Understanding the Taxonomy of Attacks Against Space Infrastructures

Key Takeaways

• The taxonomy explains attacks through purpose, method, entry point, and impact point.
• It joins physical, electromagnetic, and cyber attacks into one usable threat model.
• Its strongest value lies in showing how failures jump across segments of a space system.

The Paper’s Core Argument

The study Towards a Systematic Taxonomy of Attacks against Space Infrastructures starts with a simple claim and then pushes it much farther than most writing on space security does. Space infrastructures are exposed to cyber attacks, electromagnetic attacks, and counterspace attacks, but those categories should not be treated as separate worlds. They should be described inside one shared structure, because the same mission can be disrupted through any of them, and sometimes through several of them in sequence.

That choice gives the paper its value. Many discussions of satellite security focus on only one layer of risk. Some stay with anti-satellite weapons. Others stay with jamming. Others stay with network intrusion. The taxonomy in this study refuses that split. It treats the whole space system as a connected architecture, then classifies attacks according to what the attacker wants, how the attacker acts, where the attack enters the system, and where the effect appears.

The paper does not read like a catalog of dramatic orbital incidents. It reads like an effort to make the subject usable. That makes it better than a lot of public discussion on the topic. Space services are woven into communications, navigation, finance, weather forecasting, military operations, logistics, and emergency response. A threat model that stops at the spacecraft itself is too small for the real problem.

Why a Taxonomy Matters Here

The study opens from the point that space-enabled services are embedded in daily life and the global economy, a position long echoed by organizations such as the Space Foundation . That point is not decorative background. It explains why classification matters. When a service depends on spacecraft, links, ground stations, user terminals, and software-driven control systems, defenders need a common vocabulary before they can build sensible protection and recovery plans.

Without that vocabulary, organizations fall into habits that look tidy on paper but fail under pressure. A cyber team watches the mission network. A spectrum team watches interference. A flight-safety team watches spacecraft health. A physical security team watches ground infrastructure. Each group can do good work and still miss the full attack path. The taxonomy exists to stop that from happening.

The paper also aligns its structure with two known frameworks, MITRE ATT&CK and SPARTA . That matters because it gives the taxonomy a familiar grammar. The attacker has an objective, which is the “what,” and a capability, which is the “how.” The study then adds something especially useful for space systems: entry point and impact point.

The System Model Underneath the Taxonomy

Before the paper classifies attacks, it defines the thing being attacked. It uses a model of space infrastructures with several levels of abstraction, then works mainly with the segment level and the component level. At the segment level, the system is broken into the space segment, the ground segment, the user segment, and the link segment. At the component level, the paper points to elements such as spacecraft bus systems, payloads, mission control, ground stations, remote terminals, data processing centers, and user equipment.

That matters because a space service is not the satellite alone. A weather mission can fail because the spacecraft is destroyed, because its downlink is jammed, because a ground antenna is damaged, because mission control is compromised, or because the data users rely on are manipulated. The system model keeps those possibilities visible. It does not let the analysis shrink into the old habit of treating “space security” as something that happens only in orbit.

This also explains why the paper spends time defining signals, channels, beams, footprints, uplinks, downlinks, and inter-satellite links. Those terms are not filler. Without them, much of the electromagnetic section would collapse into vague use of the word jamming. The same goes for the cyber section. Once the system is laid out segment by segment, it becomes easier to see how a human-targeted phishing attack in the ground segment can end in loss of control in the space segment.

The Four Questions That Organize the Taxonomy

The taxonomy works by asking four linked questions about an attack. What is the attacker trying to do. How is the attacker trying to do it. Where does the attacker get in. Where does the effect show up.

The first two questions are familiar from cyber threat modeling. The last two are what make this paper stand out. In a space infrastructure, the place where an attack enters the system is often not the place where the system breaks. A mission operator may receive a malicious email in the ground segment, yet the consequence may appear later as a spacecraft that no longer accepts legitimate commands. A user terminal may receive a deceptive navigation signal through the link segment, yet the false position solution appears in the user segment. A ground station may be physically struck on Earth, yet the visible operational consequence is a spacecraft that becomes unreachable.

That distinction between entry point and impact point is not just a neat analytical feature. It is the paper’s strongest contribution. It forces defenders to track the whole causal path. In a distributed architecture such as a space system, that is exactly what they need.

The Three Main Families of Attacks

The study divides attacks against space infrastructures into three broad families. The first is counterspace attacks. The second is electromagnetic attacks. The third is cyber attacks.

This sounds straightforward, but the structure is more disciplined than it first appears. Each family is broken down by attacker objective and then by attacker capability. In several places, the paper goes one level deeper and identifies a more detailed capability, the equivalent of a sub-technique. That prevents categories from becoming fuzzy buckets. The paper is not satisfied with labels like disruption or interference. It wants the mechanism named.

That choice is one reason the taxonomy feels immediately useful. It helps separate attacks that are often blurred together in public discussion. Signal hijacking is not the same as spoofing. Spoofing is not the same as replay. Noise injection is not the same as protocol-aware interference. Orbital anti-satellite attacks are not the same as direct-ascent anti-satellite attacks. A study that leaves those distinctions loose would not help planners or engineers very much.

Counterspace Attacks

The first family is counterspace attacks. These are split into two broad objectives: destruction and disruption. That division makes sense. It separates attacks intended to physically eliminate a capability from attacks that physically impair or disable it without a direct kinetic kill.

Counterspace attacks remain the part of the subject most visible to the public because they map easily onto missile tests and dramatic headlines. The paper handles them in a more measured way. It places them inside a larger technical structure instead of treating them as the whole of space conflict.

Destruction

The destruction branch includes direct-ascent anti-satellite attacks, orbital anti-satellite attacks, ground infrastructure attacks, and user infrastructure attacks. Each of these categories targets a different point in the system, even when the broader mission effect may look similar from the outside.

A spacecraft destroyed in orbit is obvious. A user terminal destroyed on the ground may look less “space-like” to a casual observer, yet the operational effect can be just as real. The paper is right to keep both inside the same family. The function of the system matters more than the location of the damaged hardware.

Direct-Ascent Anti-Satellite Attacks

Direct-ascent attacks involve a projectile launched from Earth to destroy a spacecraft. The paper separates ballistic projectile attacks from kinetic kill vehicle attacks. That is a meaningful distinction. A ballistic projectile follows a precomputed path, while a kinetic kill vehicle has maneuver capability in the terminal phase, which changes the engagement problem and can improve the chance of interception.

The paper grounds this category in real historical examples. It points to the United States in 1985 and 2008, China’s 2007 anti-satellite missile test , India’s Mission Shakti in 2019, and Russia’s 2021 anti-satellite test . Those examples matter because they show that the category is not hypothetical. They also remind the reader that debris is part of the consequence. Destruction in Low Earth orbit can create problems for unrelated spacecraft and for the wider orbital environment.

This is one place where the paper keeps its footing. It does not turn direct-ascent attacks into a theatrical symbol for all space warfare. It classifies them carefully, names the mechanism, and moves on.

Orbital Anti-Satellite Attacks

Orbital anti-satellite attacks shift the mechanism into orbit. The paper divides them into projectile attack, spacecraft attack, and forced maneuver attack. Those categories cover hostile behavior by a spacecraft already in orbit, whether through direct release of a projectile, contact or collision behavior, or maneuvering that pushes another spacecraft into danger.

This category matters more than it once did because on-orbit proximity operations, servicing technologies, and maneuver-capable spacecraft have all become more common. Capabilities that support benign missions can also support coercive or destructive behavior. A spacecraft designed for inspection, servicing, or relocation may not be a weapon by design, yet in the wrong hands its ability to approach and alter another object’s orbit becomes deeply relevant.

The paper is also helpful here because it makes it easier to think about chained attacks. A spacecraft used in a hostile maneuver might itself have been compromised through cyber means earlier. The physical effect is the end of the story, not the beginning. That is exactly why a unified taxonomy is better than three isolated ones.

Ground Infrastructure and User Infrastructure Destruction

The paper includes destruction of ground infrastructure and destruction of user infrastructure inside the same family. That choice is correct. A ground station antenna, a mission control facility, or a user relay terminal may sit on Earth, yet each may be essential to a space-enabled service. Destroy one of them and the mission can fail without a single fragment being created in orbit.

This point is often understated in public discussion. Space organizations sometimes talk as if the satellite is the crown jewel and everything else is support equipment. Operationally, that view is weak. A mission with secure spacecraft but fragile terrestrial dependencies is not secure in any serious sense.

That is one reason the paper feels more mature than a weapons list. It sees a space infrastructure as a service chain.

Disruption

The disruption branch of counterspace attacks covers non-kinetic physical effects. In the paper, the two main categories are high-altitude nuclear explosion and accelerated particle directed energy. These are not everyday threats in routine competition, but they belong in a serious taxonomy because they represent distinct mechanisms with potentially wide consequences.

High-Altitude Nuclear Explosion

A high-altitude nuclear explosion can damage electronics in space through prompt radiation and related physical effects. The paper treats the impact as occurring in the space segment, which is the right analytical choice even if the weapon is delivered from Earth. What matters in the taxonomy is where the system is harmed.

The consequence of such an attack is not limited to a single target. Depending on altitude, yield, and the environment created, a wide set of spacecraft can be affected. That broad consequence is why this category sits at the edge of ordinary conflict and in the center of strategic concern.

The paper does not overstate it. It simply includes the category because omitting it would leave a hole in the logic of the taxonomy.

Accelerated Particle Directed Energy

The paper also includes accelerated particle directed energy, described as an attack from space using highly accelerated uncharged particles to damage a target spacecraft. This is a more speculative category than direct-ascent attack or GNSS deception, yet it is not science fiction padding. It is included because the mechanism is distinct and because future taxonomies should not be blind to emerging technical possibilities.

This is one of the few places where the boundaries of the field still feel genuinely uncertain. The paper handles that uncertainty well. It does not pretend such capabilities are ordinary fielded systems, but it also does not pretend the subject should be ignored until a public test makes headlines.

Electromagnetic Attacks

The second family is electromagnetic attacks. This section may be the most practical one in the entire study because many real disruptions of space-enabled services involve signal behavior rather than physical destruction. The paper divides electromagnetic attacks into denial of access to the electromagnetic spectrum, disruption, and deception.

That split is more useful than the broad public habit of calling everything jamming. Denial, disruption, and deception are not the same. The mechanism, the user experience, and the defensive countermeasure may all differ.

Denial of Access to the Electromagnetic Spectrum

The first branch deals with denying legitimate users access to a channel or frequency band. The paper breaks this into RF signal-based noise injection and dazzling optical receivers.

This matters because denial can be broad or extremely precise. A badly designed defense that assumes only brute-force noise may fail against a far more selective attacker.

RF Signal-Based Noise Injection

The paper identifies five forms of RF noise injection: spot attacks, barrage attacks, sweep attacks, adaptive attacks, and protocol-aware attacks. A spot attack targets the center frequency of a channel. A barrage attack covers the full target band. A sweep attack moves across frequencies within the band. Adaptive attacks react to victim behavior. Protocol-aware attacks exploit knowledge of the target protocol and time their interference accordingly.

That progression from simple to informed interference is one of the paper’s best contributions. It shows that denial is not a single technical pattern. A system designed only to survive blunt spectral noise may still fail against an attacker who studies synchronization behavior, channel changes, or protocol timing.

That is where the paper takes a clear stand without saying so directly. The stronger benchmark for resilience is not resistance to crude jamming. It is resistance to intelligent interference. Any operator still evaluating communications security only against the simple forms is using a standard that is too low.

Dazzling Optical Receivers

The paper also includes dazzling of optical receivers through malicious optical signals, including laser signals directed at spacecraft optical receivers. This category matters because laser communication in space is becoming more common for high-capacity links and inter-satellite networking.

Optical communications are often described in terms of performance gains, narrow beams, and high bandwidth. The paper reminds the reader that those same features create a specific threat surface. An optical link is not automatically safer because it is narrow. Under some conditions, its dependence on precise pointing and clean reception can become its weakness.

Disruption

The second electromagnetic objective is disruption. Here the paper includes chaff attacks, EM signal attacks, signal hijacking, and high-power electromagnetic wave attacks. These categories are grouped not because they are identical, but because each interferes with correct reception, interpretation, or operation.

The point is subtle and useful. An attacker does not need to deny all access to create mission trouble. Distorting what the receiver sees, or replacing what it believes is a legitimate signal, can be enough.

Chaff Attacks

Chaff is more familiar from air warfare than from space discussion, yet the paper includes it because it can interfere with radar measurements used by the ground segment for orbit determination and tracking. A cloud of reflective material alters what the radar receiver sees. In effect, the sensor is manipulated through the physical behavior of the reflected electromagnetic wave.

This is a good example of why the taxonomy is stronger than a simple cyber-plus-jamming framework. If a radar-based view of the orbital environment is corrupted, mission decisions can degrade even though the spacecraft themselves remain technically healthy. The service chain is what matters.

EM Signal Attacks

The paper distinguishes EM signal attacks from signal hijacking. In the EM signal case, a malicious signal from space targets a ground receiver by exploiting low angular separation from the legitimate source. That creates a receiver-side problem of spatial discrimination.

This is a useful distinction because it shows how geometry matters. Not all malicious transmission is brute-force overpowering. In some cases the attack works because the receiver cannot separate the malicious source from the legitimate one under actual operating conditions.

Signal Hijacking

Signal hijacking involves an attacker transmitting a malicious signal with the same characteristics as the legitimate one, but with enough power that receivers accept the malicious transmission instead. This is especially dangerous where authentication is weak or absent.

Public discussion often blurs hijacking, spoofing, and jamming into one phrase. The paper does not let that happen. That precision matters because the defensive response is different. Power management, authentication, receiver design, and signal verification all enter the picture in different ways depending on the category.

High-Power Electromagnetic Wave Attacks

The last disruption category uses high-power electromagnetic emissions, such as laser or microwave energy, to damage spacecraft electronics. This attack is electromagnetic by mechanism but physically destructive in effect.

That is another reason the taxonomy works. It does not force every harmful event into an artificial binary between physical and digital. Mechanism matters. So does the location of impact. In this category, the signal itself is the route to hardware damage.

Deception

The third electromagnetic objective is deception. The paper uses Global Navigation Satellite System receivers as the main example and explains how false signals can trick user equipment into producing incorrect position estimates.

This is one of the clearest parts of the study because it ties the deception to receiver behavior. A receiver that loses fix and re-enters acquisition mode may become more vulnerable to a false signal environment. That gives the attack real operational texture.

Signal Replay and Malicious Signal Deception

The paper divides GNSS deception into signal replay and malicious signal attacks. Replay uses delayed legitimate signals. Malicious signal attacks use crafted signals that imitate legitimate ones. Both target the user segment through the link segment, and both produce a false navigation solution.

That matters far beyond personal navigation devices. Shipping, aviation, defense operations, timing-dependent financial systems, emergency response tools, surveying, agriculture, telecom synchronization, and autonomous systems all rely on positioning and timing services. A successful deception attack at the receiver level can create strategic consequences without touching the satellites themselves.

The paper is especially strong here because it insists that the user layer belongs in space security analysis. That is exactly right. A space-enabled service can fail at the terminal, and that failure is still part of a space attack.

Cyber Attacks

The third family is cyber attacks. The paper divides these into initial access gain to the ground segment, data exfiltration, disruption, and seizure of control. This section will feel familiar to cyber professionals, but the paper still adds something useful because it maps cyber actions onto the architecture of a space infrastructure rather than treating the system like a normal enterprise network.

That shift is important. In a space mission, the target is often not the server or workstation in isolation. The target is the service chain that those systems support.

Initial Access Gain

The first cyber objective is initial access to the ground segment. The paper breaks this into social engineering and vulnerability exploitation. This is realistic. Space systems are technically advanced, but their access paths often begin in ordinary terrestrial weaknesses.

That point needs emphasis because “space cyber” is sometimes spoken about as if it must involve exotic spacecraft-only techniques. Often it does not. The front door may be a workstation, a contractor network, a mission planning system, or a human being.

Social Engineering

The paper includes email-based attacks, website-based attacks, and online-social-network-based attacks under social engineering. This is exactly where a lot of real-world exposure sits. Aerospace organizations are still made of people, and people still use email, browsers, and online platforms.

That reality strips some glamour from the subject, but it makes the analysis more honest without using the word. A high-value mission can still be endangered by a routine credential theft campaign or a malicious attachment. Space systems do not float above ordinary cyber tradecraft just because their payload is in orbit.

A good example of the paper’s reasoning is that a social engineering attack may begin in the ground segment but produce its impact in the space segment later. That is the entry-point and impact-point distinction doing real work.

Vulnerability Exploitation

The second path to initial access is direct exploitation of vulnerable ground-segment components. The paper points to the 2008 Terra satellite incident as an example linked to compromise of ground systems. The point is not that every spacecraft breach follows the same sequence. The point is that weaknesses on the ground can reach into orbital operations.

This may be the least flashy part of the taxonomy, but it may also be the most operationally relevant. Mission assurance often fails not because the spacecraft was impossible to protect, but because the support architecture was easier to reach.

Data Exfiltration

The exfiltration branch includes malware, eavesdropping, and supply-chain attacks. The paper is careful here. It does not assume that data theft happens only from a database or operator workstation. It can also happen from communications in transit or from compromised components already embedded in a spacecraft.

This is one of the places where the taxonomy helps break the habit of thinking only in terms of endpoints. In a space infrastructure, the path itself may be the vulnerable object.

Malware-Based Exfiltration

The paper references a 2005 case involving malware at Kennedy Space Center and a satellite control complex in Maryland, with exfiltration to an attacker-controlled system abroad. The exact technical details are less important here than the lesson. Compromise of terrestrial systems can expose data that later support broader mission intrusion or interference.

A data theft operation can look modest when judged as a normal IT breach. In a space context, the same stolen data may expose control procedures, frequency information, operational schedules, engineering data, or authentication material. Classification by objective helps keep that consequence visible.

Eavesdropping

The paper also includes eavesdropping on signals. A downlink does not have to be altered to be a target. It may simply be received by someone who was never meant to receive it. The attacker needs suitable receiving equipment and presence within the signal footprint.

This is easy to overlook because it lacks the drama of loss of control. Yet exfiltrated downlink data can be strategically valuable, and in some contexts the knowledge gained from passive interception matters as much as the later active attack.

Supply-Chain Exfiltration

Supply-chain attacks in the exfiltration branch involve compromise of components before installation, such as communications hardware placed into a spacecraft. This category reaches backward in time. The attack enters the story during design, procurement, or manufacturing, then pays off much later during operation.

That is a troubling category because it exposes how far upstream space security really begins. Secure operations cannot compensate fully for poisoned inputs. The taxonomy is right to include this as a cyber path rather than a procurement footnote.

Disruption

The disruption branch of cyber attacks includes malware, data injection, denial of service, and spacecraft vulnerability exploitation. These attacks do not necessarily steal information or seize control. They interfere with service, command, data quality, or system responsiveness.

This branch is especially realistic because many attackers do not need persistent control to create serious damage. Disruption at the right moment can be enough.

Malware-Driven Disruption

Malware can be used to make a spacecraft or its support systems unresponsive. The paper mentions ransomware as one example of disruptive logic. A spacecraft that cannot be commanded, or a ground system that cannot support the mission without recovery steps, may be functionally lost for a critical period.

The category is useful because it shows that cyber disruption in space does not have to look exotic. The same malicious software logic seen on Earth can create mission-level consequences when it reaches the right part of the system.

Data Injection

The paper also includes data injection against repositories such as space domain awareness data stores. This is a strong inclusion. If orbit-related data are altered, operators may make bad decisions about conjunction risk, maneuver planning, or object identification.

That point is easy to miss in ordinary cyber taxonomies. In space operations, false data can be as harmful as unavailable data. A wrong orbital picture can push operators into dangerous action or prevent them from acting when they should.

Denial of Service

Denial-of-service attacks in the paper include both ground-side and spacecraft-side cases. A ground infrastructure example might alter antenna behavior so that links fail. A spacecraft-side example might overwhelm onboard computing resources or operating system functions.

This again shows why treating the ground and space segments together is the right approach. The same objective, denial of service, can travel through very different technical means and hit very different parts of the mission chain.

Spacecraft Vulnerability Exploitation

The paper includes exploitation of software flaws in spacecraft, such as vulnerabilities in radio-control software and conditions associated with buffer overflow . This is a useful category because it shows that not every cyber effect in the space segment must pass through a full compromise of mission control first.

A malicious signal may reach a vulnerable onboard function directly. That makes the boundary between electromagnetic and cyber action thinner than many policy discussions imply.

Seizure of Control

The last cyber objective is seizure of control of a spacecraft. The paper divides this into malware attacks and supply-chain attacks. Both routes can lead to the same result: the attacker can remotely command or influence the victim spacecraft.

This is where the taxonomy’s unified structure proves itself. Loss of control is not just a cyber event. Once a spacecraft is under hostile control, it can be used for later electromagnetic interference, for harmful maneuvering, for false data generation, or for broader mission disruption. The families in the taxonomy are different, but they are not isolated.

Why This Taxonomy Is Better Than Siloed Models

The strongest contested point in this whole field is whether cyber, signal, and physical attacks should be treated in separate doctrinal boxes or inside one shared model. The better answer is the shared model. Splitting them may fit how institutions are organized, but it does not fit how complex space missions break.

A malicious email can become a spacecraft problem. A deceptive signal can become a navigation failure with no satellite compromised. A compromised spacecraft can become the platform for later physical interference. A damaged ground station can strand a mission that is still technically healthy in orbit. Any model that forces those events into isolated professional silos hides more than it explains.

That is why the paper’s entry-point and impact-point approach matters so much. It ties the chain together. It does not let defenders stop thinking at the first compromised component or the final visible failure.

The Study’s Limits

The paper openly states that it focuses on technical attacks and does not cover organizational, regulatory, or legal threats. That is a reasonable boundary for a first taxonomy of this kind. Even so, it leaves out issues that matter in practice, such as contractor governance, procurement concentration, licensing constraints, spectrum management failures, and organizational blind spots.

The paper also notes that some entry points and impact points are described at a fairly coarse level, usually the segment or component level rather than the module level. That is not a flaw so much as a sign of scope. The taxonomy is designed to be systematic and broadly usable, not to function as a full procedural playbook for every mission design.

A future version could go further by mapping attack campaigns rather than attack categories alone. Real adversaries do not always choose one family and stay there. They may begin with social engineering, move into vulnerability exploitation, manipulate data, and then exploit signal conditions or on-orbit behavior. The current taxonomy gives the pieces needed for that next step. It does not quite assemble that step itself.

What the Taxonomy Changes in Practice

A useful taxonomy should change behavior, not just description. This one does. It pushes engineers and operators to ask where a mission is really fragile. Is the weak point the spacecraft bus. The command uplink. The user terminal. The receiver authentication design. The contractor-supplied radio. The data repository used for conjunction analysis. The taxonomy makes those questions easier to ask in a disciplined way.

It also changes how exercises should be run. A realistic exercise should not assume that a signal problem stays in the spectrum team, or that a phishing incident stays in the IT team. A better exercise follows the attack chain across the system. That is how the paper thinks, and that is how resilient organizations need to think.

One more practical consequence stands out. Procurement language often rewards systems that perform well under nominal conditions and under a narrow set of fault cases. The taxonomy suggests a harder standard. Systems should be judged by how they behave under intelligent hostile interference, cross-segment compromise, and deceptive conditions. That is a tougher benchmark. It is also the more honest one.

Summary

The value of this taxonomy lies in its refusal to let space security shrink into one favorite category of attack. It treats a space infrastructure as a connected mission system made of spacecraft, ground systems, users, and links, then maps attacks through purpose, mechanism, entry point, and impact point. That structure makes the subject more operational and less theatrical.

The new point it leaves behind is this: the next major failure in a space-enabled service may not look like the iconic anti-satellite strike that dominates public imagination. It may look like an ordinary terrestrial intrusion, a precisely timed signal deception, a poisoned component installed long before launch, or a chain that moves quietly from one segment to another until the mission fails. That is not a smaller danger. It is the more likely one, and the taxonomy makes that hard to ignore.

Appendix: Top 10 Questions Answered in This Article

What is the main purpose of the taxonomy?

The taxonomy gives a structured way to classify attacks against space infrastructures. It organizes them by attacker objective, capability, entry point, and impact point. That makes analysis, planning, and defense more systematic.

Why does the paper combine counterspace, electromagnetic, and cyber attacks?

It combines them because real mission failures often cross those boundaries. An attack can begin in one domain and create effects in another. A shared model describes that chain better than separate taxonomies.

What are the main segments in the system model?

The model uses four main segments: space, ground, user, and link. Those segments describe where assets sit and where communications move. They help show how attacks enter and where they cause harm.

What is the difference between entry point and impact point?

The entry point is where the attacker first penetrates or engages the system. The impact point is where the effect becomes operationally visible. In space systems, those two places are often different.

How does the paper classify direct-ascent anti-satellite attacks?

It places them under counterspace destruction attacks. The paper then separates ballistic projectile attacks from kinetic kill vehicle attacks. Both target spacecraft, but they differ in maneuver behavior and engagement method.

Why are electromagnetic attacks more than just jamming?

Because the paper divides them into denial, disruption, and deception. Some attacks inject noise, some replace or hijack legitimate signals, and some trick receivers into false outputs. Each requires different defensive thinking.

How does the taxonomy treat GNSS spoofing?

It treats GNSS deception as an electromagnetic attack against the user segment through the link segment. The paper separates replayed signals from fully crafted malicious signals. Both can produce false position or timing results.

Why is the ground segment so important in the cyber section?

Because many space attacks begin through terrestrial systems and human operators. Mission control, ground stations, remote terminals, and data centers often provide the first practical access path. Damage in orbit may begin with weakness on Earth.

What does the paper say about supply-chain attacks?

It treats supply-chain compromise as a meaningful attack path for both exfiltration and seizure of control. A malicious component can be inserted before launch and exploited later during operations. That makes security a design and procurement issue, not only an operations issue.

What is the paper’s strongest analytical contribution?

Its strongest contribution is the pairing of attack categories with entry points and impact points. That feature shows how attacks move through the system rather than just naming the final effect. It turns a loose threat list into a usable model of mission risk.