To address cascading risks arising from the fragmentation of security, functional safety, and defensive mechanisms in mission-critical satellite ground-segment systems, this paper proposes the Attack-Fault-Defense Tree (AFDT)—a unified modeling framework that integrates attack trees, fault trees, and defense strategies for cross-domain collaborative modeling and qualitative risk root-cause analysis. AFDT formally captures the coupling mechanisms among adversarial attacks, system faults, and defensive actions, identifying six critical cascading vulnerability paths and proposing twelve synergistic hardening measures. Experimental evaluation demonstrates that the AFDT-based approach significantly enhances system resilience and reliability under concurrent malicious attacks and stochastic failures. The framework provides a scalable analytical paradigm and practical engineering support for resilient design of space–ground integrated information systems.

Cyber-physical systems, such as self-driving cars or digitized electrical grids, often involve complex interactions between security, safety, and defense. Proper risk management strategies must account for these three critical domains and their interaction because the failure to address one domain can exacerbate risks in the others, leading to cascading effects that compromise the overall system resilience. This work presents a case study from Ascentio Technologies, a mission-critical system company in Argentina specializing in aerospace, where the interplay between safety, security, and defenses is critical for ensuring the resilience and reliability of their systems. The main focus will be on the Ground Segment for the satellite project currently developed by the company. Analyzing safety, security, and defense mechanisms together in the Ground Segment of a satellite project is crucial because these domains are deeply interconnected--for instance, a security breach could disable critical safety functions, or a safety failure could create opportunities for attackers to exploit vulnerabilities, amplifying the risks to the entire system. This paper showcases the application of the Attack-Fault-Defense Tree (AFDT) framework, which integrates attack trees, fault trees, and defense mechanisms into a unified model. AFDT provides an intuitive visual language that facilitates interdisciplinary collaboration, enabling experts from various fields to better assess system vulnerabilities and defenses. By applying AFDT to the Ground Segment of the satellite project, we demonstrate how qualitative analyses can be performed to identify weaknesses and enhance the overall system's security and safety. This case highlights the importance of jointly analyzing attacks, faults, and defenses to improve resilience in complex cyber-physical environments.