New AI advances in space SATCOM promise revolutionary capabilities, but rapidly expanding threats demand urgent security adaptations.
By Kris Osborn, Warrior Maven
As AI-enabled processing, large-scale cloud-migration and the rapid proliferation of Low Earth Orbit (LEO) and Medium Earth Orbit (MEO) constellations usher in a new era of satellite communications (SATCOM) capabilities, they also introduce a host of emerging risks that the industry must confront with equal speed. These transformative technologies promise unprecedented reach, resilience and performance for military operators, yet they are arriving in a threat landscape evolving just as quickly. As a result, the race to modernize “at pace” is increasingly defined by a parallel need to secure these next-generation systems against a widening and more complex attack surface.
There are two critical, yet contrasting dimensions to this – as the new technological capabilities cannot flourish and come fully to fruition without additional security adaptations, common standards for interoperability and upgraded hardware and software applications. Essentially, the merits of breakthrough tech are matched if not exceeded by exponential increases in vulnerability. The equipment and technological systems need to “keep pace” or simply stay “in front” of growing vulnerabilities.
Therefore, the explosion of AI, cloud and MEO and LEO satellites can perhaps best be understood in terms of a clear paradox; the operational benefits are paradigm-changing and seemingly limitless, yet there is a commensurate and extremely substantial increase in “risk” as the “attack surface” widens. As SATCOM networks become increasingly more “cyber-reliant,” they simultaneously become much more vulnerable. This dual-pronged sword can be leveraged as an enormous, superiority-generating “advantage,” provided the substantial new risks are mitigated or “offset” by technological and tactical adjustments.
This paradox is well articulated by research published for the U.S. Department of Energy by the Idaho National Laboratory in a July 2023 academic essay called “Vulnerabilities in Satellite Communications Underscore Threat to Critical Infrastructure.” The essay explains how technical advances in the realm of SATCOM “inadvertently” increase the attack surface.
“Critical infrastructure sectors leveraging SATCOM are likely inadvertently increasing the attack surface caused by inherent vulnerabilities in equipment and communications pathways. A lack of ownership regarding security in SATCOM ecosystems creates pervasive information security risk, and the obfuscation of patching responsibility means the mitigation of publicly and privately disclosed vulnerabilities is difficult to track. With these factors in consideration, analysts assess the number of attacks against SATCOM is likely to increase in the next decade as threat actors exploit these vulnerabilities,” (Prepared for the U.S. Department of Energy Under DOE Idaho Operations Office).
Progressive Change - Cybersecurity not an “Afterthought”
The pace of change has been astronomical, as the need for pervasive cybersecurity enhancements has exploded into the SATCOM industry in recent years. Defense and industry leaders reflect upon how, merely a few decades ago, “cybersecurity” in the realm of SATCOM seemed like an afterthought, according to longtime SATCOM cybersecurity expert Jason McCollum, Vice President of Cybersecurity at Comtech. As a decades-long innovator in both commercial and military SATCOM, Comtech has operated with a front row seat to this high-speed, fast-evolving cybersecurity equation. For decades, Comtech has provided SATCOM hardware and software to U.S. and Allies government entities with a mind to increasing security while leveraging performance enhancing technological breakthroughs.
“The SATCOM industry has just changed so much when it comes to cybersecurity. It's no longer an afterthought. Historically, the main focus of SATCOM has been how do I receive this very tiny signal that's just barely above the noise and pull information out of it? And how do I keep my systems running 24/7 for reliable communications with no downtime? The cybersecurity aspect of SATCOM was rarely considered when designing modems and related products years ago. That's the big shift. Historically you needed an RF engineer and a digital signal processing professional who knew very little about network cybersecurity. Now, you need network cybersecurity professionals because these systems are all interconnected, they're part of a wider network and today they're using standard protocols that are no longer proprietary,” McCollum said.
Through the years, McCollum has been an innovator and thought leader in the midst of this transition, observing how previous areas of challenge and focus have lessened and decreased as newer dynamics are thrust into the spotlight. There is a profound and time-driven juxtaposition, McCollum explains, between SATCOM innovation and production thinking just a few decades ago.
“Historically the industry prioritized bandwidth savings over adding more overhead caused by cryptographic information, authentication or anti replay attack information. Today bandwidth's a lot cheaper. You're getting satellites that are much higher throughput so you can start to relax your bandwidth savings and add more overhead to support the zero trust cybersecurity principles,” McCollum said. “In the past, there was a common thought that you could protect the system around the ground station with the idea that an intruder would have to breach this outer wall before getting to the ground station equipment……so you didn't really need to build security into the equipment itself. That's a big change in how people think about cybersecurity these days. There's been a shift to zero trust and defense in depth, because you can't rely only on a secure outer perimeter anymore.
McCollum’s thinking and observations have informed Comtech innovation and production strategies for decades, and they parallel or align with Pentagon areas of focus in recent years. For instance, just more than 10 years ago, the Navy launched a focused effort called Task Force Cyber Awakening, a special initiative intended to cyber “harden” data and networking technologies increasingly fundamental to weapons systems functionality. The task force was created with a deliberate intent to address the growing paradox, meaning the fast growing extent to which increasingly cyber-reliant weapons systems require modifications and new approaches to cybersecurity. The merits of migrating to cyber-enabled systems are seemingly without limit, as they include exponentially faster data collection, data processing and information sharing. Latency is massively reduced and otherwise insurmountable geographical or data connectivity challenges are resolved.. These enhanced decision-making capabilities, especially in modern conflict zones, are driven and sustained by SATCOM systems to a large degree.
Bake In Cyber Resilience - Red Teaming
Have breakthroughs in capability been matched by commensurate enhancements in security? This dynamic, or “duality,” one might say, has now taken center stage for decades with the defense services. One high-priority strategy can be described as “red-teaming,” a term to describe intense threat assessment exercises wherein technologies, and SATCOM networks are “attacked” as an enemy would seek to penetrate them. The concept is to identify and rectify or address vulnerabilities earlier in the development process and essentially “bake in” resiliency. Years ago, the U.S. Air Force outlined a 7-point cybersecurity plan specifically intended to “find” vulnerabilities “early” within weapons systems when long-lasting adjustments can be made. McCollum’s work in recent years closely aligns with this thinking, as many organizations in the SATCOM industry have adopted Red-Teaming as well. Much like the U.S. Air Force, McCollum believes that trying to “slap on” cybersecurity later is essentially ineffective. What’s necessary, he explains, can be described in terms of “secure by design” principles.
“There's a lot you can do to build in cyber resilience from day one. It all starts with a threat model, which is essentially where you figure out how adversaries may attempt to attack a system. It’s critical to build the threat model, which allows companies to identify vulnerabilities so they can build in necessary cyber protections from day one,” McCollum said.
Secure by Design
McCollum offered an example of “baking in” cyber-resiliency in terms of what he described as the concept of “least privilege.” The idea is to “layer” access to ensure that an intruder does not have ubiquitous access across a network by breaching an outer perimeter.
“SATCOM equipment that's been out in the field for fifteen, twenty years, runs at the highest privilege. Currently on SATCOM applications, the software runs on the system, at a lower privilege so that the RF side of the equipment can’t be used to interfere with another device in the spectrum,” McCollum explained.
Threat Landscape
Additional measures are needed for a variety of reasons, in part because the scope of potential threats is expanding quickly. A significant 2024 SATCOM cybersecurity threat assessment published by the European Union Agency for Cybersecurity, ENISA, details the dual-pronged elements associated with the addition of LEO satellites. Some of the threat possibilities, as explained in ENISA’s Leo SATCOM Cybersecurity Assessment include “signal jamming/interference, transmission of a stronger signal to degrade the quality of a legitimate signal, signal spoofing and forgery of a signal bearing wrong information.” Many of these potential cyber-network attacks seek to “reverse engineer” elements of a downlink signal, eavesdrop, intercept information or capture login and password information.
Cloud & security
Cloud migration is yet another key component of this advantage-security cyber paradox, as it can overcome otherwise insurmountable geographical boundaries, yet also “broaden” an attack surface through points of entry. Entry and exit points, McCollum emphasized, need to be carefully configured to ensure an intruder does not gain ubiquitous access through a single breach.
At the same time, the benefits of the cloud are paradigm-changing, particularly with the arrival of thousands of MEO and LEO satellites. These systems can proliferate, operate at lower altitudes and generate much higher throughput to operate as nodes on an interconnected “web” or network of signals. McCollum said that MEO and LEO satellites operate with “tight beams,” which typically need to operate within a 50-km footprint. The cloud, however, can naturally overcome this geographical imitation and enable much broader and more efficient access to time-sensitive “data” gathered and processed by MEO and LEO satellites.
Security in the cloud is also a double-edge sword, as there can be both advantages and liabilities. For years now, cybersecurity technologies have moved beyond perimeter protections and become more virtualized, meaning software patches, upgrades and alterations have built protections into cloud systems.
Comtech describes its Digital Common Ground (DCG) portfolio as a line of SATCOM products developed with cybersecurity as a core design requirement. The DCG products are built around secure firmware, insist upon transparent firmware toolchains, and integrated support for space-focused cyber incident response and continuous security testing, including red-team and “penetration testing.’ to ensure continued protection and “hardening.””
SATCOM & AI
The rapid arrival of AI is also fundamental to the core paradox central to SATCOM and cybersecurity, as it too brings increased vulnerability along with offensive and defensive advantages.
“On the defense side is where I see the most value from AI as it is able to recognize patterns and monitor twenty-four seven to go over all the audit logs and point out when things look strange. It's intrusion detection, it's finding anomalies in the system that a person would just miss,” McCollum said.
McCollum’s thinking on AI-driven cyber defense technologies aligns with recent research on the subject published in the MIT Technology review. A recent essay in the publication called “Adapting to New Threats with Proactive Risk Management” says “AI-powered cybersecurity tools can enhance threat detection, automate incident response, and even predict potential attacks and recommend remediation measures. Companies can also use AI to enhance data resiliency solutions.”
As the SATCOM ecosystem accelerates into an era defined by AI-enabled processing, cloud-native architectures, and vast MEO and LEO constellations, the path forward hinges on confronting this advantage‑and‑risk paradox with equal parts urgency and precision. The operational promise is extraordinary—unprecedented throughput, global reach, real‑time decision superiority—yet these gains can only be secured through relentless investment in cybersecurity modernization, red‑team rigor, secure‑by‑design engineering, and unified standards across the industry. The message from experts, research institutions, and forward‑leaning innovators like Comtech is unequivocal: the future of SATCOM belongs to systems engineered not only for performance, but for resilience. Those who succeed will be the organizations that recognize cybersecurity not as a constraint on technological progress, but as the essential catalyst enabling this new generation of connected, adaptive, and highly contested space‑driven operations.