The rapid growth of mega-constellations in low Earth orbit has transformed the security landscape in ways that neither existing legal frameworks nor current procurement doctrine have fully anticipated. This note examines three categories of cyber-physical vulnerability affecting dual-use satellite constellations, draws on the Starlink deployment in Ukraine as the defining empirical case, and sets out a framework for mitigation and governance reform.
From Commercial Infrastructure To Strategic Asset
The New Space era has produced a category of infrastructure that defies conventional classification. Mega-constellations, the large satellite networks operated by SpaceX, OneWeb, Amazon and Chinese state-backed equivalents including Guowang and Qianfan, are commercially owned, globally operated, and increasingly indispensable to military operations.
As of mid-2025, Starlink operated over 7,000 satellites, with OneWeb completing its initial 648-satellite deployment and Amazon having placed its first operational batches into orbit ahead of a planned 3,200-satellite constellation. Combined active and planned deployments across all operators are projected to exceed 20,000 satellites by the end of the decade.
This density creates a fundamentally different orbital environment. Each newly launched satellite intensifies collision risk, expands the potential debris field, and widens the attack surface available to state and non-state adversaries.
Network Cascade Risk
Compromised satellites can propagate malicious signals across mesh networks and intensify debris risk in crowded orbital shells.
Supply Chain Compromise
Distributed hardware, firmware and software pipelines create ingress points for dormant compromise before geopolitical triggers.
Command And Control
Authentication, key management and intermittent connectivity become systemic weaknesses at constellation scale.
Cascade Risks And The Kessler Threshold
The Kessler Syndrome, the theoretical threshold beyond which orbital debris density triggers self-sustaining fragmentation cascades, has moved from theoretical concern to modelled risk. Research published in 2024 suggests that parts of low Earth orbit may already be approaching conditions where limited cleanup efforts would prove insufficient to prevent eventual escalation.
ESA's Space Environment Report confirms that fragmentation events and new launches are already adding debris faster than atmospheric drag can remove it. Under current deployment trends, ESA-MASTER modelling projects a sixfold increase in potential collision scenarios by 2050.
The cyber-physical dimension compounds this risk. Modern collision avoidance systems rely on automated command and control networks that are themselves potential attack vectors. A sophisticated adversary could theoretically compromise those systems to induce orbital manoeuvres that increase, rather than decrease, collision probabilities.
Cyber Attack Vectors
Mega-constellations rely on software-defined radios, IP-based protocols, and globally distributed ground station networks. Those choices deliver flexibility and scale, but they expand the cyber attack surface considerably.
The 2022 Viasat KA-SAT attack provides the clearest documented case of this pattern. Attackers exploited a VPN misconfiguration to access the trusted management network, moved laterally, and executed legitimate management commands to render thousands of modems inoperable. The attack vector was the management layer, not the space segment.
- Command injection and telemetry spoofing can target automated collision avoidance systems.
- Advanced persistent threats against ground control infrastructure remain difficult to attribute with confidence.
- Harvest-now, decrypt-later risk makes satellite command traffic captured today a future strategic liability.
Supply Chain Exposure
Mega-constellation supply chains span multiple jurisdictions, with antennas, propulsion units, onboard computers and flight software sourced from extensive networks of specialised subcontractors. This model creates compromise points across the hardware and software development lifecycle.
The risk intensifies for dual-use systems, which attract state-backed groups with the resources to infiltrate commercial supply chains over extended periods. Vulnerable elements include development environments, code repositories, CI/CD pipelines, signing mechanisms, firmware update channels, ground station infrastructure and third-party cloud services processing telemetry and mission data.
Starlink In Ukraine
The deployment of Starlink in Ukraine from February 2022 onward is the defining empirical case for the militarisation of commercial mega-constellations. It illustrates not merely the utility of satellite broadband in conflict, but how quickly a commercial network can become irreplaceable military infrastructure.
Within weeks of activation, Starlink was integrated into Ukrainian command and control, drone operations requiring real-time data relay, and encrypted battlefield communications where terrestrial networks had been degraded or destroyed.
The Ukraine case establishes a precedent: commercial satellite operators have, in practice, become decision-makers in active conflict, with control over infrastructure that national defence strategies now depend upon, and no clear legal framework governing how that control should be exercised.
Mitigation Framework
Architecture-Level Resilience
Distributed control architectures reduce the risk of catastrophic failure from targeted attack. Inter-satellite laser links and mesh topologies can enable dynamic rerouting when ground station communications are compromised.
Zero-Trust Security Models
Zero-trust architecture, in which no user, device or system component is treated as inherently trustworthy, is increasingly the framework of choice for large-scale constellation security.
Quantum-Resistant Cryptography
NIST's post-quantum transition timeline makes quantum-resistant command and control a near-term operational concern rather than a distant planning issue.
Autonomous Threat Response
AI-based anomaly detection can identify unusual manoeuvres, suspicious traffic and unexpected power consumption across thousands of satellites, but response thresholds must be calibrated carefully.
Policy And Governance
The 1967 Outer Space Treaty remains foundational to space governance but was not designed for an era of thousands of commercial satellites operating as de facto military infrastructure. It contains no provisions addressing conventional anti-satellite systems, private-sector liability for dual-use assets, or binding debris mitigation requirements.
- Dual-use governance protocols for service continuity, geofencing restrictions and liability during conflict.
- Standardised cybersecurity certification covering supply chain verification, authentication, encryption and incident reporting.
- Confidence-building measures including shared space situational awareness data and conjunction notification protocols.
Strategic Outlook
Mega-constellations are already embedded in the security architecture of major powers. That is not a trend that will reverse. The question is whether the legal, technical and governance frameworks required to manage the risks they create can develop at anything approaching the pace of deployment.
A single significant incident, whether a cyber-induced cascade, a supply chain compromise that surfaces during a crisis, or a geofencing decision that determines the outcome of a military operation, would transform the current debate into an urgent response.