Cross-Domain Application

CCMM applied to
communications threat intelligence.

Standard analytical frameworks catalogue known attack techniques. They are structurally incapable of assigning prospective probability to threat execution under defined geopolitical and operational conditions. CCMM is designed to operate in exactly the space where those frameworks stop.

CCMM analytical components active across all domains:Prospective ProbabilityConditional Scenario TreeHistorical Analog ComparisonEvidence LabellingFalsifiability Conditions
Domain 01
Satellite Communications

Commercial and government satcom networks operating in contested environments face threats that cross the boundary between cyber, electronic warfare, and geopolitical actor intent. No single framework addresses this boundary. CCMM does.

  • Ground segment exploitation via governance and acquisition transitions
  • Civilian infrastructure spillover in dual-use satcom architectures
  • Pre-event timing signals linking satcom interdiction to kinetic precursors
  • RF jamming succession following cyber mitigation deployment
  • Contested attribution as a deliberate operational feature
View analysis
Domain 02
Space Communications

Orbital systems, space situational awareness networks, and inter-satellite link architectures face threat classes that are conditional on adversary orbital posture, launch activity, and frequency domain behaviour. These threats are invisible to retrospective frameworks.

  • Co-orbital threat probability conditional on adversary constellation manoeuvre signatures
  • Directed energy and ASAT precursor signals across geopolitical and technical domains
  • Debris cascade probability as a deniable interdiction mechanism
  • Frequency interference in contested orbital slots
  • Dual-use satellite repurposing probability under escalation conditions
View analysis
Domain 03
Tactical Defence Communications

MANET radio networks, military command-and-control links, and UAV data links in contested theatres face actor-specific, operationally conditioned threat chains that standard security frameworks are not designed to model prospectively.

  • RF jamming probability conditional on adversary EW posture and proximity
  • Node compromise chains across MANET mesh topologies
  • Supply chain interdiction of specialist radio hardware
  • C2 link interdiction probability as a combined arms precursor
  • Adversary vector pivot from cyber to electronic warfare under mitigation conditions
View analysis

What standard frameworks cannot do

A structural comparison against MITRE ATT&CK for Space, STRIDE, and ISM control mapping.

Analytical Capability
Standard Frameworks
CCMM
Prospective probability assignment to threat execution
Not supported. Frameworks are designed to catalogue, not predict.
Conditional probability assigned under defined precondition sets, with observable revision triggers.
Cross-domain threat chain modelling (geopolitical + technical)
Not supported. Single-domain scope by design.
Geopolitical actor intent integrated with technical attack chain analysis in a single conditional structure.
Analysis under contested attribution conditions
Attribution treated as a precondition. Analysis waits for resolution.
Evidence labelling ([OF]/[CC]/[AA]/[RC]) enables probability-weighted actor assessment from Day 1.
Successor threat modelling (adversary vector pivot)
Not supported. Techniques catalogued only after execution.
Conditional successor branches modelled prospectively with probability assigned to each pivot scenario.
Falsifiable assessments with observable revision conditions
Not supported. Outputs are classifications, not testable predictions.
Every probability assignment carries a falsifiability condition. If the indicator is absent, the assessment revises.

CCMM is now applied to satellite and space communications.

The companion paper applying CCMM to the 2022 KA-SAT cyberattack demonstrates five threat findings that incumbent frameworks are structurally incapable of surfacing. Read the analysis in the Intelligence Library.

Read the Analysis
Research Publication

Five threats standard frameworks
are structurally incapable of surfacing.

The CCMM companion paper applies the methodology to the 2022 KA-SAT cyberattack against Viasat's satellite communications network. This case demonstrates the plausibility of conditional, falsifiable threat assessment in satellite communications, identifying conditions under which high-impact events become likely, including those that exist in the low-probability domain that conventional analytical models do not observe.

SSRN Working Paper  |  Companion Publication
Prospective Threat Identification in Satellite Communications: A Conditional Consequence Mapping Methodology Demonstration Using the 2022 KA-SAT Cyberattack

Applies CCMM to the Viasat KA-SAT case, demonstrating five categories of threat finding that MITRE ATT&CK for Space, STRIDE, and ISM control mapping are structurally incapable of producing. All five findings were analytically derivable before the event. None were produced by incumbent frameworks. Published under open access for academic citation and prior-art purposes.

SSRNAbstract ID 6566478
Zenodo10.5281/zenodo.19548175
AuthorPrasanna Abeysekera  |  GABEY Consulting Pty Ltd (ACN 121 511 055)
Read on SSRN Zenodo Record
Five findings invisible to standard frameworks
01
Conditional Timing Signal
Pre-event satcom interdiction probability

CCMM assigned 61-74% probability to satcom interdiction as a kinetic invasion precursor, derivable from observable force posture and historical analog patterns in the 60-day pre-invasion window.

02
Governance Transition
Acquisition handoff as attack surface

The Viasat-Eutelsat transition created a distributed accountability gap. CCMM models corporate transitions as elevated-probability attack windows. No standard framework does.

03
Civilian Spillover
Critical infrastructure cascade probability

CCMM assigns 67-79% probability to civilian critical infrastructure disruption in dual-use satcom architectures with the observed segmentation characteristics.

04
Attribution Ambiguity
Contested attribution as deliberate design

CCMM produced a composite attribution confidence of 0.79 on Day 1. Formal government attribution confirmed the same actor 75 days later. Evidence labelling enables analysis without attribution certainty.

05
EW Succession
Adversary pivot to RF jamming

CCMM assigned 63-68% probability to RF jamming succession within 18 months of cyber mitigation deployment. Viasat confirmed this materialised. No standard framework models adversary vector pivots.

Standards tell you what to implement. CCMM tells you whether it will hold, especially in the scenarios you are least likely to anticipate.

CCMM does not replace standard frameworks. It operates above them, as an analytical method that evaluates whether their outputs hold under real-world conditions, particularly in the low-probability, high-consequence domain where high-impact satcom events demonstrably originate.

Methodology: Bayesian conditional probability, Monte Carlo scenario tree, Historical Analog Comparison (HAC), evidence labelling [OF]/[CC]/[AA]/[RC], falsifiability conditions. Documented at SSRN Abstract ID 6364078. Companion paper: SSRN Abstract ID 6566478.
ProspectiveProbabilisticFalsifiableCross-domain
Working Paper · Research Publication Record
Prospective Threat Identification in Satellite Communications: A Conditional Consequence Mapping Methodology Demonstration Using the 2022 KA-SAT Cyberattack
Applies the Conditional Consequence Mapping Methodology to the 2022 KA-SAT cyberattack, producing five categories of prospective threat finding not ordinarily generated by incumbent frameworks including MITRE ATT&CK for Space, STRIDE, and ISM control mapping. All five were analytically derivable before the event occurred.
Document ID: GABEY-WP-2026-04-CCMM-SATCOM-KA-SAT-v1.0Version: v1.0
Download PDF Read on SSRN Download via Zenodo Download SHA-256 Hashes Download OpenTimestamps Proof (.ots)
Author
Prasanna Abeysekera, GABEY Consulting Pty Ltd (ACN 121 511 055)
ORCID
0009-0005-1720-0601
SSRN Abstract ID
6566478Companion to 6364078 (CCMM methodology paper)
Zenodo DOI
10.5281/zenodo.19548175
Methodology basis
Companion demonstration paper to CCMM framework (SSRN Abstract ID 6364078, Zenodo DOI 10.5281/zenodo.19382186). This paper extends the methodology to the satellite communications domain.
Paper submitted (SSRN)
13 April 2026 (Australia/Melbourne, AEST, UTC+10)
Public disclosure published
13 April 2026 - SSRN submission confirmed, Abstract ID 6566478 assigned. Zenodo record published, DOI 10.5281/zenodo.19548175 assigned. Under SSRN classifier review.
Publication status
Preprint - under SSRN classifier review. Archived at Zenodo.
SHA-256 (PDF)
65bc097e6c73632a8f0c3bef8c1b00956e7478c3db070c8b9a91d36fcc0d75b9
SHA-256 (Zenodo archive)
Verify at doi.org/10.5281/zenodo.19548175
OpenTimestamps
Bitcoin blockchain timestamp proof available for download above. File: WP-2026-04-CCMM-SATCOM-KA-SAT-v1.0.pdf.ots. Timestamp established prior to SSRN submission on 13 April 2026. Verifiable at opentimestamps.org.
Five findings
(1) Conditional timing signal - satcom interdiction as kinetic precursor, 61-74% probability.
(2) Governance transition as probabilistic attack surface, estimate 0.62.
(3) Civilian infrastructure spillover in dual-use architectures, 67-79% probability.
(4) Attribution ambiguity as a deliberate operational vector, composite confidence 0.79 [AA].
(5) Electronic warfare succession following cyber mitigation, 63-68% probability.
Case examined
2022 Viasat KA-SAT cyberattack (24 February 2022). Attribution: Russian GRU / Sandworm, formally confirmed by US, UK, EU and Five Eyes partners on 10 May 2022.
Domains covered
Satellite communications, space systems, critical infrastructure, cyber-geopolitical hybrid operations.
Frameworks compared
MITRE ATT&CK for Space, STRIDE, Australian Information Security Manual (ISM) and equivalent compliance control mappings.
JEL codes
C11 (Bayesian Analysis); C53 (Forecasting and Prediction Methods); H56 (National Security and War)
Keywords
satellite communications security; cyber threat intelligence; prospective threat assessment; conditional probability; Conditional Consequence Mapping Methodology; KA-SAT; Viasat; hybrid warfare; electronic warfare; critical infrastructure; falsifiability; threat forecasting
Contact
gabeyinfo [at] gmail [dot] com Contact / Support
Author contact is recorded in the publication artefacts (PDF / Zenodo archive).
IP notice
The Conditional Consequence Mapping Methodology (CCMM) is a proprietary analytical methodology of GABEY Consulting Pty Ltd (ACN 121 511 055). Publication for academic and prior-art purposes does not constitute a licence to reproduce, apply commercially, or derive from the methodology without written authorisation. All rights reserved.
Publication notice
This working paper is a research preprint. It has not completed formal peer review. Findings represent the analytical output of the CCMM framework applied to publicly available evidence. All claims carry evidence labels ([OF] / [CC] / [AA] / [RC]) per CCMM protocol.