Introduction
The February 2026 Strait of Hormuz closure has exposed a category of critical infrastructure vulnerability that U.S. resilience doctrine does not currently model. Military and commercial LEO satellite communications depend on ground segment infrastructure whose critical supply inputs — including helium, specialty cooling gases, and specific semiconductor families — transit Hormuz. When physical allocation regimes replace price-based market clearing, those inputs become unavailable regardless of budget. No adversary needs to jam a satellite or strike a ground station. The degradation is ambient, distributed, and deniable. The Critical Infrastructure Risk Management Framework and the emerging Five Eyes-aligned consensus on space systems security require a new analytical layer that treats volumetric supply chain failure as a distinct threat category, and pre-positioned component buffers (supplies) must enter SATCOM resilience doctrine as a first-class planning requirement.
The intelligence and policy communities have spent considerable energy since February analyzing what the Hormuz closure did to oil markets, LNG flows, and Gulf security architecture. That analysis is necessary and important. But there is a second-order consequence accumulating largely unexamined in the background — one that sits at the intersection of economic systems analysis and satellite communications security, and that has direct implications for how the United States and its closest allies protect their most critical ISR and communications infrastructure.
The short version: we have been thinking about SATCOM resilience as mostly a cybersecurity problem. It is also, and in a sustained conflict scenario perhaps primarily, a supply chain physics problem. And our doctrine doesn’t know the difference.
Two Frameworks, One Blind Spot
On March 24, 2026 — in the midst of the Hormuz crisis itself — a coalition of allied signals and space agencies published a detailed cybersecurity framework for LEO satellite communications. The publication, titled “Securing space: Cyber security for low earth orbit satellite communications,” was authored by the Australian Signals Directorate’s Australian Cyber Security Centre, the Australian Space Agency, the Canadian Centre for Cyber Security, the National Security Agency, and the New Zealand National Cyber Security Centre. It is a serious document. It maps threats across five LEO satellite architectural segments: space, ground, user, communication links, and supply chain. It recommends vendor diversification, hardware and software bill of materials transparency, post-quantum cryptography migration, and modular interoperable architectures. These are the right recommendations. They reflect genuine analytical rigor about the adversarial threat landscape facing LEO SATCOM infrastructure.
But the framework’s threat model is implicitly peacetime. Its supply chain mitigations assume a functioning global procurement environment in which the problem is securing access to components, not whether those components exist at all. That assumption, as of February 2026, is no longer sufficient.
The Hormuz closure removed approximately 20 million barrels per day of crude transit, 20 percent of global LNG trade, and — critically for this analysis — approximately one-third of global helium supply from the world economy simultaneously. The economic systems analysis of this event makes a distinction that the cybersecurity community has not yet absorbed: this is not a price shock. It is a volumetric shock. The difference is not semantic. Price shocks are absorbed by demand destruction and market clearing — higher prices ration consumption until equilibrium is restored. Volumetric shocks, above a specific threshold, trigger physical allocation regimes. The molecules don’t exist at any price. Financial hedges pay out in cash. Operations halt anyway.
When you are running a satellite ground station and the cooling medium for your superconducting electronics is unavailable at any price, the sophistication of your vendor diversification strategy is irrelevant.
Helium Is Not Only a Semiconductor Problem. It Is a Ground Segment Problem.
The helium supply disruption has received coverage primarily through the lens of semiconductor manufacturing — chip fabs depend on helium for cooling and cleaning processes, and Qatar’s share of global production creates obvious exposure. The U.S. Geological Survey places Qatar’s 2024 contribution at approximately 36 percent of world supply. Reuters reported on March 31 that South Korean chipmakers Samsung and SK Hynix hold four to six months of helium inventory, projecting supply adequacy through mid-2026 under sustained disruption. That is a serious industrial problem.
It is not the only problem. Helium is also a critical cooling medium for cryogenic and superconducting electronics, including in high-performance satellite ground station infrastructure. The ground segment — satellite control centers, gateway stations, user terminals — is what connects the space-based constellation to the operational users who depend on it. It is, as the Five Eyes-aligned framework correctly notes, typically the most interconnected and vulnerable point in a space system. It is also the point most dependent on the specialized industrial supply chain that Hormuz closure places under physical allocation pressure.
A sustained closure doesn’t require Iran to attack Al Udeid, jam a Starlink uplink, or deploy a cyber intrusion against a ground station network. The degradation accumulates through industrial attrition. Components fail under normal operational wear and cannot be replaced. Firmware update infrastructure becomes unsustainable. The human capital maintaining these systems is subject to the same macroeconomic pressures — currency stress, industrial closure, disrupted logistics — cascading through the broader economy. None of this requires an adversary to touch a SATCOM system directly. The effect is ambient, distributed, and under current attribution frameworks, essentially deniable.
A Third Rung on the Escalation Ladder
This matters doctrinally as much as operationally. Current escalation management frameworks distinguish two categories of ISR-denial: kinetic, meaning direct strikes on ground infrastructure or anti-satellite weapons deployment; and cyber, meaning jamming, spoofing, command injection, or network intrusion. Both categories have threshold visibility — they generate attribution signatures, they cross legal thresholds that trigger response obligations, and they are at least theoretically detectable in near-real-time.
Economic attrition of space-enabling infrastructure through supply chain disruption operates below both thresholds simultaneously. It produces ISR degradation effects comparable in operational consequence to a direct ground station strike. It does not cross the armed conflict thresholds that kinetic action triggers under international law. It does not generate the technical signature that cyber operations increasingly produce. And it benefits from the inherent ambiguity of market forces — at what point does a commodity shortage become a deliberate weapon? The answer, for planning purposes, is that it doesn’t matter. The operational effect is identical regardless of intent.
We do not have an escalation rung for this. We need one.
The Framework Gap
The implications extend well beyond military ISR architecture into the broader allied critical infrastructure landscape. The Critical Infrastructure Risk Management Framework — the organizing architecture through which the United States and its Five Eyes partners coordinate protective action across essential services — presupposes supply chain continuity as a background planning condition. Its risk methodology is organized around adversarial action: cyber intrusion, physical attack, insider threat, and natural hazard. Volumetric supply chain failure, operating through the economic mechanism the Hormuz closure has demonstrated, does not map cleanly onto any of these categories. It is not an attack. It is not a hazard in the conventional sense. It is a structural shift in global market conditions that produces infrastructure degradation as an emergent property.
This is a classification problem with operational consequences. The Critical Infrastructure Risk Management Framework’s treatment of supply chain risk focuses on vendor integrity, component provenance, and adversarial insertion — the same concerns the allied SATCOM document addresses through SBOM and HBOM requirements. Neither framework has a risk register entry for the scenario in which a non-adversarial market event removes a critical input from global availability entirely. The Hormuz closure is not a supply chain attack in any conventional sense. It is a supply chain elimination, and the distinction matters enormously for how protective action is scoped, resourced, and timed.
The sectors most exposed are precisely those where LEO SATCOM services have become infrastructural rather than supplementary: maritime operations, energy pipeline monitoring, agricultural IoT, emergency response communications across remote geographies. In each case, the ground segment components enabling that connectivity share supply chain dependencies with the broader semiconductor and specialty gas ecosystem now under allocation pressure. A 90-day sustained closure — which serious analysts are treating as a medium prudent planning baseline rather than a tail risk — is sufficient to exhaust component buffers in ground station infrastructure operating on just-in-time procurement assumptions, because no current framework models this failure mode as a design condition.
The allied coalition that produced the LEO SATCOM cybersecurity framework is the appropriate vehicle for addressing this gap. That coalition has demonstrated both the technical depth and the cross-domain analytical range to extend its SATCOM security work into supply chain resilience under conflict conditions. The logical next step is a companion publication that maps critical ground segment input dependencies against conflict-scenario supply chain disruption, identifies the specific components and materials most exposed to Hormuz-corridor physical allocation risk, and establishes pre-positioning standards for allied operators. The framework exists. The analytical community exists. What is missing is the synthesis.
What Needs to Happen
The response is concrete. Pre-positioned buffer stockpiles of critical ground segment components — helium reserves, specialty cooling gases, specific long-lead semiconductor families — must enter SATCOM resilience doctrine as a first-class requirement alongside jamming resistance and post-quantum cryptography migration. The Critical Infrastructure Risk Management Framework requires an explicit volumetric supply chain failure mode, treated as a planning condition distinct from adversarial threats and modeled against realistic conflict-scenario timelines rather than peacetime procurement assumptions.
The warning indicators for this vulnerability have been visible since at least the 2019 Abqaiq strikes demonstrated Iran’s willingness to attack Gulf energy infrastructure at scale. The analytical synthesis required to connect Hormuz supply chain exposure to LEO SATCOM ground segment resilience was not technically difficult. It required integrating open-source economic analysis with published cybersecurity frameworks — exactly the kind of cross-domain work that institutional structures consistently under incentivize. The gap is not epistemic. It is organizational.
The cost of maintaining component buffers is low and bounded. The operational cost of ISR and communications degradation through supply chain attrition during a sustained Gulf conflict is potentially decisive and unbounded. The global system will survive this shock, but it will do so by consuming its remaining financial, physical, and political buffers. The question for allied critical infrastructure security is whether those buffers will be reconstituted before the next shock arrives — or whether what we are living through now becomes the baseline from which all future resilience planning must begin.
We should answer that question through proper planning before choices are forced up on us.
References
[1] NSA / ASD ACSC et al., “Securing space: Cyber security for low earth orbit satellite communications” (March 24, 2026). Authoring agencies: Australian Signals Directorate’s Australian Cyber Security Centre, Australian Space Agency, Canadian Centre for Cyber Security, National Security Agency, New Zealand National Cyber Security Centre.
[2] NSA Press Release, “NSA and ASD’s ACSC Release Joint Guidance on LEO SATCOM System Risks and Mitigations” (March 24, 2026).
[3] U.S. Geological Survey, Mineral Commodity Summaries 2026: Helium. Qatar’s 2024 share of global helium production: approximately 36 percent.
[4] Heekyong Yang and Hyunjoo Jin, “Helium stocks of South Korea’s chipmakers to last until June, sources say,” Reuters, March 31, 2026.
[5] Congressional Research Service, “Iran Conflict and the Strait of Hormuz: Impacts on Oil, Gas, and Other Commodities,” March 2026. Crude oil transit: approximately 27% of world maritime trade; LNG: 20% of global trade.
[6] Pasi Eronen Watt. “The 2026 Volumetric Shock” https://www.linkedin.com/posts/peronen_iran-war-volumetric-shock-a-systems-analysis-ugcPost-7447004124837244928-X7Qh Accessed 7 April 2026.
