https://orcid.org/0000-0002-9097-2246
The second panel I was part of at GWF 2026 sat at an intersection that doesn't get enough dedicated attention ,the point where geospatial infrastructure meets cyber threat. Most cybersecurity discourse treats location as incidental. Most geospatial discourse treats cyber as someone else's department. Panel Discussion 2 was built on the recognition that this separation is no longer defensible.
Panel Discussion 2: Cyber-Geospatial Convergence Shielding Digital Borders
The framing was precise: geospatial systems and satellite infrastructure are not passive data pipes. They are critical national infrastructure, and they are targeted accordingly. GPS spoofing, satellite uplink jamming, attacks on ground-based GEOINT processing nodes these are not theoretical. They are documented, ongoing, and accelerating. The session brought together people working on the technical, doctrinal, and policy dimensions of this problem.
What made the conversation worth having was the convergence thesis itself: that cyber and GEOINT are now inseparable disciplines, and that defending one without the other is defending half a system.
Protecting Geospatial Systems and Satellite Infrastructure
I opened my contribution by framing the threat landscape in terms of what adversaries actually target. Satellite infrastructure presents a layered attack surface the space segment, the ground segment, and the user segment each carry distinct vulnerabilities. The ground segment is often the weakest: uplink facilities, processing nodes, and the data pipelines feeding downstream users are frequently built on commercial-off-the-shelf components with known vulnerability profiles.
This is where zero-day vulnerabilities become a specific concern. A nation-state adversary with a stockpile of undisclosed exploits targeting GEOINT ground infrastructure can, in principle, corrupt or deny geospatial data at a moment of their choosing not through jamming, which is detectable, but through quiet manipulation of the data itself. I raised this because it changes the threat model: the risk isn't just losing access to geospatial data, it's receiving geospatial data you can't trust.
KASLR bypass came up here in the specific context of processing nodes running geospatial workloads hardened systems that may not be on aggressive patch cycles, where kernel-level mitigations are sometimes the last meaningful layer of defence.
Protecting Geospatial Systems and Satellite Infrastructure
I opened my contribution by framing the threat landscape in terms of what adversaries actually target. Satellite infrastructure presents a layered attack surface the space segment, the ground segment, and the user segment each carry distinct vulnerabilities. The ground segment is often the weakest: uplink facilities, processing nodes, and the data pipelines feeding downstream users are frequently built on commercial-off-the-shelf components with known vulnerability profiles.
This is where zero-day vulnerabilities become a specific concern. A nation-state adversary with a stockpile of undisclosed exploits targeting GEOINT ground infrastructure can, in principle, corrupt or deny geospatial data at a moment of their choosing not through jamming, which is detectable, but through quiet manipulation of the data itself. I raised this because it changes the threat model: the risk isn't just losing access to geospatial data, it's receiving geospatial data you can't trust.
KASLR bypass came up here in the specific context of processing nodes running geospatial workloads hardened systems that may not be on aggressive patch cycles, where kernel-level mitigations are sometimes the last meaningful layer of defence.
.jpeg)
Zero Trust for Critical Defence Networks
The question of how you architect a defence network that handles geospatial data from multiple sources allied feeds, commercial satellite imagery, classified sensor outputs is fundamentally a trust problem. I argued that Zero Trust Architecture is the only coherent answer.
In a traditional perimeter model, once you're inside the network you're largely trusted. In a geospatial defence context, that assumption is catastrophic. Data enters from dozens of sources. Analysts, platforms, and automated systems consume it. A single compromised node or a single poisoned feed propagates through a trusted interior.
ZTA flips the model: no implicit trust, continuous verification, least-privilege access at every layer. Applied to geospatial pipelines specifically, it means every data feed is authenticated, every query is logged, and access to sensitive spatial layers is granted on a need-to-know basis that is enforced technically, not just by policy.
In a traditional perimeter model, once you're inside the network you're largely trusted. In a geospatial defence context, that assumption is catastrophic. Data enters from dozens of sources. Analysts, platforms, and automated systems consume it. A single compromised node or a single poisoned feed propagates through a trusted interior.
ZTA flips the model: no implicit trust, continuous verification, least-privilege access at every layer. Applied to geospatial pipelines specifically, it means every data feed is authenticated, every query is logged, and access to sensitive spatial layers is granted on a need-to-know basis that is enforced technically, not just by policy.
.jpeg)
Privacy Budget and Differential Privacy in GEOINT
One of the more technically nuanced threads in the session involved the tension between intelligence sharing and data exposure. Sharing geospatial intelligence with allied partners is operationally valuable. It is also, without careful architecture, a way of leaking the collection methodology, sensor positioning, and analytical capability of the sharing party.I discussed differential privacy and the concept of a privacy budget in this context. When you query a geospatial dataset repeatedly asking for patterns, anomalies, movement signatures each query leaks a small amount of information about the underlying data. A privacy budget is a formal bound on how much total leakage is permissible before the queries must be refused or the results degraded. Applied to shared GEOINT environments, it gives you a principled way to enable analytical collaboration without progressively exposing your raw collection.
This connects directly to Zero-knowledge proofs a cryptographic method by which one party can prove to another that a claim about data is true without revealing the data itself. In a geospatial context: proving that a particular asset was observed within a defined area of interest without disclosing the sensor's actual position or the full imagery. I raised ZKPs as an underutilised tool in the GEOINT sharing problem, particularly relevant in coalition environments where full data disclosure is neither politically nor operationally acceptable.
Homomorphic Encryption The Audience Question
One of the more engaged exchanges during the Q&A came after I discussed homomorphic encryption in the context of processing sensitive geospatial data across untrusted or semi-trusted compute environments. The question from the floor was direct: "Is homomorphic encryption actually deployable at the scale and latency that operational geospatial systems require, or is this still fundamentally a research tool?"It's the right question. My honest answer was: we are in a transitional period. Fully homomorphic encryption which allows arbitrary computation on encrypted data remains computationally expensive at scale. The latency overhead for complex geospatial operations is still significant. However, partially homomorphic and levelled homomorphic schemes, which support a defined set of operations, are moving toward practical deployment in specific high-value use cases. The compelling application in this context is exactly what was described in the network-centric session too enabling a partner nation's analytical layer to query encrypted geospatial datasets without decryption, preserving both data security and analytical utility.
The trajectory is toward deployment. The honest timeline for operational-scale fully homomorphic systems in geospatial pipelines is probably five to eight years for most contexts, with specific constrained applications earlier. That answer generated a follow-up from the same audience member about whether post-quantum readiness of these encryption schemes was being considered in parallel which led neatly into the next thread.
Post-Quantum Cryptography and the Satellite Infrastructure Problem
Satellite infrastructure has a specific post-quantum problem that I wanted to surface in this session. Satellites launched today will be operational for fifteen to twenty years. The cryptographic protocols protecting their command-and-control links, their data downlinks, and their authentication systems are in many cases based on RSA and elliptic curve cryptography both of which are broken by a sufficiently capable quantum adversary running Shor's algorithm.I discussed Peter Shor's 1994 result not as a historical curiosity but as a planning constraint. If you are designing or procuring satellite infrastructure today, the migration to post-quantum cryptography is not a future problem it is a current design decision. The migration challenges are real: legacy systems with embedded cryptographic assumptions, constrained uplink bandwidth that limits the size of post-quantum key exchanges, and the coordination problem of migrating ground and space segments simultaneously.
Lattice-based cryptography is where the global alignment is converging. NIST's post-quantum standardisation process has weighted heavily toward lattice constructions CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium for digital signatures. I discussed where China, Russia, and the United States are each moving: the US through the NIST process and NSA guidance toward lattice-based standards; China through its own parallel standardisation track with some convergence on lattice methods but with domestic algorithm preferences that create interoperability questions; Russia maintaining a more opaque posture but with known investment in quantum computing research that suggests they are not passive observers. The geopolitical dimension of PQC standardisation who sets the standard, who audits compliance, who controls the reference implementations is itself a dimension of the cyber-geospatial problem.
Countering Hybrid and Asymmetric Threats with Integrated GEOINT
The session's closing thread was perhaps the most strategic. Hybrid threats the combination of conventional military pressure, cyber operations, disinformation, and economic coercion are explicitly designed to operate below thresholds that trigger conventional response. Geospatial intelligence, when properly integrated with cyber situational awareness, is one of the tools that makes hybrid operations legible.I raised AI security threats in this context specifically the risk that AI-assisted geospatial analysis systems are themselves targets. An adversary who understands that your targeting or pattern-of-life analysis runs through a specific AI model has an incentive to probe and manipulate that model's inputs. Distillation attacks reconstructing a model's behaviour by observing its outputs are relevant here: if your GEOINT-AI pipeline's decisions can be predicted by an adversary, you've handed them a significant operational advantage.
The integration of cyber and GEOINT disciplines isn't just a technical architecture question. It's a question of whether the people who understand satellite vulnerability assessments are talking to the people who understand cryptographic attack surfaces, and whether both groups are talking to the people making doctrine. At GWF 2026, for a few days at least, they were.
Series: Geospatial World Forum 2026, RAI Amsterdam | April 27 – May 1
Previous: Panel Discussion 5 Network-Centric Warfare and Data Centricity Next: Session 1 AI-Powered Urban Analytics: Data Science for Infrastructure Intelligence
.jpeg)
.jpeg)
.jpeg)
.jpeg)
.jpeg)
.jpeg)
