration & satellite positioning data (antenna configuration & control) – This data is the information that the satellite operator needs to keep hold of so that communication sessions can be carried out successfully. This data includes ephemeris, TLEs and information about the frequencies needed to communicate with a satellite and are managed by the satellite operator.

Payload Operator

As part of this model the payload operator is responsible for a payload subsystem from within a satellite. In terms of data, they only hold one type of information of note for this model, the payload commands and data. These commands and data are fed to the commands system of the satellite operator.

Threat Actors

This subsection discusses the goals and access of a number of general threat actors at a high level; the detailed capabilities, tactics, techniques and vulnerabilities exploited are out of scope of this work.

External Attacker

External attackers are individuals from outside the ecosystem who do not have legitimate access to any data sources or information; this means that they need to exploit interfaces and system connections to be able to perform attacks, typically via the internet.

Those attackers targeting space systems have three points of interest: compromising the satellite through commands through the antenna, compromising the mission operation centre or compromising the ground station. Any initial compromise can be used to perform further attacks such as sending malicious commands to disrupt satellites, decrypting the data to compromise the confidentiality of information or exfiltrating encrypted data such as satellite communication data or cached communication data for multiple satellites for offline attacks.

There will also be generic attacks that are not specific to the space sector, such as phishing to install malware, and ransomware attacks, targeting both the GSaaS provider and GSaaS user.

Malicious Antenna Operator

A malicious (or compromised) antenna operator within a ground station, or someone with access to perform actions in a ground station such as commanding antennas and checking schedules, could attack the ground station.

These attackers have existing authorised access to the antenna, which means that they do not need to perform technical attacks as they can leverage their existing access to compromise it. From this point the main target of these groups would be the satellites of customers or compromising the mission operations centre of customers.

An additional attack that can be performed affects the availability or integrity of data from the satellite ensuring that customers cannot (temporarily) access their satellites or that the data they receive from the satellite is not usable.

Malicious GSaaS Provider

A malicious (or compromised) GSaaS provider has significant capability to cause disruption to services due to the role they have connecting ground stations to satellite operators. These attackers are able to control the interfaces that both GSaaS customers and ground stations use. They could access much of the data in transit or held at rest which can pose threats to services with insufficient encryption and secure integrity checks.

These attackers could be interested in compromising the satellites, ground stations or mission operations centres of the GSaaS users. These attacks can vary from availability attacks by disrupting connections, data exfiltration for satellite communications, and damaging the integrity or confidentiality of communications.

Malicious Satellite Operator

A member of staff from a mission operation centre (or a malicious party who had already compromised the satellite operator’s systems) would be able to compromise the satellite or satellites that an organisation has control of. They are an insider to the satellite operator and can leverage their access to the interfaces and systems of the GSaaS provider to then try and compromise these GSaaS systems.

These attackers could also attempt to compromise the antenna or ground station systems themselves, or compromise the scheduling system to disrupt service availability for other end users. These attacks can also damage the integrity of data or services available to other satellite operators using the GSaaS services. The extent to which this can be achieved, and the damage they could inflict, will depend on the GSaaS implementation and the level of isolation between its users.

Malicious Payload Operator

Payload operators are responsible for the payload of GSaaS customers and malicious operators could then have some interest in compromising satellites or the GSaaS systems. They would have some limited channels of communication or access to the mission operation centre and could leverage this access to compromise the mission operation centre as well as send commands to compromise the satellite. These attacks would mean that they gain some level of control over the C&C of the satellite and can then perform subsequent malicious actions such as removing the confidentiality, integrity or availability of data from the satellite or mission operation centre.

However, for the most part they are not the most relevant attacker group for this analysis as the use of cloud technology does not significantly affect their attack paths or controls available to them.

Physical and Supply Chain Attackers

Another type of threat actor worth mentioning, but not exploring in detail because cloud technology does not affect their ability to perform attacks, are those that perform attacks physically close to the ground station or attack the supply chain.

Attacks physically close to the ground station includes jamming of the antenna to prevent availability of the satellite communication as well as spoofing of the satellite. They can also record connections and perform replay attacks on the satellite with recorded uplink or downlink data.

Supply chain attacks target the hardware or software components used by the ground station, often by compromising them during manufacturing, development, or distribution. Attackers may insert malicious code or backdoors that are later exploited to exfiltrate data or compromise the confidentiality, integrity, or availability of the system.

Legacy Model

Model Description

The Legacy Model seen in Figure 3 is based on an approach where an existing on-premise ground station is integrated with a cloud-based scheduling system and uses a controlled interface into the ground station.

This overlay identifies the on-premise components (with a light-blue shaded background) and the cloud-hosted components (with a medium-blue shaded background). The model consists of three distinct elements: the physical ground station and the network that operates it; a scheduling manager to allocate time slots; and a connection manager to facilitate connectivity between users and the ground station

There are two main interfaces with this model: one primary interface for GSaaS users to access the ground station and scheduling manager, and a second interface in the ground station to access the scheduling manager.

Pre-cloud operations relied on ISDN, leased lines, or VPN connections for remote access, and this model mimics that approach while leveraging cloud infrastructure. These connections allowed customers to gain direct access to the ground station network.

A cloud or remotely located datacentre can host a scheduling manager which is used by the automated systems and antenna operators on which customers have access to the ground station.

The main disadvantage of this model is that providers need to have a high level of trust with their customers because the direct access means that customers are potentially able to directly communicate with IT and OT at the ground station.

Figure 3: Legacy Model Overlay

Threat & Risks

Internet-based attackers target primary system interfaces, as these are the most visible public entry points. By compromising these, they can access user satellites, antenna controllers, individual antennas, or mission management systems. These systems may then be further exploited for ransomware, data corruption, or data exfiltration from GSaaS user networks.

Malicious antenna operators, already having some legitimate access, focus on compromising satellites and GSaaS customer systems. By targeting satellite operator systems, they can attempt to exfiltrate data, alter control signals, or take control of the satellite, affecting the integrity and confidentiality of uplinked and downlinked data.

Malicious satellite operators (GSaaS customers), with some level of access to satellites, aim to compromise GSaaS provider systems and those of other customers. By targeting the GSaaS operator, they can disrupt service availability, compromise antenna controllers, and exfiltrate communications. Once the ground station and its interfaces are breached, they may launch chained attacks on other users’ satellites and systems, depending on the effectiveness of GSaaS security controls.

Malicious payload operators, with partial access to satellite systems, may further compromise mission management systems to access more data or control functions. Their goal may include data exfiltration or seizing satellite command and control. They might also target GSaaS providers to gain control over antenna cluster controllers and antennas.

Cloud Integration Implications

The impact of integrating the cloud into a legacy system such as the one modelled would increase the attack surface compared to the pre-cloud system, as the interfaces are now more widely available on the internet via commodity services. This could potentially expose the vulnerabilities within legacy OT systems.

The main threats would come from malicious or compromised satellite operators who could try to exploit vulnerabilities within the legacy infrastructure. One key way this could be mitigated would be through using network segmentation and isolation measures to mitigate the satellite operator threats if a malicious attacker gains access to the network through the VPN connection.

API-Access Model

Model Description

The API-Access model provides programmatic access to GSaaS functionalities through cloud-based APIs. It enables automated scheduling, management, and data retrieval, allowing users to interact with GSaaS through software interfaces rather than direct network access.

The overlay shown in Figure 4 identifies the on-premise components (with a light-blue shaded background) and the cloud-hosted components (with a medium-blue shaded background). The key changes compared to the Legacy Model are that the Ground Station Service provider systems are fully cloud-hosted and contain an uplink / downlink manager and an antenna control manager, in addition to the scheduling manager. It also includes new interfaces for internal cloud management, cloud network internal access and a dedicated scheduling interface website.

This model offers greater flexibility and automation but introduces considerations around API security, authentication, data validation and access control. These mitigations are necessary to ensure that the ground station and customer systems are isolated from each other.

The use of additional external interfaces compared to legacy systems result in reduced trust requirements between the GSaaS provider and the GSaaS users. These interfaces are more secure than the use of direct access methods such as VPNs and can include additional security requirements.

Figure 4: API-Access Model Overlay

Threats & Risks

Internet-based attackers, malicious antenna operators, and malicious GSaaS providers can all potentially exploit the increased attack surface introduced by the API-access model compared to legacy systems. While improved segmentation can hinder lateral movement between systems — especially those used by different organisations — attackers may still attempt man-in-the-middle attacks between interfaces. Malicious GSaaS providers, with access to interfaces connecting multiple ground stations and users, pose further risks to mission operation centres, satellites, and antenna cluster controllers, potentially compromising data integrity or exfiltrating unprotected data.

Cloud Integration Implications

The API-Access model introduces additional cloud-facing interfaces — such as scheduling, uplink/downlink, and antenna control APIs — which expand the attack surface compared to legacy systems. These endpoints can be targeted by internet-based attackers or malicious actors if not adequately secured.

However, this model also enables clear separation between GSaaS customers, provided access control is properly implemented. APIs allow for more structured and secure interactions than direct network access methods used in legacy systems, and provide the potential for data validation functions to verify the integrity and limit the complexity of data sent to physical ground station systems. These measures can result in reduced risks compared to pre-cloud systems, if implemented correctly.

Implementation of these controls is essential to realising the security benefits of this model. Additional mitigations from attacks to this model include:

• Enforcing strong authentication and authorisation on all APIs;
• Applying API security best practices (e.g. input validation);
• Ensuring customer separation through logical or physical isolation;
• Using end-to-end encryption and mutual authentication between mission control and satellites (where supported); and
• Assessing GSaaS provider controls, especially when built on third-party cloud infrastructure.

Full Cloud Model

Model Description

In the Full Cloud model, ground station functions, data processing, and even command & control (C&C) operations are fully cloud-integrated by the GSaaS provider. There are minimal systems within the physical ground station and the operator systems.

Figure 5 shows the overlay for this model and identifies the on-premise components (with a light-blue shaded background) and the cloud-hosted components (with a medium-blue shaded background). The key changes compared to the API- Access Model are that the antenna operator systems and the antenna cluster controller are now hosted in the cloud. The model includes new interfaces for a dedicated ground station uplink / downlink interface, station controller interface and an internal Antenna control interface to the GSaaS provider system.

This model currently assumes that the cloud provider and GSaaS provider are the same organisation which is not necessarily the case; a GSaaS provider can use a separate cloud provider to provide their services to satellite provider end users.

While this model offers the most scalability and efficiency, it also introduces new security considerations related to cloud dependency, tenant isolation, and regulatory compliance. The further use of cloud technologies and isolation means that there is a need to have more controls in place to protect interfaces and ensure they are secure.

Figure 5: Full Cloud Model Overlay

Threats & Risks

External attackers target the station controller interface to compromise customer satellites. They may also attack the antenna control interface to access the service provider’s cloud-operated antenna cluster controller, enabling further attacks on the antenna and other network components. As the antenna controller is now cloud-hosted and communicates with the physical components via a network, there are increased opportunities for timing and other disruptive attacks to the antenna, which could have high impacts during critical space sector activities such as launch.

Malicious antenna operators now include both those managing the antenna cluster controller and those interacting with the physical ground station. These actors may attempt to compromise mission management and scheduling systems. The increased use of cloud systems expands the attack surface, enabling more potential paths through the system and more opportunities for passive data collection or man-in-the-middle attacks via compromised interfaces.

Cloud Integration Implications

The Full Cloud model significantly increases reliance on cloud infrastructure by relocating key ground station functions — including operator systems and antenna control — into the cloud or remote environments. This expanded use of cloud technologies increases the attack surface and introduces new interfaces (e.g., station controller and antenna control interfaces) that can be targeted by external attackers.

Although cloud integration can enhance flexibility and resilience, it also requires stricter control over internal interfaces, access controls, stronger tenant isolation, and greater scrutiny of the GSaaS provider’s implementation. The placement of critical functions in the cloud elevates the importance of securing cloud-based command and control operations.

Additional controls are required to mitigate the risks introduced by cloud centralisation and to protect against lateral movement or command manipulation within the expanded system as well as isolation between users of the service. Mitigations that can increase security of this model include:

• Securing the station controller interface and antenna control interface against unauthorised access;
• Applying strong authentication and authorisation across cloud interfaces;
• Ensuring robust isolation between tenants in shared infrastructure;
• Monitoring for anomalies in command operations, especially where timing or control integrity is critical; and
• Validating cloud infrastructure and interface protections implemented by the GSaaS provider.

Mission Management Model

Model Description

In this model, parts of the ground segment have been taken over by a ground segment as a service provider that performs the satellite management and antenna control functions for the customer.

The overlay shown in Figure 6 identifies the on-premise components (with a light-blue shaded background), the cloud-hosted ground station components (with a medium-blue shaded background) and the cloud-hosted wider ground segment components (with a dark-blue shaded background). It shows a ground segment service provider that takes over control of the mission management and the customer is left with responsibility for the data processing and distribution of data from the satellite. This diagram also includes two new interfaces for the telemetry, tracking & commands interface and a provider interface

The customer still retains the original ability to manage the data processing & distribution roles as well as being responsible for the data and commands that get uplinked and decoding and forwarding telemetry from the ground segment provider.

This model can be used alongside any GSaaS models and the ground segment provider can also be the same organisation as a wider GSaaS provider which manages the GSaaS provider systems and the ground stations

Figure 6: Mission Management Model Overlay

Threats & Risks

Malicious satellite operators, no longer able to directly access mission management systems, may instead target them to compromise satellite control. These attacks would be carried out via interfaces with the ground segment provider, allowing access to the mission operation centre to send, manipulate, or misuse satellite commands.

Malicious ground segment operators, with access to satellite controls, may target GSaaS users’ data processing systems or the GSaaS provider’s antenna controller — both outside their organisation. These attacks can be carried out via interfaces their organisation manages, including telemetry, tracking and command, provider, and internal cloud network interfaces used for antenna data transmission.

Cloud Integration Implications

In this model, the introduction of a ground segment provider performing satellite management and antenna control centralises critical control functions within a cloud-integrated system. The use of cloud interfaces — specifically the Telemetry, Tracking and Commands Interface and the Provider Interface — extends the attack surface and creates new paths for compromise.

The cloud-based mission operation centre becomes a high-value target, as attackers may attempt to access or manipulate command flows through these interfaces and they may exploit vulnerabilities in the system put in place to isolate different customers. The separation of responsibilities between customer and provider requires clear delineation of control and robust protections on the interfaces managed by the ground segment provider.

Effective protection of cloud-based mission control functions is essential in this model due to the expanded interface exposure and cross-organisational dependencies. Other mitigations to improve the robustness of the implementation of this model include:

• Enforcing strong access control and authentication on the telemetry, tracking, and commands interface;
• Securing the provider-managed interfaces, especially where they cross organisational boundaries;
• Ensuring integrity of satellite command flows to prevent manipulation by compromised or malicious actors;

• Monitoring interface activity for anomalies or unauthorised access attempts; and

• Limiting access rights to prevent ground segment operators from escalating privileges or accessing unrelated systems.

Full Control Model

Model Description

In this model, the ground segment has been taken over by a ground segment as a service provider who performs the day to day operations on behalf of a satellite operator, this includes communicating with and processing data from the satellite.

The overlay shown in Figure 7 identifies the on-premise components (with a light-blue shaded background), the cloud-hosted ground station components (with a medium-blue shaded background) and the cloud-hosted wider ground segment components (with a dark-blue shaded background). This model involves a ground segment provider that manages and controls the satellite on behalf of a satellite operator. The model also includes two new interfaces for the cloud network interface and a provider interface.

The satellite operator is given access to the processed data by the ground segment provider and retains the original ownership and licenses for the satellite.

This model can be combined with other models; it can be provided alongside any of the ground station GSaaS models, and the ground segment provider can also be the same organisation as a wider GSaaS provider where they manage both the GSaaS provider systems and the ground stations.

Figure 7: Full Control Model Overlay

Threats & Risks

Internet-based attackers, due to the changed scope of responsibility in this model, are able to access interfaces used by ground segment providers. These include the provider interface, the cloud network interface, and any interfaces linking the GSaaS and the ground segment provider. If the mission management system is compromised, attackers can gain access to and control of the satellite, enabling them to perform further attacks. They may also attempt to compromise the antenna cluster controller or other critical components of the ground station, which can affect both the ground station and GSaaS user satellites.

Malicious satellite operators, the owner of the satellite and the organisation that is using a GSaaS provider to perform the day to day operation of the satellite in this model, may seek to compromise the mission management systems, antenna cluster controllers, and the satellite itself. These attacks can be carried out via the ground segment provider using authorised access to the provider interface and cloud network interface.

Malicious GSaaS providers have access to all interfaces provided by the ground station operator. This access can be used to compromise the ground station operator’s systems or the antenna cluster controller. They can also directly attack the satellite by uplinking malicious data or commands, damaging stored downlink data, and corrupting satellite data.

Cloud Integration Implications

The Full Control model expands cloud integration across both mission management and satellite operations, increasing exposure through interfaces such as the Provider Interface and Cloud Network Interface. These cloud-based control paths, managed by the ground segment provider, become critical points of vulnerability.

Given the centralisation of control functions in the cloud, securing these interfaces is essential to protect satellite assets and downstream systems. Additional mitigations that can be put in place include:

• Enforcing strict access control and authentication on cloud interfaces used for satellite control;
• Hardening cloud-managed components against misuse by authorised but potentially malicious actors;
• Monitoring and logging interface activity to detect anomalous or unauthorised actions; and
• Segmenting access between GSaaS providers, ground segment providers, and satellite operators to limit lateral movement.

5. Conclusion

Cloud integration into the space sector’s ground segment offers substantial benefits in terms of scalability, flexibility, and cost efficiency. However, these advantages come with cyber security risks that require careful management. Stakeholders emphasized that the security implications of adopting GSaaS services must be clearly understood by satellite operators and other entities involved in ground segment operations.

End-to-end encryption and strong authentication between the satellite and its operator were identified as essential security measures. However, stakeholders highlighted encryption alone is not sufficient. It must be complemented by secure implementation across each stage — from the satellite to ground systems to storage — to ensure confidentiality, integrity, and availability.

Cloud integration introduces new risks, especially when operational technology (OT) systems such as antenna control and TT&C are moved to the cloud. These systems may be exposed to timing manipulation or denial-of-service attacks. The impact of such threats depends heavily on the mission type, particularly during launch phases or for high-criticality operations.

SaaS service implementations differ in their scope and approach to cloud integration, and a number of models have been outlined in this report. The associated cyber security risks differ according to the model adopted. Stakeholders stressed the importance of tailored threat modelling and risk assessments based on the mission profile and the specific GSaaS integration model. No one-size-fits-all solution exists. Risk management approaches must consider architectural choices, authentication mechanisms, and control interfaces.

Some stakeholders considered supply chain risks among the most significant in GSaaS deployments. The complexity of cloud infrastructure and limited transparency into third-party security controls make it difficult to verify alignment with mission-specific security requirements. The industry needs stronger vendor risk management practices and frameworks.

Cloud technology can also enhance cyber resilience for satellite operations by providing access to more ground stations across wider areas. This approach requires the use of strong authentication and encryption between the satellite operator and the satellite to reduce the potential for confidentiality and integrity attacks at the ground station.

Stakeholders emphasized the importance of increasing the overall cyber security maturity of the sector, especially in Europe. There is a recognized disparity in maturity between U.S.-based and European organisations. Basic cyber hygiene and awareness are still lacking in parts of the sector, particularly among newer or smaller players.

To support improved security outcomes, stakeholders called for more training, awareness-raising, and guidance-based initiatives. Regulatory interventions should avoid stifling innovation and focus on enabling SMEs through voluntary certification schemes, frameworks, and public support — such as the UK Space Agency’s upcoming certification model.

Finally, stakeholders urged international collaboration to avoid duplicating effort and to build on existing frameworks already developed by agencies such as ESA and the U.S. government. Greater harmonization and threat intelligence sharing are needed to improve cyber security and ensure the long-term resilience of cloud-based space ground infrastructure.

Collaboration among industry, government and academia is essential to advancing GSaaS security, sharing threat intelligence and strengthening resilience against emerging threats.

Appendix A: glossary

The table below contains a glossary of terms found in this document.

Acronym	Definition
API	Application Programming Interface
APT	Advanced Persistent Threat
AWS	Amazon Web Services
C&C	Command and Control
CAA	Civil Aviation Authority
CNI	Critical National Infrastructure
CNS	Communication, Navigation, and Surveillance
CPS	Cyber Physical System
CSP	Cloud Service Provider
DSIT	Department for Science, Innovation, and Technology
ESA	European Space Agency
EU	European Union
GNSS	Global Navigation Satellite System
GS	Ground Station
GSaaS	Ground Station as a Service or Ground Segment as a Service
HMG	His Majesty’s Government
ISBN	International Standard Book Number
ISDN	Integrated Services Digital Network
IT	Information Technology
ITAR	International Traffic in Arms Regulations
ITU	International Telecommunications Union
KSAT	Kongsberg Satellite Services
MOC	Mission Operation Centre
MOD	Ministry of Defence
NASA	National Aeronautics and Space Administration
NCSC	National Cyber Security Centre
NIST	National Institute of Standards and Technology
OSA	Outer Space Act
OT	Operational Technology
RF	Radio Frequency
SIA	Space Industry Act
SSC	Swedish Space Corporation
TT&C	Telemetry, Tracking, and Command
UK	United Kingdom
UKSA	UK Space Agency
UKSC	UK Space Command
URL	Unified Resource Locator
US	United States
VPN	Virtual Private Network
VSAT	Very Small Aperture Terminal

Appendix B: topic guide for interviews

Interview Questions Asked

This topic guide is designed to be used to plan interviews with a group of stakeholders, including GSaaS Providers, Satellite Operators, Government Organisations, and academics.

All groups will be asked questions from Sections 1, 2 and 10.

Group-Specific Questions: Focused questions tailored to each stakeholder group (3 to 9).

About Your Business/Expertise for All Groups

1. What is your history of experience with space domain technologies?
2. What has been you or your organisation’s involvement with ground stations? (e.g. on-premises, GSaaS or using a third party)
3. How familiar are you or your organisation with the GSaaS model?
4. How do you see the cloud being used in the space domain going forward? What opportunities for risk reduction may appear through the use of cloud technology?

Experience with GSaaS for All Groups

1. How would you assess the current state of cybersecurity maturity in the sector? Is it improving or declining?
2. From your perspective, what are the most significant threats to ground stations in general and GSaaS in particular and how they differ?
3. In your expert opinion, what are the identified risks and threats of using cloud technology in the ground segment of space system?
4. Based on your expertise, how significant are the potential impacts of the identified risks?
5. Do you think the industry have the capabilities needed to address the risks? Are there any other barriers?
6. Do you think that HMG could have a role in addressing a capabilities gap?

Sector Questions for GSaaS Providers

1. What kinds of services are you offering and who are the intended customers for these services? (Researchers, sharing access or satellite operators)
2. Are there specific laws and regulations that satellite system data must comply with, beyond those applicable to traditional data centres?
3. Are there restrictions on service users (who they are, and what they use the service for)? Government bodies of foreign countries? Military?
4. How do you approach supply chain auditing for ground station hardware compared to data centre hardware?

GSaaS Questions for GSaaS Providers

1. Could you run us through your basic ground station architecture?
2. What is your general business and information model? (who are the actors, what are the roles performed, what are the use cases, who holds which responsibilities)
3. What is the scope of services provided by your GSaaS solutions? (E.g. Ground station as a service, Control Centre as a service)
4. To what extent have cloud security vulnerabilities in the space ground segment been exploited, and how has your organisation responded to such incidents, if applicable?
5. Are you considering expanding GSaaS capabilities? (such as access through constellation/relays as a service in addition to Ground Stations)
6. What terms and conditions govern the use of the service, and how does your organisation enforce them to prevent misuse by customers?
7. Additionally, are there differences in security measures between services that allow data download versus those that enable satellite or payload control?
8. How do you onboard partner ground stations and ensure their security standards?
9. Who is responsible for incidents of partner ground stations?
10. Are there customers other than satellite operators that use GSaaS services?
11. What are the differences for you between securing a ground station and data centre? Is it secured against jamming?
12. How is data collected, transmitted, stored, and verified across GSaaS systems?
13. What kind of screening should staff at Ground Stations have? And what kind of screening do you have? Is there security clearance/vetting?
14. How are hardware connections into the ground station secured to prevent unauthorized access or tampering?

Cloud Integration Questions for GSaaS Providers

1. What segmentation, isolation and other controls are being used to protect users of GSaaS?
2. What metadata from uplink/downlink is accessible to you? Who can access it?
3. Are there any specific communications protocols that you utilise or don’t utilise and how secure are they? E.g. Space Link Extension protocol
4. Do you provide services such as monitoring of links and usage, customer alerting, detection of malicious interference, security of OT systems (including patching, etc)?
5. What limitations are in place to limit supplier admin access to customer environment?
6. What protections does the user have against the supplier (legal or technical) taking down the service during a critical mission (which may be 10+ years long)
7. What data sovereignty concerns related to cloud integration do you have?
8. How does the GSaaS integrate with other cloud offerings? (such as IaaS or PaaS systems for data analysis)
9. How is a GSaaS migration handled?

Cyber Security Questions for GSaaS Providers and Satellite Operators

1. How are data confidentiality, integrity and availability assured?
2. Which systems are organisations responsible for recovery when an incident occur?
3. What governance structures or standards, or cybersecurity frameworks does your organisation follow to manage risks and ensure compliance?
4. What are the risk management systems put into place?
5. What physical protections are put in place for your ground stations?
6. What kinds of cybersecurity requirements would you have for ground stations partnered to GSaaS systems?
7. Is data that is sent between the cloud environment and satellites end-to-end encrypted? and with whose keys?
8. Are there any non-UK laws and regulations that you need to follow to be able to operate?

GSaaS Questions for Satellite Operators

1. What are the perceived risks and benefits, including risk reduction, of moving towards GSaaS? (Risks include data security and vendor lock-in. Potential benefits include risk reduction through improved patch management)
2. Are information and commands between the satellite and your systems end-to-end encrypted?
3. Would moving to GSaaS mean that significant changes to the security of satellites would be needed?
4. What standards would be of note for GSaaS providers to have? (such as the availability and real time or emergency access to ground stations)
5. Do you have any data sovereignty requirements for Ground Stations or data centres that handle satellite data?

Cyber Security Questions for Government Groups

1. What kinds of CNI operate with a high reliance on satellites and do they operate these satellites?
2. Are there strategic/government level risks/benefits to the use of GSaaS?
3. What kinds of requirements should be placed on ground stations to be able to operate as part of GSaaS? (standards, best practice guides, for e.g. Cyber Essential etc)
4. What kinds of requirements should GSaaS providers be required to follow when integrating ground stations to their cloud infrastructure? (standards, best practice guides etc)
5. What regulatory frameworks influence your interaction with GSaaS providers and satellite operators?
6. Do you have any data sovereignty concerns related to cloud integration and GSaaS?
7. How do you perceive the cybersecurity maturity of GSaaS providers in comparison to traditional systems?
8. What role does government oversight play in managing the cybersecurity risks of satellite-ground systems?
9. Are there specific capabilities or requirements you expect from GSaaS providers to support national security activities or public services?

Questions for Academics and Other Stakeholders

1. Could you describe your role or expertise with GSaaS, satellite systems, or cybersecurity?
2. In your opinion, what are the major cybersecurity challenges in the GSaaS ecosystem?
3. Are there any specific areas of research, innovation, or best practices you would recommend for improving GSaaS security?
4. What unique opportunities or risks do you think GSaaS introduces compared to traditional ground station operating models?
5. What governance structures or standards, or cybersecurity frameworks should GSaaS providers and users follow to manage risks and ensure compliance?
6. What segmentation, isolation and other controls can be implemented to protect users of GSaaS?
7. To what extent have cloud security vulnerabilities in the space ground segment been exploited or could potentially be exploited? If applicable, how were such incidents addressed?

Closing Questions for All Groups

1. Has your organisation experienced or observed specific types of cyber-attacks targeting ground stations or GSaaS systems?
2. Are these attacks different from those seen in traditional cloud environments? If so, how?
3. What measures have you implemented to mitigate these specific threats?
4. How do you assess the risk of advanced persistent threats (APTs) or nation-state actors in the GSaaS ecosystem?
5. What are your, or your organisation’s, top priorities for improving cybersecurity in satellite-ground systems?
6. Are there areas where collaboration within the sector could improve security outcomes?
7. Do you have any additional comments or recommendations for the sector as it evolves?
8. Do GSaaS providers and satellite operators co-operate in incidents?
9. Who is currently responsible for reviewing supply chains for ground station equipment?
10. What availability requirements are typically outlined in your Service Level Agreements? Are there cases where private Ground Stations are more reliable?
11. Is there anything else you think is worth mentioning that we haven’t already covered in this interview?

Appendix C: organisations contacted

DSIT and Actica Consulting would like to thank the following organisations who participated in this study.

1. Amazon Web Services (AWS)^{[footnote 8]};
2. Google^{[footnote 8]};
3. Goonhilly^{[footnote 8]};
4. KSAT^{[footnote 8]};
5. Leanspace;
6. Oxdynamics;
7. Raytheon^{[footnote 8]};
8. Satellite Applications Catapult^{[footnote 8]};
9. SaxaVord^{[footnote 8]};
10. Sopra Steria Space^{[footnote 8][footnote 9]};
11. Spire;
12. Starion^{[footnote 8]};
13. Swedish Space Corporation (SSC)^{[footnote 8]};
14. ViaSat;
15. University of Bristol^{[footnote 8]};
16. Chilbolton;
17. Cornell University;
18. Lancaster University;
19. Durham University^{[footnote 8]};
20. Surrey Space Centre (SSC) Ground Station;
21. Civil Aviation Authority^{[footnote 8]} (CAA);
22. European Space Agency^{[footnote 8]} (ESA);
23. Ministry of Defence UK^{[footnote 8]} (MOD);
24. National Cyber Security Centre^{[footnote 8]} (NCSC);
25. UK Space Agency^{[footnote 8]} (UKSA); and
26. UK Space Command^{[footnote 8]} (UKSC).

All of the organisations listed above were interviewed as part of this study, except where a footnote indicates that input was provided via a written survey. Footnotes also indicate whether the organisation attended the stakeholder workshop.

In addition to the above the University of Warwick and DSIT attended the workshop.

Appendix D: reference bibliography

Highly relevant

The following list is highly relevant to the Cybersecurity relating to the use of Cloud Technology in the Ground Segment of Space systems.

Amazon Web Services. (n.d.). AWS Ground Station Documentation. Retrieved January 14, 2025

Bichler, S. F. (2015). Mitigating cyber security risk in satellite ground systems. Air Command and Staff College, Maxwell Air Force Base.

Boschetti, N., Smethurst, C., Epiphaniou, G., Maple, C., Sigholm, J., & Falco, G. (2023). Ground station as a service reference architectures and cyber security attack tree analysis. 2023 IEEE Aerospace Conference, 1–12.

Consultative Committee for Space Data Systems (CCSDS). (2022). Security Threats Against Space Missions. Report Concerning Space Data System Standards.

Falco, G. (2019). Cybersecurity principles for space systems. Journal of Aerospace Information Systems, 16(2), 61–70.

Hamill-Stewart, J., & Rashid, A. (2024). Threats against satellite ground infrastructure: A retrospective analysis of sophisticated attacks. Network and Distributed System Security (NDSS) Symposium.

Lightman, S., Suloway, T., & Brule, J. (2022). Satellite Ground Segment. National Institute of Standards and Technology Interagency Report, NIST IR 8401.

Manulis, M., Bridges, C. P., Harrison, R., Sekar, V., & Davis, A. (2020). Cyber security in New Space: Analysis of threats, key enabling technologies, and challenges. International Journal of Information Security, 20(3), 287–311.

Meyrick, E., Pickard, A., Rahloff, T., Bonnart, S., Carlo, A., & Thangavel, K. (2021). Ground station as a service: A space cybersecurity analysis.

MITRE. (n.d.). ATT&CK for Cloud. Retrieved January 14, 2025

National Air and Space Intelligence Center (NASIC). (2018). Competing in Space.

Pavur, J., & Martinovic, I. (2020). SOK: Building a launchpad for impactful satellite cyber-security research.

Poirier, C. (2024). What does selling your ground stations mean for cybersecurity? Examining the cybersecurity stakes involved with selling satellite ground stations.

Poirier, C. (2024). Hacking the Cosmos: Cyber operations against the space sector: A case study from the war in Ukraine. CSS Cyberdefense Reports.

NASA. Chapter 11 Ground Data Systems and Mission Operations. State-of-the-Art of Small Spacecraft Technology.

Aerospace Corporation. (n.d.). SPARTA: Space Attack Research and Tactic Analysis. Retrieved January 14, 2025

Cybersecurity and Infrastructure Security Agency (CISA). (2024). Recommendations to space system operators for improving cybersecurity.

Northern Sky Research (NSR). (2021). Satellite Ground Segment: Moving to the Cloud.

Kongsberg Satellite Services (KSAT). (2024, August 16). KSAT to Provide Satellite Command and Control for ESA’s Arctic Weather Satellite.

Cloud Security Alliance. (2024). Top Threats to Cloud Computing 2024.

Morrow, T. (2018, March 5). 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud. Retrieved February 13, 2025.

Supplementary

Atmaca, U. I., Le, A. T., Epiphaniou, G., Falco, G., Boschetti, N., & Maple, C. (2024). Emerging threats of AI-integration in space user segment: A reference architecture and attack tree analysis. In 2024 IEEE 10th International Conference on Space Mission Challenges for Information Technology (SMC-IT) (pp. 31–41). IEEE.

Bailey, B. (2022). Protecting space systems from cyber attack. Aerospace TechBlog.

Bradbury, M. S., Maple, C., Yuan, H., Atmaca, U. I., & Cannizzaro, S. (2020). Identifying attack surfaces in the evolving space industry using reference architectures. In IEEE Aerospace Conference 2020 (AeroConf 2020), Montana, USA (pp. 1–12). IEEE.

Baylon, C. (2014). Challenges at the intersection of cyber security and space security: Country and international institution perspectives. Chatham House, The Royal Institute of International Affairs.

Batizi-Pócsi, B. (2021). Cyber security in the space domain: Can traditional cyber methods be applied in the ground segment of space projects? Master’s thesis, School of Technology Master’s Degree Programme in Information Technology.

BDLI. (2024). Whitepaper: Security for space systems. German Aerospace Industries Association.

Boschetti, N., Sigholm, J., Wallen, M., & Falco, G. (2023). A hybrid space architecture for robust and resilient satellite services. In IEEE 9th International Conference on Space Mission Challenges for Information Technology (SMC-IT) (pp. 114–122). IEEE.

Boschetti, N., Gordon, N., Sigholm, J., & Falco, G. (2022). Commercial space risk framework: Assessing the satellite ground station security landscape for NATO in the Arctic and High North. MILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM) (pp. 679–686). IEEE.

N. Boschetti, N. G. Gordon and G. Falco, (2022). Space cybersecurity Lessons Learned from The Viasat Cyberattack. Proceedings of the American Institute of Aeronautics and Astronautics. ASCEND 2022, pp. 4380, 2022.

Calabrese, M. (2023). Space oddity: Space cybersecurity lessons from a simulated OPS-SAT attack. Master’s thesis, NTNU.

Carey, D. (2023). The state of the ground segment and ground software as a service™: An overview of the ground segment landscape and what differentiates ATLAS Space Operations. ATLAS Space Operations.

Carlo, A., & Obergfaell, K. (2024). Cyber attacks on critical infrastructures and satellite communications. International Journal of Critical Infrastructure Protection, 46, 100701.

Casaril, F., & Galletta, L. (2024). Securing SatCom user segment: A study on cybersecurity challenges in view of IRIS2. Computers & Security, 140, 103799.

Chester, E., Boardman, T., Baker, A., & Cosby, M. (2018). SNUGS: An open source and versatile ground segment API initiative. SpaceOps Conferences 2018, Marseille, France.

Darnis, J.-P. (2021). Space as a key element of Europe’s digital sovereignty. IFRI, Institut Français des Relations Internationales.

Driouch, O., Bah, S., & Guennoun, Z. (2022). A holistic approach to build a defensible cybersecurity architecture for new space missions. New Space, 11(4), 203–218.

Ear, E., Remy, J. L. C., Feffer, A., & Xu, S. (2023). Characterizing cyber attacks against space systems with missing data: Framework and case study. In 2023 IEEE Conference on Communications and Network Security (CNS) (pp. 1–9). Orlando, FL, USA: IEEE.

Ear, E., Bailey, B., & Xu, S. (2024). Towards principled risk scores for space cyber risk management. arXiv.

Falco, G., & Boschetti, N. (2021). A security risk taxonomy for commercial space missions. In ASCEND 2021 (Vol. 4241).

Falco, G. (2018). The vacuum of space cyber security. In 2018 AIAA SPACE and Astronautics Forum and Exposition. American Institute of Aeronautics and Astronautics.

Falco, G. (2020). When satellites attack: Satellite-to-satellite cyber attack, defense and resilience. AIAA 2020-4014. ASCEND 2020.

Fredheim, J. S. (2024). Attack path analysis of satellites connected to critical infrastructure. Master’s thesis in Cyber Security and Data Communication. NTNU Norwegian University of Science and Technology.

Garino, M. B., & Gibson, M. J. (2009). 273 Chapter 21 Space system threats.

Gkotsis, I., Perlepes, L., Aggelis, A., Valouma, K., Kostaridis, A., Georgiou, E., Lalazisis, N., & Mantzana, V. (2023). Solutions for protecting the space ground segments: From risk assessment to emergency response. In ESORICS 2022 International Workshops. Springer.

Hack-A-Sat. (n.d.). Hack-A-Sat Documentation. Retrieved January 14, 2025.

Hughes, K., di Pasquale, P., Babuscia, A., & Fesq, L. (2021). On-demand command and control of ASTERIA with cloud-based ground station services. In 2021 IEEE Aerospace Conference (50100) (pp. 1–15). Big Sky, MT, USA: IEEE.

Thangavel, K., Sabatini, R., Gardi, A., Ranasinghe, K., Hilton, S., Servidia, P., & Spiller, D. (2024). Artificial intelligence for trusted autonomous satellite operations. Progress in Aerospace Sciences, 144, 100960.

Kavallieratos, G., & Katsikas, S. (2023). An exploratory analysis of the last frontier: A systematic literature review of cybersecurity in space. International Journal of Critical Infrastructure Protection, 43, Article 100640.

Law, Y. W., & Slay, J. (2022). SIEM4GS: Security information and event management for a virtual ground station testbed. Proceedings of the 21st European Conference on Cyber Warfare and Security.

Michels, J. D., & Walden, I. (2021). Cybersecurity, cloud, and critical infrastructure. In C. Millard (Ed.), Cloud Computing Law (2nd ed.). Oxford University Press.

Misturado, L. (2024). Space Force launches cloud-based satellite operations program. Space Systems Cybersecurity.

Nejad, B. (2023). Cyber Security. In Introduction to Satellite Ground Segment Systems Engineering (Vol. 41). Space Technology Library, Springer, Cham.

NSA-CSA. (2024). Protecting VSAT Communications.

Olchawa, A., & Starcik, M. (2024). Ground control to major threat: Hacking the space link extension protocol.

Oltrogge, D. L., & Christensen, I. A. (2020). Space governance in the new space era. Journal of Space Safety Engineering, 7(3), 432–438.

Pavur, I. (2021). Securing New Space: On Satellite Cyber-Security (PhD thesis). University of Oxford.

Pavur, J., & Martinovic, I. (2021). On detecting deception in space situational awareness. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIA CCS ‘21) (pp. 280–291). Association for Computing Machinery.

Peled, R., Aizikovich, E., Habler, E., Elovici, Y., & Shabtai, A. (2023). SoK: Evaluating the security of satellite systems.

Pieplu, R. (2018). Ground control segment automated deployment and configuration with ANSIBLE and GIT. SpaceOps Conferences 2018, Marseille, France.

Poole, C., Reith, M., & Bettinger, R. (2021). Evolving satellite control challenges: The arrival of mega-constellations and potential complications for operational cybersecurity. In European Conference on Cyber Warfare and Security (pp. 597–XIV). Academic Conferences International Limited.

Poole, C., Bettinger, R., & Reith, M. (2021). Shifting satellite control paradigms: Operational cybersecurity in the age of mega constellations. Air and Space Power Journal – Technology, 35(3).

Safarik, P., & Schuenemann, S. (2016). Ground segment as a service. In 14th International Conference on Space Operations (p. 2404).

Salim, S., Moustafa, N., & Reisslein, M. (2024). Cybersecurity of satellite communications systems: A comprehensive survey of the space, ground, and links segments. IEEE Communications Surveys & Tutorials.

Santamarta, R. (2014). A wake-up call for SATCOM security. IOActive Technical Report.

Santamarta, R. (2018). Last call for SATCOM security. Lecture and white paper presented at BlackHat USA.

Santoro, F., Del Bianco, A., Viola, N., Fusaro, R., Albino, V., Binetti, M., & Marzioli, P. (2018). Spaceport and ground segment assessment for enabling operations of suborbital transportation systems in the Italian territory. Acta Astronautica, 152, 396–407.

Shahzad, S., Joiner, K., Qiao, L., Deane, F., & Plested, J. (2024). Cyber resilience limitations in space systems design process: Insights from space designers. Systems, 12(434).

Space Force plans to mature hybrid, multi-cloud architecture for satellite ground systems. (2023).

Siram, L. N. S. (2012). ISO27001 for ground segment security.

Tedeschi, P., Sciancalepore, S., & Di Pietro, R. (2022). Satellite-based communications security: A survey of threats, solutions, and research challenges. Computer Networks, 216, 109246.

Tepe, A., & Yilmaz, G. (2013). A survey on cloud computing technology and its application to satellite ground systems. In 2013 6th International Conference on Recent Advances in Space Technologies (RAST) (pp. 477–481). Istanbul, Turkey: IEEE.

Thangavel, K., Gardi, A., & Sabatini, R. (2023). Cybersecurity challenges of multi-domain traffic management and aerospace cyber-physical systems. In 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC/PiCom/CBDCom/CyberSciTech). IEEE.

Thangavel, K., Plotnek, J., Gardi, A., & Sabatini, R. (2022). Understanding and investigating adversary threats and countermeasures in the context of space cybersecurity. In 2022 IEEE/AIAA 41st Digital Avionics Systems Conference (DASC) (pp. 1–10).

Unal, B. (2019). Cybersecurity of NATO’s space-based strategic assets. Chatham House, The Royal Institute of International Affairs.

Valouma, K., Kostaridis, A., Georgiou, E., Lalazisis, N., & Mantzana, V. (2023). Solutions for protecting the space ground segments: From risk assessment to emergency. In ESORICS 2022 International Workshops (pp. 291). Springer Nature.

Varadharajan, V., & Suri, N. (2024). Security challenges when space merges with cyberspace. Space Policy, 67, 101600.

Appendix E: Data Flow Diagram

Figure 8: Data Flow Diagram

---

1. Lightman, S., Suloway, T., & Brule, J. (2022). Satellite Ground Segment. National Institute of Standards and Technology Interagency Report, NIST IR 8401. ↩

2. NASA. Chapter 11 Ground Data Systems and Mission Operations. State-of-the-Art of Small Spacecraft Technology. ↩

3. Boschetti, N., Sigholm, J., Wallén, M., & Falco, G. (2023, July). A hybrid space architecture for robust and resilient satellite services. In 2023 IEEE 9th International Conference on Space Mission Challenges for Information Technology (SMC-IT) (pp. 114-122). IEEE. ↩ ↩²

4. Meyrick, E., Pickard, A., Rahloff, T., Bonnart, S., Carlo, A., & Thangavel, K. (2021, October). Ground station as a service: A space cybersecurity analysis. In 72nd International Astronautical Congress–Dubai, United Arab Emirates (pp. 25-29). ↩ ↩² ↩³

5. Thangavel, K., Plotnek, J. J., Gardi, A., & Sabatini, R. (2022, September). Understanding and investigating adversary threats and countermeasures in the context of space cybersecurity. In 2022 IEEE/AIAA 41st Digital Avionics Systems Conference (DASC) (pp. 1-10). IEEE. ↩ ↩²

6. Hughes, K., di Pasquale, P., Babuscia, A., & Fesq, L. (2021, March). On-demand command and control of asteria with cloud-based ground station services. In 2021 IEEE Aerospace Conference (50100) (pp. 1-15). IEEE. ↩

7. Consultative Committee for Space Data Systems (CCSDS). (2022). Security Threats Against Space Missions. Report Concerning Space Data System Standards. ↩

8. Attended workshop. ↩ ↩² ↩³ ↩⁴ ↩⁵ ↩⁶ ↩⁷ ↩⁸ ↩⁹ ↩¹⁰ ↩¹¹ ↩¹² ↩¹³ ↩¹⁴ ↩¹⁵ ↩¹⁶ ↩¹⁷ ↩¹⁸

9. A survey was filled instead of an interview. ↩