An attacker can replace the authentication keys (e.g SDLS session keys) to disconnect the legitimate ground station and potentially hijack the connection.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.