Those are all things they should already be guarding against though for the most part and definitely not a cost incurred per unit. If they're not already doing tons of work to secure against malicious employees they're a joke of an ISP to begin with.
Security isn't binary. There's a difference between normal commercial-grade security, and being actively engaged in warfare against an adversary with serious cyber and space warfare capabilities.
Space doesn't matter here, if Russia decides to mess with StarLink by shooting down satellites there's nothing SpaceX can do beyond launching replacements. So we're back to the more normal security they should already be doing because ISPs are already huge targets for state level actors even if you're not involved in a war.
