Identifying Emerging Security Threats Through Satellite Data Fusion

Introduction

Satellite data, including Automatic Identification System (AIS) feeds, Synthetic Aperture Radar (SAR) imagery, GNSS signals and other sensor readings, provides a powerful window into activity at sea and on land. However, satellite data alone rarely provides enough context to support critical decisions. For national security agencies and maritime organizations, the challenge is to fuse this information with other intelligence sources – from human intelligence (HUMINT) and open-source intelligence (OSINT) to transaction records and corporate registries – so analysts can quickly identify threats, anticipate patterns and act decisively.

DataWalk is an intelligence analysis platform designed to meet this challenge. It unifies structured and unstructured intelligence sources, along with sensors, drones and communications data, into a single analytical environment, delivering insights up to 10× faster than traditional systems. The platform is engineered for open networks, classified networks and air‑gapped environments, enabling agencies to maintain operational sovereignty while integrating diverse data sources. This white paper explores how satellite-related data can be analyzed using DataWalk, drawing on real examples of AIS dark activities, vessel identity verification, beneficial ownership investigations and situational‑awareness monitoring. It also discusses emerging threats such as GNSS jamming and sabotage of undersea infrastructure, illustrating how a knowledge‑graph approach turns fragmented data into intelligence.

The Role of Satellite Data in Intelligence Analysis

Beyond Imagery: A Fusion of Sources

Modern satellites do far more than deliver pictures; they collect data about radio frequencies, positioning signals, vessel identifiers, weather, terrain and emissions. Yet satellite‑derived information is only one piece of a larger intelligence mosaic. To understand vessels turning off AIS beacons, or the origin of suspicious transmissions, analysts need to combine internal intelligence data sources and satellite observations with shipping registries, port call logs, financial data, and crew records, all supplemented with open‑source reporting. DataWalk’s platform helps agencies accomplish this fusion by automatically converting unstructured and multilingual text into an ontology‑driven knowledge graph, preserving context and relationships.

Figure 1: An example of DataWalk Contextual Entity Resolution synthesising data from multiple sources

Scale and Complexity

Global AIS networks track tens of thousands of vessels simultaneously, generating millions of messages per day. Synthetic‑aperture radar satellites produce high‑resolution images even through clouds, while optical sensors deliver multispectral imagery that highlights ship wake and oil spills. Meanwhile, GNSS systems provide precise positioning for aircraft and ships but are vulnerable to jamming and spoofing. Traditional intelligence tools struggle to process these massive, diverse streams. DataWalk addresses this challenge by storing data in a unique architecture that scales to billions of records, allowing live queries across hundreds of millions of transactions.

Emerging Security Threats Revealed by Satellite Data Analysis

GNSS Jamming and Spoofing

In September 2025, a plane carrying European Commission president Ursula von der Leyen experienced GPS jamming over Bulgaria. The aircraft landed safely in Plovdiv, but the incident underscored a worrying trend: countries bordering Russia have reported increasing electronic interference with aviation, shipping and drones. According to EU spokesperson Arianna Podestà, Bulgarian authorities suspect blatant interference by Russia, although the exact source has not been confirmed. The episode is one of dozens of GNSS disruptions documented since 2022, involving jamming and spoofing that forces pilots to revert to paper maps. Analysts note that jamming overwhelms navigation signals while spoofing misleads receivers into believing they are elsewhere. Such incidents are part of a broader pattern of hybrid warfare targeting Western infrastructure.

Sabotage of Undersea Cables

The Baltic Sea has become a hotspot for submarine cable sabotage. Windward’s Maritime AI analysis notes that two types of threats exist: accidents from fishing and commercial vessels, and state‑sponsored operations. Intelligence suggests an increase in state‑backed surveillance and potential sabotage by Russian‑affiliated naval assets, including AIS signal spoofing, prolonged loitering near critical infrastructure and covert mapping of undersea assets. The region’s shallow, narrow waters, combined with strategic chokepoints and heightened geopolitical tension, make its fiber‑optic cables and pipelines especially vulnerable. Russia has been accused of mapping undersea infrastructure and conducting anchor‑dragging incidents. Cutting cables can disrupt internet traffic and energy flows across NATO states, undermining economic stability and national security.

Human Smuggling and Illegal Migration

Another use case for satellite and AIS analysis involves monitoring focal points for illegal migration. Human smuggling operations often rely on fishing boats or cargo vessels that switch off AIS transponders to avoid detection. By analysing satellite imagery of coastal areas and correlating it with AIS dark activity, analysts can identify clandestine embarkation points and patterns. DataWalk’s ability to integrate OSINT, shipping records, data from reports and intelligence data sources and financial transactions allows agencies to connect vessels to smuggling networks and focus patrols on high‑risk routes.

Military Movements and Strategic Situational Awareness

Tracking military convoys, troop movements or unusual naval deployments requires a holistic view of data. Combining satellite imagery with AIS, logistics data and geopolitical events enables analysts to predict whether a vessel is transporting military equipment or simply repositioning. DataWalk’s knowledge graph links people, companies, vessels, ports and destinations, allowing analysts to detect anomalies and cross‑border transfers. For example, unusual loitering near cable landing stations combined with AIS dark zones and jamming alerts can indicate the staging of sabotage operations.

Use Cases: Satellite Intelligence Analysis with DataWalk

Use Case 1 – AIS Dark Activities

Automatic Identification System transponders broadcast a vessel’s location, identity and speed. When a vessel stops transmitting AIS for more than 20 minutes—outside natural radio dead zones—it is considered to be conducting dark activities. In July 2025, analysts detected 125 vessels going dark for more than 30 minutes within a single day on a busy sea route (not all necessarily malicious). DataWalk can record the last known AIS packet’s time and location, then flag any extended gaps where other ships in the same geohash area continue to transmit. Analysts can cross‑reference these gaps with GNSS jamming data, port logs or sensitive infrastructure polygons to assess whether the dark zone corresponds to suspicious behavior, such as a vessel meeting another ship or loitering near undersea cables. By fusing AIS time series with satellite imagery and knowledge graphs, DataWalk reveals patterns that flat indexing would miss.

Use Case 2 – Vessel Identity Verification (MAID)

Criminal or state actors may use fraudulent transponders registered to other ships to conceal a vessel’s true identity. In one scenario, a cargo ship claimed to sail under the Cypriot flag but may have been a Russian spy vessel. Analysts used DataWalk to search Maritime Mobile Service Identity (MMSI) datasets and automatically download Mobile Advertising Identifier logs (MAIDs) for the Baltic Sea. By creating geospatial and temporal filters on a map, they selected 147 MAID logs representing 16 unique devices and ran a DataWalk application to check where those IDs had been recorded in the past two weeks. Twelve devices had previously been logged in Russia and four in a military base in the Kaliningrad area. This cross‑correlation of MAIDs, AIS logs and geopolitical information highlights how DataWalk’s knowledge graph surfaces discrepancies between declared and actual vessel identities.

Additional verification comes from comparing vessel dimensions estimated via SAR imagery with the dimensions declared in AIS. Deviations greater than ±10–15% in length or beam are strong indicators that the transmitting identity does not match the observed vessel.

Use Case 3 – Vessel Beneficial Ownership Analysis

Vessels involved in sabotage or sanctions evasion often sail under a flag of convenience. A ship may be registered to a company in Cyprus but actually controlled by a Russian entity through complex ownership chains. With DataWalk, analysts can run a visual, no-code query or use a natural‑language interface (e.g., Librechat) to find the beneficial owner of a vessel. When investigating a ship called Sunnyside Gas, the platform reported that it was owned by a Cyprus‑registered company. Further analysis revealed that the company was ultimately controlled by individuals of Russian nationality. DataWalk’s link‑chart visualisation displayed connections between shipping companies, holding firms and beneficial owners, enabling analysts to identify vessels that might be used for covert operations or sanctions evasion.

Figure 2: An example of ownership identification using DataWalk graph inference techniques

Use Case 4 – Vessel Profile and Situational Awareness Monitoring

For sustained situational awareness, agencies need to monitor vessel behavior over time. Analysts can select a region—such as the Bornholm Basin in the Baltic Sea—and apply filters on AIS data to identify vessels present in a given period. For example, in one case, 34 vessels were identified, and by overlaying polygons representing points of interest (e.g., critical undersea cables) plus a 2–3 kilometer buffer, DataWalk narrowed the list to vessels that came close to critical infrastructure. Next, analysts cross‑checked GPS jamming incidents in the same geohash and timeframe, discovering whether dark zones aligned with reported jamming events. In one case, a Cyprus‑flagged vessel was detected near the Baltic Sea cable polygon during a period of GPS interference, while a Russian‑affiliated ship was identified as responsible for a nearby jamming event. Such correlation across multiple datasets allows analysts to prioritize inspections and produce evidence for legal or diplomatic action.

Figure 3: An example of vessel profile monitoring in DataWalk, that uses AI to monitor entity behavior over time

Conclusion

Satellite data has become a cornerstone of modern intelligence, but its real value emerges only when fused with other sources in a knowledge-graph environment. This fusion allows analysts to move from raw signals to actionable intelligence, revealing patterns that would otherwise remain hidden.

The ability to shorten analytic cycles from months to hours is now a decisive factor in maintaining initiative. In an era of hybrid threats, contested domains, and fast-moving crises, time and integration capacity are the most critical strategic advantages.

About DataWalk

DataWalk is an enterprise intelligence analysis platform that unifies structured and unstructured data into a scalable knowledge-graph environment. It enables analysts to rapidly integrate billions of records from diverse sources, including sensors, satellite feeds, communications, financial data, and open-source intelligence.

Designed for use in open, classified, and air-gapped environments, DataWalk provides:

• Self-service modeling – analysts can add new data sources and adjust data models without vendor engineers.
• Scalability – an enterprise architecture supporting billions of records.
• Security – fine-grained, cell-level access controls with full auditing.
• Interoperability – standard JDBC/ODBC connectors for seamless integration with existing systems.
• Cost efficiency – licensing and operating costs significantly lower than comparable platforms.

By transforming fragmented data into connected intelligence, DataWalk helps government, defense, and security organizations detect hidden patterns, accelerate investigations, and strengthen situational awareness.