The CISA and FBI have warned that SATCOMs are likely targets to cyber attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an alert pertaining to threats to both US and international satellite communication (SATCOM) networks on 17 March 2022.
This follows an attack on commercial satellite operator Viasat, which caused a partial outage of its KA-SAT network in Europe. SATCOMs are critical during time of warfare.
KA-SAT provides broadband internet to European and Mediterranean markets. The service was launched in May 2011.
According to NetBlocks, an internet monitoring group, the satellite operator’s KA-SAT network remained heavily impacted on 15 March 2022, 18 days after it was targeted by a cyber-attack.
This was one of “several incidents” the group observed as Russia launched its invasion of Ukraine on 24 February 2022.
On 11 March 2022, Reuters reported that the US National Security Agency, French government’s cyber security organization and Ukrainian intelligence were investigating the remote sabotage of “a satellite internet provider’s service” which they say was the “work of Russian-state backed hackers preparing the battlefield by attempting to sever communications”.
A statement from ViaSat stated that disruption was caused by a deliberate, isolated and external cyber event – no other details have been disclosed.
Preparing for SATCOM cyber-attacks
The CISA and FBI alert says that organizations ought to significantly lower their threshold for reporting and sharing indications of malicious cyber activity.
In addition, the CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in the 17 March joint Cybersecurity Advisory (CSA).
This includes:
- Putting in placed additional monitoring at ingress and egress points to SATCOM equipment
- Using secure methods for authentication and not using default credentials or weak passwords
- Reviewing trust relationships with IT service providers
Enforcing the principal of least privilege through authorization policies - Monitoring network logs for suspicious activity and unauthorized or unusual login attempts
- Implementing independent encryption across all communications links leased from, or provided by, an organization’s SATCOM provider
- Strengthening the security of operating systems, software and firmware