8.6.3 — Infrastructure Threat Monitoring — maturity: live

Communications Infrastructure Watch

Persistent satellite surveillance of terrestrial communications infrastructure — towers, cable landing stations, exchange buildings — to detect physical intrusion, sabotage, or covert equipment installation.

Auto-drafted reference page — content reviewed for shape, individual references not yet link-checked.

A nation's communications backbone — mobile towers, submarine cable landing points, internet exchange buildings, microwave relay chains — is both the nervous system of the economy and a high-value target for state and non-state adversaries. Ground patrols and perimeter cameras cover individual sites, but no terrestrial system can deliver simultaneous, unannounced observation across hundreds of dispersed facilities. The result is a blind spot that a sophisticated adversary can exploit for weeks before an incident is even reported.

A sovereign constellation closes that blind spot by combining sub-metre optical imagery with synthetic aperture radar (SAR) and RF signal survey. Optical and SAR passes detect physical changes — new vehicles at a cable landing station, unplanned civil works near a fibre route, ground disturbance around a mast base — without relying on site staff to report anomalies. RF survey payloads identify rogue transmitters co-located on licensed towers, a known tactic for covert spectrum interception. Change-detection algorithms compare passes against a registered baseline, flagging deviations for human review within hours of acquisition.

The operational outcome is an always-on, geographically comprehensive audit of physical infrastructure integrity. Security agencies receive cueed alerts rather than sifting raw imagery; telecoms regulators gain independent evidence for enforcement actions; and military planners hold a current picture of which nodes remain intact during a crisis. Because the data never leaves national systems, threat intelligence derived from anomaly patterns cannot be accessed by a foreign vendor or disclosed under another jurisdiction's legal process.

What matters

Submarine cable landing stations and internet exchange buildings are high-consequence single points of failure that are rarely visible to conventional patrol schedules.
Rogue transmitters co-located on licensed towers are a documented state-level interception technique that RF survey satellites can detect without physical access.
Change-detection latency determines whether sabotage is caught before service is lost; a sub-6-hour revisit constellation can narrow that window decisively.
Any foreign-operated imagery or RF survey service can withhold data during the exact crisis — conflict, sanctions, diplomatic rupture — when threat monitoring matters most.

Sovereignty score: 9/10 — A nation that depends on a foreign commercial service to monitor the physical integrity of its own communications infrastructure has outsourced the very situational awareness it would need most at the moment of a hostile act.

Foreign imagery vendors operate under their own governments' export-control and national-security regimes; tasking requests can be denied, delayed or disclosed during a diplomatic or military crisis without recourse.
RF anomaly data revealing the location and character of covert interception hardware on national towers is intelligence that must not transit a third-party analytics cloud subject to another jurisdiction's legal process.
Supply-chain risk is compounded for this application: an adversary aware that a nation relies on a named commercial constellation could target that vendor's ground segment or data pipeline as a precursor to a physical infrastructure attack.
Domestic legal frameworks for telecoms regulation and national-security enforcement require evidence chains of custody that can only be guaranteed when data is acquired, processed and stored on sovereign infrastructure.

Reference architecture

Payload: Dual-payload per satellite: (1) panchromatic/multispectral optical imager, 0.5m GSD, 12km swath, for change detection at fixed infrastructure sites; (2) RF survey receiver, 100 MHz to 6 GHz, time-difference-of-arrival geolocation to ≤500m accuracy for rogue emitter detection on tower frequencies
Bus class: 12U to 16U cubesat, 14–22 kg, 80W average payload power; modular design permits independent refresh of optical and RF payload generations
Orbit: Sun-synchronous LEO at 525–550 km; 36-satellite walker constellation in three orbital planes; achieves sub-6-hour revisit at mid-latitudes for any registered infrastructure site; dawn-dusk plane preferred for optical solar-illumination consistency
Ground segment: 4-station national network (X-band downlink for imagery, S-band TT&C); primary stations co-located with existing national space or defence facilities; SatNOGS-compatible UHF backup for housekeeping telemetry during contingency operations
Software & data
Latency
Cost band
Lead time

References

ITU-R Recommendations on Spectrum Monitoring — The ITU publishes technical standards for detecting unauthorised transmissions and rogue emitters on licensed frequencies. These standards form the regulatory basis for RF anomaly enforcement actions against co-located interception hardware.
ENISA Threat Landscape for Telecommunications 2023 — ENISA identifies physical attacks on tower infrastructure and cable landing stations as a rising threat vector across EU member states. The report notes persistent gaps in real-time physical monitoring of dispersed telecom nodes.
ESA Earth Observation for Critical Infrastructure Protection — ESA has demonstrated SAR-based change detection for infrastructure protection use cases, including perimeter monitoring around high-value facilities. The programme highlights sub-metre spotlight SAR as the key discriminating capability.
HawkEye 360 — RF Monitoring from Space — HawkEye 360 operates a commercial cluster-satellite constellation that geolocates RF emitters to within 1 km, including anomalous signals on licensed tower frequencies. Their operational data illustrates what a sovereign equivalent would provide without export-control or data-sharing constraints.
World Bank — Resilience of Digital Infrastructure in Fragile States — The World Bank documents how physical attacks on telecoms nodes in fragile and conflict-affected states have cascading economic and security consequences. The report recommends independent monitoring mechanisms as a governance baseline.