John F. Kennedy said in 1959, “The Chinese use two brush strokes to write the word ‘crisis.’ One brush stroke stands for danger; the other for opportunity. In a crisis, be aware of the danger — but recognize the opportunity.” Although there is debate among linguists on the accuracy of this translation, the notion is useful when considering the impact of the growing cybersecurity crisis. For the satellite industry, emerging cyber threats represent both danger and opportunity.
Nobody should doubt that we are facing unprecedented cybersecurity challenges to our national and global infrastructure. Satellite networks are a primary mission-critical part of many infrastructure sectors, including broadcast networks, emergency services, information technology, the defense industrial base, navigation systems, communications and more. The satellite industry has undergone a major migration in recent years from closed and proprietary systems to open standards, including interoperability with terrestrial wireline and wireless broadband Internet Protocol (IP) connectivity. This evolution has largely been smooth and beneficial — reducing costs, empowering innovation, and leveraging both the growth and availability of IP-related technologies and applications. At the same time, this open approach and IP interoperability introduces danger in the form of threats and vulnerabilities on a scale that has never before been seen.
A key point I always return to regarding secure satellite networks for many of the diverse IP-centric applications I have been involved with over the years is that satellite networks are a one-hop solution, providing a direct secure connection directly behind the firewall. Unlike terrestrial IP networks where the routing is dynamically determined by a variety of network optimization algorithms, a satellite network has a single hop “router” and it’s in space, 26,000 miles away. It is inherently secure with no physical backdoor. An IP network engineer who performs a simple ping or traceroute on a satellite network will find a single deterministic path from source to destination.
The satellite industry has a distinguished history and a proven track record in providing secure solutions well beyond that of some other commercial communications technologies. We are already leaders in key areas essential to effective cybersecurity including encryption, subscriber management, access control, and overall system hardness. Most satellite operators already comply with a broad range of controls, checklists, and certifications, both domestic and international. Seen from a purely business perspective we have a headstart over other industries and a considerable competitive advantage.
So, What’s the Plan?
For many years I worked in the physical security community. They long ago developed a logical approach to protecting valuable assets and adopting new technologies in response to evolving threat severity and sophistication. Walls, moats and drawbridges gave way to fences and barriers, electronic intrusion detection sensors combined with Closed Circuit TV (CCTV) assessment, X-ray screening devices and biometric access control. Likewise, cybersecurity has evolved from simple firewalls and logins to De-militarized Zones (DMZs) complete with honeypots, intrusion detection systems, network monitoring devices, single sign-on services, as well as ransomware detection and prevention systems. This growing list of technologies is available today, as are cybersecurity frameworks and guidelines for selecting and deploying them.
The state-of-the-art thinking in developing a good cyber defense today is to use a top-down risk management driven approach — starting with an evaluation of the potential threats and system vulnerabilities, prioritizing assets and associated risks to them, and deploying a defense-in-depth physical and cybersecurity solution. Through continual testing of vulnerabilities and vigilant attention to evolving threat vectors, the solution is then adjusted and optimized in a true feedback control manner. As with physical security, threat actors can be both external and/or internal, so ground-based satellite network assets must be adapted and hardened to address both. We also need to utilize the advances made by cybersecurity pioneers from the Information Technology (IT) world with expertise in monitoring threat signatures in real-time and dynamically updating and deploying countermeasures in response.
Above all, we need to take this challenge seriously as an industry and not wait for an unexpected event to prod us into action. Cybersecurity is already an inherent part of the satellite industry’s DNA but it needs to become a regular habitual part of business planning, standards, industry culture, conference programs, daily language, and operational processes. VS