Satellite Operators Respond to Cyber Threats in a Rapidly Changing Environment
With the satellite ground segment increasingly in the attack zone, industry leaders debate cyber strategy in a rapidly changing threat environmentJuly 24th, 2023The satellite industry had a wake-up call earlier this year when the Russian government waged a cyberattack against a commercial satellite operator on the eve of its invasion of Ukraine. The targeted ground station attack on Viasat’s KA-SAT network resulted in tens of thousands of modems shutting down in the besieged country, severing satellite broadband service to users, including parts of Ukraine’s defense staff. It also affected many other European nations, including disrupting power generation in Germany.
It’s not the first time adversaries have targeted commercial satellite companies, nor would it be the last. There were also reports from that time that Russia intensified its attempts to jam SpaceX’s Starlink satellites in the Ukraine, and there are reports of multiple attacks on space systems this year. These cyber-attacks – whether successful or not – irrefutably demonstrate that commercial satellite infrastructure is fair game in geopolitical conflicts, especially when instigated by autocratic regimes.
“Clearly, our adversaries are focused on the asymmetric advantage that the United States has with its very robust space capabilities and they’re willing to exploit that,” says Charles Beames, chairman of York Space Systems and SpiderOak Mission Systems, a space cybersecurity provider specializing in zero-trust software.
“These state-sponsored back groups are very advanced – they have deep pockets and a lot of capabilities, and every program needs to have that on their radar,” says Vinit Duggal, a two-decade veteran of Intelsat who serves as both vice president of Network Engineering and chief information and security officer (CISO).
Any satellite operator or service provider will face exposures on their network at any given time, Duggal says. “You may not have exposure today, but the next day your system is exposed. That’s why a layered security strategy must be part of your program.”
“In the cyber domain, nothing is invulnerable,” agrees Craig Miller, president of Viasat Government Systems. “Satellite assets, both on the commercial and the defense side, can expect to be targeted in events like this.”
Viasat’s investigation into the KA-SAT attack found that an attacker exploited a misconfiguration in a VPN appliance to gain remote access, and then executed commands on a large number of residential modems. At the time of the Viasat attack, a third party operated the KA-SAT network.
According to Bob Gourley, CTO and co-founder of OODA, a global cybersecurity consultancy, this aggression is not unexpected since space systems have been under attack for years. What has changed is public awareness of the threat and industry commitment to do something about it.
“The increased focus and desire to stop these attacks is not because our adversaries have changed but because we’ve changed,” says Gourley.
The Evolving Threat Landscape
When it comes to the threat environment, a front-on attack of an orbiting satellite may not be the first choice of aggressors. As the recent attacks attest, “satellite assets will be targeted without directly going after the satellite,” says Miller.
“Too many people focus on the Star Wars aspect of the Chinese being able to knock down satellites,” agrees Bill Woodcock, executive director of Packet Clearing House, an international organization responsible for providing operational support and security to critical Internet infrastructure worldwide.
“I’m a lot less concerned with physical attacks against satellites themselves. The subscriber ground stations are really where we’re likely to continue to see attacks ― they’re far easier to attack, each customer site typically only has one, so no redundancy there, and there’s no blow-back from creating more space-junk,” Woodcock says.
In his opinion, nation-states don’t want to risk the diplomatic and public repercussions of openly taking out an orbiting satellite, since doing so creates orbiting debris, which is already a hazard.
“A kinetic attack against a satellite is like the nuclear option of satellite conflict, whereas cyberattacks against ground stations are unlikely to provoke major condemnation,” Woodcock says. “If you were going to start trying to knock SpaceX satellites out of orbit, you would have a lot of work to do before you had any effect.”
The global IT expert is well studied in the practices of state-sponsored cyber-attacks: He was one of two international liaisons who assisted Estonia when Russia launched the first major state-on-state cyberattack in 2007 that led NATO to build the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. He’s also an expert on country-level domain protection. For the last 15 years, his non-profit has provided the domain name service and high-security configuration for .ua, the Ukrainian top-level domain, which Woodcock says has not yet been overtly targeted in the current conflict.
He contends that, as the satellite industry faces constant pressure to achieve consumer-level pricing on ground terminals it may decrease investment in security — with potentially dangerous consequences.
“Given the degree to which satellite connectivity is used for the command-and-control systems of other critical infrastructure, and how geographically diverse a lot of the customer locations that can’t be served by fiber are, satellite operators really need to treat this as critical infrastructure defense, rather than as a consumer-grade access technology,” Woodcock says.
Woodcock hopes that companies will invest more in IT/cybersecurity staff who can test a company’s client devices and network infrastructure for vulnerabilities, and ensure that security patches are applied promptly across fleets.
Another serious threat to commercial satellites involves the James Bond kind: spies from hostile nations infiltrating companies to gain access to IP and networks.
“This is really a serious threat. It’s not just about hacking from the outside,” Gourley warns.
Duggal agrees, noting, “An insider is always going to be a big threat, but there’s ways to mitigate that as well.”
Duggal notes that while an admin needs control of a system to do their job, companies can put the right logging and auditing in place where they are alerted if the admin changes a setting in the system or other unusual or suspicious action. The key is to assign another group to do the monitoring or logging, where there is a clear separation of duties. He points to Microsoft and Cisco, which faced these challenges in the 1990s and early 2000s and have become much better at defending their IT infrastructure.
“Security is part of the technology conversation and everybody in the vendor ecosystem needs to pay attention to it. As an operator, I build all my solutions from these ecosystem partners. They all need to look at security internally the same way I’m looking at it as I’m building these aggregated solutions,” he adds.
Some satellite leaders argue that their networks are inherently less vulnerable to attacks since they are public and often targeted with repeated cyberattacks compared with the more insulated non-public defense networks.
“A lot of times purpose-built military capabilities are segmented networks where only a few users have access to them. They are not connected to the internet so they have the illusion of boundary security,” says Viasat’s Miller.
Beames agrees that governments satellite networks have proven to be vulnerable as well. He cites the costly delays from the GPS Next Generation Operational Control System, or OCX, built to modernize the United States’ GPS network, as an example of the government trying to keep up with the evolving cyber threat.
“The cyber threat is evolving with Moore’s Law – every year there’s more and more sophisticated software tools and we just can’t keep up anymore,” he says.
In contrast, commercial satellite operators say their networks are more equipped to deal with the fast-evolving threat of hackers since they remain connected to the internet every day.
“We see billions of individual malicious events on our network every day, which has roughly a million users on it, from residential users to commercial aircraft, boats and Wi-Fi sites,” says Miller, explaining that Viasat responds to those attacks with a set of dynamic analytics capabilities, some of which are custom and proprietary, and all “meant to deal with those events in real time.”
Meeting the Threat With Cyber Resiliency
To deal with today’s cyber threats, the U.S. government, which relies heavily on commercial satellite capacity and capabilities, is sharing more intelligence than ever, notes Duggal.
Space companies are now coming together and sharing information about threats directly. One exciting example is the Space Information Sharing and Analysis Center (ISAC) that launched in 2019, with founding members that include SES, Microsoft, L3 Harris, The Aerospace Corp, Kratos, Lockheed Martin, MITRE, and Northrop Grumman, among others.
ISACs were originally conceptualized by the government in 1998 to improve cybersecurity but needed industry support to take off. Today, all major infrastructures now have an ISAC.
On the government side, CISA formed a Space Systems Critical Infrastructure Working Group last May. Composed of both government and industry members, the working group is identifying and developing strategies to minimize risks to space systems that support the nation’s critical infrastructure.
Jim Platt, acting associate director for Planning and Coordination and co-chair of the Space Systems Cross-Sector Working Group at CISA explains that working group partners are working “to understand the risk and ensure the space enterprise is aware of the tools we have available.”
Organizations should “seize the opportunity to make fundamental improvements and work together to secure networks, systems, data, and way of life from cyberthreats,” CISA advises.
“Cybersecurity requires a whole-of-government and whole-of-society effort. The prospect of cyberattacks, whether by nation-state or non-state actors, will not dissipate anytime soon,” Platt explains.
Since January, CISA has issued Shields UP alerts to the commercial sector, outlining specific cyber threats the agency has identified.
“It’s the first time I’ve ever seen [the government release] specific actionable security intelligence that a commercial company can use,” Duggal says.
The private sector tends to use software-based solutions to guard against threats, which allow for rapid upgrades and patches without reliance on hardware.
Beames is an advocate of zero-trust, a design philosophy that only trusts the data recipient – no one else. That foundational view results in a different cybersecurity architecture, he says. The banking sector has begun to embrace that philosophy as well, and he believes it needs to happen in the space industry.
Beames notes that as more networks talk to networks, and more devices touch the data stream, there is “a geometric increase in the number of attack surfaces with the addition of every new app or device in a network,” making it increasingly impossible to protect these networks – whether it be firewalls or crypto gear.
“As a design approach, companies and governments must now assume their hardware and mission software will eventually get compromised. Securing the data records themselves that exist within the network is the best, and perhaps only way to guarantee cyber security in this new era,” he says.
He explains that even if a space operator’s supply chain is compromised, if the company has invested in a true zero-trust architecture design, any endpoint user in the network will be secure because the solution protects the data itself.
A space cybersecurity company, Spideroak Mission Systems is working with customers, including the U.S. special ops community, on how to deploy zero-trust software that Beames says will ultimately be deployed across the Department of Defense. The startup applies blockchain technology – or a distributed ledger – to provide security at the data packet level. Because it’s a distributed ledger, these data packets can be re-keyed in real time, Beames says.
“It is the future – it has to be. We must get away from this idea that we need hardware firewalls. Also, today’s generation Z wants to use the same devices that they use in their personal life. We have to meet the customers where they are,” Beames says.
Gourley also believes in a zero-trust architecture. He offers three priorities for commercial space players to be more prepared for today’s cyber threat realities: follow best practices to make a company establish a zero-trust architecture; ensure one’s company has good security policies that follow the government guidelines and requirements; and share information.
“Nobody can defend your own enterprise by yourself – that’s why ISACs are so important,” Gourley says, adding that following best practices and focusing on leading edge security designs are also critical.
All the satellite companies concur that it’s not enough to put these policies in place – resilience requires investing in vulnerability testing.
Even smaller satellite players can build an internal posture assessment to assess threats against their network, says Duggal. The issue that gets in the way is that startups and new entrants are focused on building new products to generate revenue so fast that security can get neglected.
“These companies are trying to get out to market so quickly that they overlook some basic security fundamentals,” says Duggal. “If they take a few steps back and pay attention to certain guidelines, they will address 90 percent of security problems.”
Gourley concludes with this final advice: “We should not believe that [our adversaries] will do things as we would. You’re not going to be able to count on any government to protect you. You need to engineer systems that make it hard for adversaries to attack. Build secure systems and test them. Make sure the team you’re working with to do red teaming understands the techniques of these adversaries so they can replicate it before the real adversary strikes.” VS