Threat actors may compromise the Key Management Service (KMS) controlling the encryption of the Ground Station's data output. By disabling, deleting, or maliciously rotating the Customer Master Keys (CMKs) used to encrypt the digitized RF streams (VITA 49) stored in cloud buckets, the adversary renders the downlinked mission data permanently inaccessible to the operator, even if the satellite itself remains healthy.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.