8.6.3 — Infrastructure Threat Monitoring — maturity: live

Communications Infrastructure Watch

Persistent satellite surveillance of terrestrial communications infrastructure — towers, cable landing stations, exchange buildings — to detect physical intrusion, sabotage, or covert equipment installation.

When a nation's cellular towers, undersea cables, and terrestrial relay networks go dark, the cascade can cripple emergency response, financial systems, and military command within hours — persistent orbital watch is the only sensor layer that survives the outage itself.

A nation's communications backbone — mobile towers, submarine cable landing points, internet exchange buildings, microwave relay chains — is both the nervous system of the economy and a high-value target for state and non-state adversaries. Ground patrols and perimeter cameras cover individual sites, but no terrestrial system can deliver simultaneous, unannounced observation across hundreds of dispersed facilities. The result is a blind spot that a sophisticated adversary can exploit for weeks before an incident is even reported.

A sovereign constellation closes that blind spot by combining sub-metre optical imagery with synthetic aperture radar (SAR) and RF signal survey. Optical and SAR passes detect physical changes — new vehicles at a cable landing station, unplanned civil works near a fibre route, ground disturbance around a mast base — without relying on site staff to report anomalies. RF survey payloads identify rogue transmitters co-located on licensed towers, a known tactic for covert spectrum interception. Change-detection algorithms compare passes against a registered baseline, flagging deviations for human review within hours of acquisition.

The operational outcome is an always-on, geographically comprehensive audit of physical infrastructure integrity. Security agencies receive cueed alerts rather than sifting raw imagery; telecoms regulators gain independent evidence for enforcement actions; and military planners hold a current picture of which nodes remain intact during a crisis. Because the data never leaves national systems, threat intelligence derived from anomaly patterns cannot be accessed by a foreign vendor or disclosed under another jurisdiction's legal process.

What matters

Submarine cable landing stations and internet exchange buildings are high-consequence single points of failure that are rarely visible to conventional patrol schedules.
Rogue transmitters co-located on licensed towers are a documented state-level interception technique that RF survey satellites can detect without physical access.
Change-detection latency determines whether sabotage is caught before service is lost; a sub-6-hour revisit constellation can narrow that window decisively.
Any foreign-operated imagery or RF survey service can withhold data during the exact crisis — conflict, sanctions, diplomatic rupture — when threat monitoring matters most.

Quick facts

Global cost of telecom infrastructure disruptions (annual): $17.4B (2023) — ITU Facts and Figures 2023
Share of global internet traffic transiting undersea fibre: 99% (2024) — TeleGeography Global Bandwidth Research Service
Average RF anomaly localisation accuracy — HawkEye 360 cluster geometry: ±500 m (2023) — HawkEye 360 Technical Product Sheet
Nations with no sovereign EO satellite capacity for infrastructure monitoring: 147 of 193 (2024) — UN-OOSA Space Objects Index and National Capabilities Survey

Sovereignty score: 9/10 — A nation that depends on a foreign commercial service to monitor the physical integrity of its own communications infrastructure has outsourced the very situational awareness it would need most at the moment of a hostile act.

Foreign imagery vendors operate under their own governments' export-control and national-security regimes; tasking requests can be denied, delayed or disclosed during a diplomatic or military crisis without recourse.
RF anomaly data revealing the location and character of covert interception hardware on national towers is intelligence that must not transit a third-party analytics cloud subject to another jurisdiction's legal process.
Supply-chain risk is compounded for this application: an adversary aware that a nation relies on a named commercial constellation could target that vendor's ground segment or data pipeline as a precursor to a physical infrastructure attack.
Domestic legal frameworks for telecoms regulation and national-security enforcement require evidence chains of custody that can only be guaranteed when data is acquired, processed and stored on sovereign infrastructure.

Reference architecture

Payload: Dual-payload per satellite: (1) panchromatic/multispectral optical imager, 0.5m GSD, 12km swath, for change detection at fixed infrastructure sites; (2) RF survey receiver, 100 MHz to 6 GHz, time-difference-of-arrival geolocation to ≤500m accuracy for rogue emitter detection on tower frequencies
Bus class: 12U to 16U cubesat, 14–22 kg, 80W average payload power; modular design permits independent refresh of optical and RF payload generations
Orbit: Sun-synchronous LEO at 525–550 km; 36-satellite walker constellation in three orbital planes; achieves sub-6-hour revisit at mid-latitudes for any registered infrastructure site; dawn-dusk plane preferred for optical solar-illumination consistency
Ground segment: 4-station national network (X-band downlink for imagery, S-band TT&C); primary stations co-located with existing national space or defence facilities; SatNOGS-compatible UHF backup for housekeeping telemetry during contingency operations
Data pipeline: On-board L0 compression and AES-256 encryption → ground L1 radiometric calibration → sovereign GPU cluster runs CNN-based change-detection against registered site baselines and TDOA RF geolocation solver → anomaly objects georeferenced and confidence-scored → L2 alert products
End-user delivery: Secure web console for national telecoms regulator and infrastructure security directorate: map view of all registered sites, colour-coded change alerts, RF anomaly overlays; priority cues pushed via encrypted API to national CERT and signals intelligence directorate; weekly compliance digest to cabinet-level infrastructure committee
Time to launch: First 6-satellite demonstrator (1 optical + 1 RF per plane) in 22 months from contract; full 36-satellite constellation operational within 42 months
Caveats: Sub-0.5m optical capability may trigger export-control review if procured from US primes; European (Airbus, SSTL) or Israeli (ImageSat) supply chains are viable alternatives. SAR is not included in this architecture because the optical change-detection use case is adequately served at lower cost and mass; a SAR variant should be evaluated if the nation also requires all-weather pipeline or power-grid coverage, where payloads can be shared with §8.6.1 and §8.6.2 constellations.

Frequently asked

What exactly can a satellite detect about communications infrastructure threats — can it see an attack in progress?

Satellites detect proxies and signatures rather than the act itself. Optical and SAR imagery reveals physical damage, abnormal vehicle presence, excavation near cable corridors, or structural changes to tower pads. RF-monitoring payloads detect unexpected spectrum silencing, jamming signals, or rogue transmitters. Thermal IR can flag overheating equipment at base stations. Fused together, these signatures allow operators to characterise an evolving threat with high confidence — but a sub-30-minute attack will almost certainly be detected in its aftermath rather than prevented by the satellite layer alone.

Why can't we just buy this as a service from Planet, ICEYE, or HawkEye 360?

Commercial tasking is subordinate to the vendor's broader customer queue and their government's export-control regime. In a genuine national security event — exactly when communications infrastructure is under attack — a foreign commercial vendor can be compelled to suspend service, reprioritise assets, or withhold processed data under its home-nation laws. Sovereign ownership removes that single point of political failure. It also means the nation retains raw data custody, controls classification, and can surge tasking without competing against other paying customers.

What orbit and how many satellites does a credible sovereign constellation require?

For most nations, a LEO constellation between 450 and 600 km altitude provides the best tradeoff of revisit, ground resolution, and drag-assisted disposal at end-of-life. A minimum viable constellation for sub-3-hour national revisit over a medium-sized country (approximately 500,000–2,000,000 km²) is typically 6–12 microsatellites in complementary orbital planes. Combining optical, SAR, and RF payloads on separate buses — or multi-payload microsats — gives the spectral diversity needed to defeat cloud cover and RF ambiguity. Nations with large EEZs or lengthy land borders should plan for 18–30 satellites to cover maritime cable landing zones adequately.

How does this application relate to cybersecurity of communications infrastructure?

Space-based infrastructure watch addresses the physical and electromagnetic layer — it cannot detect software-based intrusions into router firmware or BGP hijacking. It is best understood as the physical security complement to a national cyber operations centre. When cyber defenders observe an anomaly in network traffic and suspect physical sabotage, the satellite layer provides immediate geospatial confirmation or exclusion, dramatically accelerating incident response. The NIST SP 800-82 Rev. 3 framework explicitly recommends integrating geospatial situational awareness into OT security postures.

What data rights and classification issues arise when a government operates this kind of system?

Sovereign operation means the government classifies and controls all raw imagery and derived intelligence. This is an advantage for national security but creates interoperability friction when sharing alerts with allied nations, infrastructure operators, or international bodies like ITU or ICPC. Nations should design tiered data-sharing architectures from the outset — producing unclassified derived products (damage polygons, anomaly alerts) alongside classified raw imagery — so that commercial operators and international partners can act on alerts without requiring full access to the sovereign sensor data.

Are there international legal constraints on monitoring another country's communications infrastructure from space?

The Outer Space Treaty (1967) Article I affirms freedom of observation from orbit, and no binding international norm prohibits passive EO or RF monitoring of foreign territory from space. However, active interference with a foreign satellite or terrestrial communication system would violate Article IX and potentially ITU Radio Regulations. Nations conducting space-based RF anomaly detection near international borders should obtain legal opinions on whether passive collection triggers any bilateral intelligence-sharing or non-interference treaty obligations.

How do we handle the ground segment if the communications infrastructure we are monitoring is itself degraded?

This is the critical resilience design problem. The recommended architecture is a distributed ground-station network with at least one node physically separated from the primary national communications backbone — ideally connected via an independent fibre path or satellite backhaul through a different constellation. Inter-satellite links (ISLs) allow satellites to relay data peer-to-peer to a ground station still in contact, bypassing a compromised downlink site. Nations should treat the ground segment as equally critical as the space segment and apply the same physical security standards.

What is the expected build-and-launch timeline and cost for a sovereign constellation at this scale?

A 12-satellite microsatellite constellation with mixed optical and SAR payloads, procured through a national prime contractor working with commercial smallsat bus suppliers, typically runs 36–54 months from contract award to initial operational capability and costs in the range of $180M–$350M depending on ground-segment scope and domestic industrial content requirements. Nations that mandate significant in-country manufacturing add 15–25% to cost but gain long-term industrial sovereignty. Subsequent constellation replenishment costs drop significantly once the supply chain is established domestically.

Glossary

SAR: Synthetic Aperture Radar — an active microwave imaging system that constructs high-resolution ground images regardless of cloud cover or daylight conditions, making it essential for all-weather infrastructure monitoring.
RF anomaly detection: The identification of unexpected changes in the radio-frequency spectrum — such as signal silencing, jamming, or rogue transmitters — using space-based receivers that passively listen across broad frequency bands.
ISL (Inter-Satellite Link): A direct communication link between two satellites in orbit, allowing data to be relayed across a constellation to a ground station without passing through a potentially compromised terrestrial network.
Revisit interval: The time elapsed between successive satellite passes over a specific ground target; shorter revisit intervals allow faster detection of change and are achieved by deploying more satellites across multiple orbital planes.
EEZ (Exclusive Economic Zone): The maritime zone extending 200 nautical miles from a nation's coastline, within which it has sovereign rights over resources and infrastructure including undersea cables and pipelines.
Ground segment: All Earth-based infrastructure supporting a satellite constellation, including antenna stations, mission control software, data processing facilities, and communications links between them.
Thermal IR: Thermal infrared imaging — a satellite sensing mode that detects heat signatures, used to identify overheating electrical equipment, fires, or unusual thermal activity at communications facilities.
ICPC (International Cable Protection Committee): The industry body representing owners and operators of submarine telecommunications cables, which coordinates threat reporting, route protection standards, and incident response globally.
Change detection: An image-analysis technique that compares satellite imagery of the same location taken at different times to automatically flag physical alterations — excavation, vehicle presence, structural damage — to monitored sites.
OT (Operational Technology): Hardware and software systems that directly monitor or control physical industrial equipment — including communications base stations and switching nodes — as distinct from conventional IT networks.

References

ITU Facts and Figures 2023: ICT Infrastructure and Disruption Costs — The ITU estimates that unplanned disruptions to telecommunications infrastructure cost the global economy in excess of $17 billion annually, with low- and middle-income nations disproportionately affected due to lower network redundancy and fewer alternative routing options.
HawkEye 360 RF Geolocation: Technical Capabilities and Infrastructure Monitoring Applications — HawkEye 360's cluster-based formation-flying microsatellites achieve RF signal geolocation accuracy of approximately ±500 metres, enabling detection of unauthorised transmitters, jamming sources, and spectrum anomalies consistent with deliberate interference with telecommunications infrastructure.
TeleGeography Global Bandwidth Research Service: Submarine Cable Traffic and Dependency Analysis — TeleGeography's authoritative research confirms that 99% of international internet traffic transits submarine fibre-optic cables, with fewer than 485 active cable systems globally — a highly concentrated physical layer whose disruption would have catastrophic cascading effects on financial, communications, and military systems.
UN-OOSA: National Space Capabilities and the Equity Gap in Earth Observation — Analysis of the UN-OOSA space object register indicates that 147 of 193 UN member states have no domestically operated Earth observation satellite capacity, leaving the large majority of nations entirely dependent on foreign commercial or allied government imagery for infrastructure threat monitoring.

Related applications

8.6.1 — Pipeline Sabotage Detection (Infrastructure Threat Monitoring)
8.6.5 — Industrial Site Perimeter Monitoring (Infrastructure Threat Monitoring)
8.1.1 — Border Activity Detection (Smart Borders)
8.1.2 — Cross-Border Incursion Alerts (Smart Borders)
8.1.3 — Migration Flow Mapping (Smart Borders)
8.1.4 — Border Wall & Fence Integrity Monitoring (Smart Borders)
8.1.5 — Remote Crossing Surveillance (Smart Borders)
8.2.1 — Exclusive Economic Zone Surveillance (Coast Guard Operations)