10 Defining Moments in Cybersecurity and Satellite in 2022

Via Satellite highlights 10 defining moments in cybersecurity and satellites for 2022. Some have a direct satellite link. Some were huge events in the cybersecurity arena that got people in the community talking. July 24th, 2023
Picture of Mark Holmes
Mark Holmes

The topic of cybersecurity for space assets is now one of the key conversations in the space industry, and virtually every space event in 2022 addressed the issue. In 2022, for the first time ever, Access Intelligence hosted two major cybersecurity and satellite events, CyberLEO in Los Angeles in May, and CyberSatGov in Reston in October.

In a new feature, Via Satellite highlights 10 defining moments in cybersecurity and satellite for 2022. Some have a direct satellite link. Some were huge events in the cybersecurity arena that got people in the community talking.

Viasat Hack Sends a Clear Message to the Industry at the Start of Russia’s War in Ukraine

There really is only place to start, and it is a story that would feature in major cybersecurity stories beyond the satellite industry. Russia’s invasion of Ukraine meant satellite assets and infrastructure became targets. Viasat saw a deliberate attack on its KA-SAT network in February 2022, which affected modems across and Europe.

Describing the attack, Viasat said malicious traffic was detected on modems in the Ukraine in a targeted denial of service attack. The attack impacted a majority of the previously active modems within Ukraine, affecting several thousand customers, and a substantial number of additional modems in other parts of Europe, affecting tens of thousands of fixed broadband customers. Viasat said the network was mostly stabilized within hours and fully stabilized within several days.

However, the attack showcased for the first time just how much of a target that satellite infrastructure and assets have become. It changed the whole tone of the conversation. It was no longer a conversation of “if” satellite networks get hacked, or “when” satellite assets get hacked, but it was now a reality. Any doubt that space assets would be immune was banished in the first quarter of last year.

Phil Mar, Viasat Government Systems CTO, told Via Satellite there were a number of takeaways from the KA-SAT network attack both from a technical perspective and a non-technical standpoint. On the technical side, Viasat has been active leveraging what it has learned to make changes to its directly managed and partner operated networks, as well as sharing this information to help others further enhance their network security and mitigation capabilities.

“Our approach to sharing technical information with law enforcement, government and intelligence agencies, and other commercial providers, including competitors, proved to be extremely important and valued. In terms of response, we experienced how important it is to have highly experienced and skilled cyber engineering and forensics teams in house. These teams were instrumental in quickly analyzing and understanding what happened, which enabled us to largely stabilize the network within hours and fully stabilize it in a few days,” he added.

It has become a key reference point for our industry, and signaled the starting point of a new era of space-based cyber-attacks. More broadly, for Viasat and the satellite industry, Mar says we have seen commercial satellite communications and other civilian critical infrastructure become a more common and higher profile target.

“Perhaps most important, the attack is another illustration of the need for greater emphasis on enabling multi-network options to increase satellite communications resiliency. There is no silver bullet solution that will offer an impenetrable network, but the right space architecture can make it extremely difficult and costly for an adversary to achieve its objective,” he says.

Belgian Researcher Spends $25, Hacks Starlink

Starlink has been constantly in the news over the last 12 months, particularly as regards its efforts in Ukraine. It has provided satellite connectivity in Ukraine at a time when it was most needed. Naturally, it has a huge target on its back. In August, Lennert Wouters, a cybersecurity expert from KU Leuven University in Belgium showed it was possible to hack a Starlink satellite dish. He showcased his findings at BlackHat in Las Vegas last year, and he revealed it cost him just $25 to acquire the parts to do it. He also gave a detailed interview to Wired talking about it, as well as his thought processes behind exposing certain security flaws.

Wouters told Via Satellite, despite his success, he was actually quite surprised at the level of security in the Starlink system.

“You don’t know how easy it will be to break something like this. You have no clue how much security went into it. In this case, they had more security in there than I expected to be. It took me fully down the rabbit hole to get the attack working. I am really proud of this work. Compared to previous work I did, those products usually turned out to be less than secure than I expected. In this case, it was the other way around. It was way more secure than I initially expected. In many ways, it is a good example for other companies to build a secure system,” Wouters said.

He described his interactions with SpaceX as “very positive.” Wouters mainly interacted with engineers and he said a few SpaceX engineers were “quite surprised” that he had been able to do this and were very interested in how he did it. While Wouters is clearly not the average Starlink subscriber, the fact he was even able to do a hack like this and highlight hardware vulnerabilities made global headlines. Starlink’s role in Ukraine has only made it more of a target, and Russian Government officials have made it clear that satellite networks are legitimate targets, and there is no bigger target than Starlink.

The Uber Hack

Every year now we can expect to read major stories of companies and organizations being hacked. It is a part of modern life. While what happened to Viasat was undoubtedly the story in the satellite sector, there were a number of other major incidents. In January, last year, Crypto.com was hacked in an incident that cost millions of dollars. Costa Rica was the victim of an extraordinary hack, as it saw its Ministry of Finance website hacked. Conti, a notorious group of Russian hackers were responsible for the hack.

One that created the biggest headlines was a hack of Uber, one of the most talked about transportation companies of the last decade. Camille Singleton, senior strategic cyber threat lead for IBM’s Security X-Force Threat Intelligence said this was one of the most significant incidents of 2022.

“The Uber hack is instructive for several reasons. First, it was conducted by Lapsus$, a threat group made up primarily of teenagers in the U.K. Lapsus$ excels at social engineering, including using social engineering to circumvent multifactor authentication (MFA). Even as security tools improve, social engineering techniques are also becoming more savvy and persuasive, which should act as a forewarning to other organizations,” she said. “Second, Lapsus$ members appear to be motivated by ego, in addition to money, and particularly in the case of Uber they allowed the details of their attack to play out on the public stage. Not all significant cyber incidents become publicly available in such detail, but when they do, organizations should take advantage of the opportunity to understand what happened and consider ways similar attacks can be prevented in the future.”

ChatGPT

Artificial Intelligence is big part of the cyber world and an organization called OpenAI in November last year announced a new AI chatbot, ChatGPT (Generative Pre-Trained Transformer), that some believe will change the way businesses work. Bob Gourley, CTO and co-founder of OODA LLC., and a regular speaker at CyberSatGov, believes ChatGPT could have a huge impact. The new chatbot has been made using OpenAI’s GPT-3 technology. He called it a “gamechanger” as it allows anyone with internet access to leverage a powerful conversational AI capability.

Gourley says ChatGPT took the internet by storm for two reasons. Firstly, it was easy to use, which has long been the goal of the AI discipline called Natural Language Processing. “Never before has such a powerful AI been so easy to use, and secondly ChatGPT system was able to use the incredibly well-trained AI model from OpenAI called GPT-3 (third generation). This AI is focused on understanding and responding to text inputs,” he says.

While GPT-3 was trained on 45 terabytes of data, the next edition, GPT-4, is being trained on 100 times more data and expected to be 100 times more powerful.

“In terms of the impact GPT-3 impact on satellite industry, we could see faster, more agile tracking of mission needs and customer requirements,” Gourley says. “Secondly, we could see faster engineering of solutions including comparison of design trade-offs. Finally, we could see improved ability to defend against agile threats.”

Fancy Bear

It seems clear that Russia has stepped up its cybersecurity attacks in the wake of its invasion of Ukraine. A Russian military group known as Fancy Bear, (or APT28) has been suspected of infiltrating U.S. government networks. Dave Pearah, CEO of cyber firm SpiderOak said that Cybersecurity and Infrastructure Security Agency (CISA) researchers discovered suspected Russian hackers hiding inside a U.S. satellite network, which he says sounded alarm bells about U.S. adversaries and their activities to infiltrate and disrupt the rapidly expanding space economy. He added, “For years, the government has known that rival state actors have been using advanced persistent threats or APTs in attempting to penetrate U.S. space-based systems. But this is the first time that our government has acknowledged it and then called them out publicly by name for it. This indicates not only a shift in the evolution of cyber warfare itself but also a maturing of U.S. cyber deterrence strategy.”

DoD Adopts Zero Trust Framework

New frameworks and roadmaps are part of the cybersecurity world. There were some significant new releases in 2022. In November, the U.S. Department of Defense released its Zero Trust Strategy and Roadmap. The DoD intends to implement Zero Trust capabilities and activities by FY27. The strategy envisions a DoD information enterprise secured by a fully implemented, department-wide Zero Trust cybersecurity framework that will reduce the attack surface, enable risk management and effective data-sharing in partnership environments, and quickly contain and remediate adversary activities.

Daniel Gizinski, president of Comtech Satellite Network Technologies, said this new Zero Trust framework is a critical part of the shift from perimeter-based defenses to a proactive model that embeds security throughout the network. He says, “Satellite networks in particular have relied on the assumption that traffic inside a boundary was legitimate, rather than re-validating at each step along the way. We can look at scenarios like the Viasat compromise in Ukraine, where a system built on the zero-trust architecture may have limited the blast radius as re-validation and re-authentication steps were required.”

Gizinski believes that this Zero Trust Architecture brings the U.S. DoD into the modern era of cybersecurity, focusing on building a culture of good cyber discipline rather than relying on a largely rules-based framework. “As large-scale networks leveraging IoT-type capability come online, the attack surface grows exponentially. The approaches outlined in the framework provide for a resilient and secure network today and into the future,” he adds.

Programming Languages

Bad actors are always looking for new ways to penetrate networks. Threat actors’ use of novel programming languages to create malware that will evade detection is a trend Singleton says IBM Security X-Force malware researchers have been tracking for at least three years now. She noted that in 2020, X-Force researchers were seeing that that many malware developers gravitated toward the Golang programming language, and then in 2021 Nim became a popular language to evade detection. “In November 2022, X-Force published about how RansomExx and other malware are now using the Rust programming language. As time goes on, this trend of novel programming languages is likely to become more widespread and used by a majority of threat actors. On the side of defense, we need to identify ways to adjust nimbly to a wide and growing number of programming languages for malware if we want to be able to continue to detect and eradicate malware quickly,” Singleton added.

Cybersecurity Preparedness Act

In December 2022, U.S. President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act, another piece of major legislation in the area of cybersecurity. This act encourages the federal government to adopt technology that is protected from decryption by quantum computing.

This was hailed as a major piece of legislation. Eddy Zervigon, CEO of Quantum Xchange said the Act “reinforces” what Quantum Xchange has been warning since its inception in 2018 – the time for organizations to inventory their critical data and start migrating to quantum-safe encryption is now.

Zervigon says if the past has taught us anything it’s that these crypto migrations can take years, even decades to be fully completed and they are fraught with unforeseen challenges and risks. He says that U.S. adversaries are hard at work advancing their own encryption-cracking capabilities and are currently engaged in harvest now, decrypt later attacks — storing encrypted data until the day when a quantum computer or other method can be used to break then encryption.

“Just recently Chinese researchers claimed they will very soon break RSA public key encryption using a hybrid of current classical and quantum computing technologies. If true, this would bring catastrophic consequences to the nation’s security and economic stability,” he adds.

Zervigon believes the Cybersecurity Preparedness Act is a good start and it will prompt federal agencies to act and hopefully spur commercial industry to do the same. “Nowhere is this more important than the commercial satellite industry, where development cycles are years in the making and the risk of compromise is existential. In addition, satellites communications are no longer confined to a single ground station or network of stations. Satellites now need to connect on an ad-hoc basis to new third-party ground terminals, as well as to third party satellites in space as part of inter-constellation communications. The current satellite encryption architecture cannot support these scenarios in a secure and scalable manner,” he says.

The Rise of the Nation-State Actor

2022 was the year the nation-state cyber actor gained in prominence, and ushered in a new era of cybersecurity. It is also clear as nation-states become more involved in these areas, space will be seen as a critical infrastructure to attack. Greg Falco, space tech & cybersecurity assistant professor for Johns Hopkins, thinks the uptick in nation-state actors is a function of increased desire for signaling. “There are always cyberattacks happening in the background, but recently nation states are trying to demonstrate their strong cyber posture — not necessarily as a deterrent, but as a show of strength and capability. This signaling is especially important during geopolitically tense periods as we are currently living in,” he says.

Falco expects that we will see more nation-state activity in 2023, as signaling from one country is always met by a signal from others. He calls it a matter of one-upmanship. “It's not like nation-state activity is new ... it's just more brazen where an attacker claims responsibility or they are intentionally sloppy covering things up,” he says.

The Birth of CyberLEO and Re-Emergence of CyberSat

With incidents involving the likes of Viasat it is clear that the days of thinking space is immune from cyberattacks is over. At World Satellite Business Week (WSBW), last year in Paris, Ruy Pinto, CTO of SES perhaps said it best when he told the event: “Cyber has arrived in space and here is stay. What happened in Ukraine with Viasat, means it is here to stay. We need to look at new approaches for legacy assets, and this is not an easy job.”

Events like CyberLEO, launched last year in May in Los Angeles and CyberSatGov in Reston, Virginia, will play a vital role in bringing stakeholders together, fostering community, and helping provide vital intelligence to satellite companies as they look to build a secure future. One of the trends we have seen over the last year as a result of Russia’s invasion of Ukraine is an upswing in military and defense spending across the world. However, with new opportunities, brings new responsibilities and threats. Events like CyberSatGov and CyberLEO play a vital role against this backdrop, bringing together the space industry, end users and governments to talk about how we can all have a secure and prosperous future. VS