Toward Secure Operation and Management (O&M) of Satellite Constellations: Efficiency, Resilience, and Reliability in a Network Perspective

Satellite constellations equipped with Inter-Satellite Links and onboard packet switching enable real-time Operation and Management across globally distributed satellites, but also broaden the attack surface and introduce unprecedented cybersecurity threats. Existing efforts mainly focus on cryptography for single-satellite point-to-point links, without considering constellation-level security. To address this gap, this article extends security research in two directions: from individual satellites to constellation-wide architectures, and from isolated cryptography to system-level security incorporating efficiency, resilience, and reliability. These extensions raise three key questions: how to design efficient security mechanisms for dynamic constellation topologies with adaptive onboard routing; how a constellation O&M system can recover resiliently under worst-case failures of onboard security functions; and how to improve the reliability of onboard security functions under stringent resource constraints. To address these challenges, we first construct a constellation-wide hybrid security framework that protects semantically sensitive content fields using End-to-End encryption, while safeguarding routing-related fields through Moving Target Defense. Next, we introduce a ciphered-mode and safe-mode management mechanism with an M-delayed fallback that balances recovery timeliness and exploitability. Finally, we propose security-aware routers that manage plaintext/ciphered modes and coordinate access to a shared pool of onboard cipher modules, enabling redundancy sharing across multiple endpoints and extending secure operation duration in ciphered mode. These solutions comply with existing standards defined by organizations including DVB and the CCSDS, while translating conceptual security principles into practical system-level mechanisms.