Battle in Cyberspace
October 19th, 2018Commercial satcom providers are under an unrelenting onslaught of cyber attacks. Stringent requirements of their military and government customers help keep them on their toes, constantly looking for innovative approaches to keep hackers at bay.
“At least thousands” of intrusion attempts are intercepted daily by cyber defense teams of U.S.-based satellite broadband provider Viasat, according to Ken Peterman, the company’s president of government systems. These attacks range in complexity and sophistication from actions of casual hackers, to campaigns run by organized criminal groups seeking financial gain, to efforts of state-sponsored agents striving to disrupt services provided to governments and steal valuable data.
Over the past decade, the entire global cyber space has turned into a battlefield. The raging war — with no end in sight — is affecting everyone using internet-based services and technologies. Operators of critical infrastructure from energy companies, to banks, and to telecommunications providers are under an unrelenting onslaught. Satellite operators are no exception and have to look for new methods to stay ahead of the attackers and prevent breaches.
“Many satellite service providers and operators push the perception that their network is more secure simply by it being a satellite,” says Dallas Kasaboski, a Senior Analyst at Northern Sky Research (NSR). “But while there is less of a hacking interest currently, as well as skills and established ways of hacking a satellite, it is not an impossible notion.”
The increasing interconnectedness of satellite and terrestrial networks presents a significant vulnerability and a possible gateway for hackers. Kasaboski cites the infamous 2017 cyber attack, which cost shipping giant Maersk more than $200 million, as an example of an intrusion that started with a breach of the firm’s terrestrially connected operations center but spread via satellite links throughout the company’s global operations and remote terminals.
“There is a perspective for those enterprises which work remotely and over the satellite connectivity that their obscurity protects them,” says Kasaboski. “But in many applications, the satellite is no longer working entirely in isolation. Maersk’s satellite systems delivered and received information from an infected terrestrial network and then became infected.”
The growing number of connected technologies and the continuous move toward cloud-based services further exacerbates the problem. According to Peterman, Viasat’s global network connects two million devices every day including commercial aircraft, maritime ships, residential and enterprise customers, senior leader, and military aircraft. Each connected node, Peterman says, presents a potential gateway for the attackers to get in.
Military Requirements Push Cybersecurity Envelope
The satellite operator also provides broadband services to the U.S. military as well as the Five Eye countries – an intelligence alliance comprising Australia, Canada, New Zealand, the United States, and the United Kingdom.
Serving government and defense customers, which commercial satcom providers see as a lucrative market, makes them a likely target of state-sponsored cyber villains but at the same time keeps them on their toes when it comes to cybersecurity.
Nicole Robinson, Senior Vice President (SVP) for global government at Luxembourg-headquartered satellite operator SES, says that security requirements of the U.S. government, which the company provides services to, challenges SES but at the same time give them an edge once other clients start asking for increased security.
“The U.S. government has some of the most unique secure communication requirements that we have come across,” says Robinson. “But in the last five or ten years, we are seeing other clients, including The North Atlantic Treaty Organization (NATO), increasing their expectations for secure communications, ground infrastructure and the like.”
According to Kasaboski, military satcom users are less likely to fall prey to cyber attacks such as the one on Maersk, thanks to their strict security procedures, established protocols, and demanding requirements placed on suppliers of equipment and communications services.
“Military hardware, software, and networks are designed with a greater deal of care and security, such that hacking would be much more difficult,” says Kasaboski. “In order to even qualify for partnership or contract, there is a serious vetting process undertaken.”
Attack Vectors
Graham Wright, SVP for security and cyber at London-headquartered Inmarsat, agrees that in the wake of recent high-profile cybersecurity scandals, the trend is for many clients to seek more secure services than they would only a few years ago.
Similarly to Viasat, Wright says that Inmarsat too sees a massive amount of attempted cyber intrusions taking place every day. “What we have seen over the past five or six years is a continued growth of the sophistication and capability of the adversaries,” says Wright. “The adversaries have various motivations, being it those who want to steal money, those who want to steal intellectual property, those who might wish to interfere with our services for either geopolitical reasons and political gain, or commercial and competitive gain.”
By far the most common avenue the attackers attempt to exploit to break into the company’s network is, according to Wright, social engineering — the use of deception techniques designed to manipulate employees into disclosing confidential information such as credentials enabling access to the network.
“The most common event that we are seeing is trying to take advantage of people via email,” says Wright. “That route of attack starts with email contacts, Short Message Service (SMS) contacts, and the social engineering, which enables them to subsequently have some mechanisms for stealing credentials.”
Attempts to insert malware through websites are also common, as well as accidental and deliberate policy breaches by employees, service providers, and contractors that introduce vulnerabilities potentially allowing the attackers to take hold. Inmarsat, Wright says, runs a cybersecurity operations center that employs 30 specialists that monitor the entire network connected to the firm’s 13 Geostationary Orbit (GEO) satellites and ground infrastructure.
Monitoring of the global cybersecurity threat landscape and sharing information with others in the industry helps the firm to stay on top of the problem, and even predict threats before they occur. Security clearances, segregated access to various systems, and platforms are all part of the measures designed to prevent breaches. There is, however, only so much that satcom providers can do, says Wright. “We can secure the satellites themselves, the ground infrastructure of those satellites, the network, the signal of those satellites but if someone — a ship or an airplane — doesn’t secure access to their own terminal, the data that comes to that terminal is not secure,” says Wright. “That’s a security issue for their company, not ours, but frequently the two of them get mixed up so we have to work with our partners to make sure that all of these things are in our mutual benefit.”
From Reactive to Proactive
Viasat, just like Inmarsat, manages all its cybersecurity operations in house, says Peterman. Over the past 25 years since the company has been providing services to the world’s defense forces, and the methods and approaches used by Viasat’s cyber defenders have evolved enormously.
“In the early 1990s, we were focusing mostly on developing certified Type-1 information assurance cryptographic security equipment for the U.S. government and the Five Eye countries,” says Peterman. “Later we had to move toward network security, then in the 2000s and 2010s to cybersecurity, active threat hunting, big data analytics, Artificial Intelligence (AI) and deep learning intelligence capabilities.”
The defense methods have grown in sophistication and complexity just as the methods used by the attackers. While firewalls, boundary protection, and perimeter defence may have been enough some 15 years ago, today the satcom providers run complex, layered, in-depth cyber defence systems and constantly look for innovations. “This is a campaign, not a battle,” says Peterman. “We treat it with seriousness and a sustained effort that’s appropriate in that context.”
In fact, Peterman says, Viasat has moved to something that resembles a counter war against the cyber attackers. Where in the past the cyber defenders were simply reacting to occurring threats and situations, now they actively seek and predict them to stay ahead of the attackers. Behavioural analysis, probabilistic algorithms, and other advanced tools allow the cyber defenders to apply protective measures even before an attack occurs.
“We move enormous amounts of data through our network,” says Peterman. “So when we apply data analytics and machine learning, we literally sift through terra and petabytes of data to identify potential intrusions. This way we can accelerate the learning curve associated with our understanding of adversary tactics, techniques and procedures.”
One of the newest tools in the firm’s cyber-fighting arsenal are so-called deception networks — automated systems capable of detecting advanced and yet unknown malicious activity. Instead of striving to keep the adversary outside, the deception technology expects them to get in and defeats them inside the company’s own cyber territory.
“Deception networks create doubt in the adversaries’ mind with respect to the legitimacy of the adversary’s intrusion into the network,” says Peterman. “It creates an opportunity to invert the offensive-defensive relationship and turn the cyber game upside down. We assume that the adversary will get inside a network and we design the network against that premise.”
Viasat, Peterman says, takes a holistic approach to cybersecurity. The entire system, including the satellites, terminals, gateways, and core nodes, is designed with cybersecurity in mind — from start to finish.
He agrees with Wright that social engineering attempting to exploit the weaknesses of the human element is a major issue. Continuous training, education, and evaluation of the workforce, together with policy measures such as segregation of information and internal classification of information, is therefore an integral part of the firm’s cybersecurity strategy.
Safer Orbits
SES’ Robinson agrees that cybersecurity requires a complex approach. Every component of the architecture has to be designed with cybersecurity in mind, including encryption of data and protected hardware and software, she says.
For SES, the size of their fleet is a big advantage as attackers can never be sure which satellite is being used for a particular client and where the valuable data is being located at any given moment, she says.
SES’ GEO fleet currently consists of 50 satellites. On top of that, the company operates 16 Medium Earth Orbit (MEO) satellites comprising the O3b constellation.
Robinson says that SES has greater concerns about the security of its GEO fleet than the MEO O3b fleet. “Our MEO satellites are naturally jam resistant,” she says. “In this orbit, they are constantly moving, and this makes any unauthorized intervention from third parties very difficult compared to the GEO satellites.”
As an example of improvements in security of geostationary satellites, Robinson names Govsat-1. The satellite, launched in January this year and jointly owned by SES and the government of Luxembourg, is one of the most secure commercial satellites in the market, Robinson says, featuring anti-jam capabilities and encrypted command and control.
But there is no time for anyone to get complacent. Kasaboski says that no matter what the technology advancements and the sophistication of the defense mechanisms, hackers are resourceful. “They almost always catch up,” he says. “Even if it seems impossible.”
Going Quantum
Cybersecurity is a constant battle between malicious actors and cyber defenders. The rise of quantum computing, anticipated in the next few years might completely shake up the battlefield. Complex mathematical algorithms that form the basis of current encryption techniques might be weak against super-powerful quantum computers of the future. Researchers are therefore looking for new ways to protect sensitive information.
A technique known as quantum key distribution has been widely studied and is believed to be inherently unhackable. It enables the authorized parties to exchange secret encryption keys encoded into quantum states of photons.
An attempt to eavesdrop on the communication would change the state of the photons and render the key invalid. The two parties exchanging the message would be immediately alerted to the fact that someone is trying to spy on their communication.
Quantum key distribution already works in optical fiber. The distance for which the signal remains clear in the fiber, however, is limited to only a few hundred kilometers. Previous studies have shown that quantum keys could be successfully distributed via satellites all over the world without the need of building costly ground-based infrastructure.
In June this year, SES launched a project called QUARTZ (Quantum Cryptography Telecommunication System) that aims to develop a commercially viable space-based quantum key distribution service within the next couple of years.
The project, partly funded by the European Space Agency (ESA), involves a multitude of European partners including Airbus subsidiary Tesat-Spacecom, which develops laser terminals for the SpaceDataHighway — an Airbus-run data relay system that enables exchanging large amounts of data between Low Earth Orbit (LEO) and GEO satellites using the optical technology.
Last year, a German-led experiment confirmed that the existing Tesat-Spacecom terminals would be capable of distributing quantum-encrypted keys with only minor technology enhancements.
“We are now designing and developing the satellite service architecture,” says Robinson. “Following the architecture design finalization, we will move towards the identification of a satellite or a space-based asset to test the new technology from space.” She added that the quantum key distribution payload would likely be placed on one of the future MEO satellites to be launched by SES in the next couple of years. VS