WASHINGTON — Satellite communications companies said this week that new guidance from the FBI and the Cybersecurity and Infrastructure Security Agency asking the industry to lower its threshold for reporting signs of possible cyber intrusions is a good step. towards raising awareness of malicious activities and holding malicious actors accountable.
On March 17, the two agencies issued an alert regarding a possible threat to U.S. and international SATCOM networks and recommended a number of mitigation measures for network providers and customers, including the use of secure authentication and additional “abnormal traffic” monitoring. President Joe Biden further underscored the threat this week, telling a group of business leaders on Monday, “Russia may be planning a cyberattack against us.”
The warnings follow reports of thousands of distributed denial-of-service attacks on Ukrainian systems as well as a cyberattack on communications provider Viasat’s KA-SAT system that occurred in late February, just when Russian forces began their invasion of Ukraine. The satellite system provides high-speed Internet coverage to users in Europe and the Mediterranean.
U.S. intelligence agencies continue to investigate the incident, and Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, said this week during a White House press briefing that the government had not yet attributed the attack.
Craig Miller, president of government systems at Viasat, told C4ISRNET this week that the company had identified a root cause, put mitigations in place, and was “getting users back online by the thousands a day.” The attack, the company said, did not impact the satellite or its backbone network infrastructure and did not compromise user data.
“Throughout the entire time, we’ve always had a large number of users operating in the region,” Miller said. “Some have been taken offline, but we are repopulating all these terminals and in a few weeks all terminals will be replaced and each user will regain their capacity as before.
While Viasat typically operates its own networks, Miller noted that the KA-SAT network is currently operated by a subsidiary called Skylogic and has a different set of security and tools than networks operated by Viasat.
“We believe that the networks operated by Viasat have never been vulnerable to an attack like this,” he said.
Incident reporting standardization
Miller said Viasat supports CISA’s recommendation that companies lower their threshold for reporting cyber incidents, in large part because events like this are often accepted as routine business rather than a serious breach of privacy. security.
“I really applaud CISA for saying to lower the reporting threshold because we should be holding these actors accountable,” he said. “There’s kind of a perception that it’s just OK. But if I broke into your house and broke down your door, the police would show up.
Neuberger echoed that sentiment this week, noting that while CISA has detected recent “preparatory activity” for a potential cyberattack, the call to action for network owners should continue even beyond the current enhanced security environment.
“Every day there should be a call to action,” Neuberger told reporters. “We take the opportunity of this evolving threat intelligence regarding potential cyberattacks on critical infrastructure to reiterate. . . specifically to owners and operators of critical infrastructure to say, “You have a responsibility to take these steps to protect the critical services that Americans rely on.”
Sam Costa, a space intelligence officer for the director of national intelligence, said Wednesday that the defense and commercial space industry base may feel there will be repercussions from reporting cyber threats.
Speaking on a panel at the Satellite 2022 conference here on Wednesday, Costa said companies should stay engaged with the FBI and CISA going forward and continue to report incidents.
In some cases, better collaboration between government and SATCOM providers could improve incident reporting. Pete Hoene, CEO of SES Government Solutions, said the Combined Space Force Component Command’s Business Integration Cell at Vandenberg Space Force Base in California enables some of that partnership and information sharing on things like electromagnetic interference. and radio.
“We actually have a person from the Commercial Integration Unit on the [top secret/sensitive compartmentalized information] floor that works on observing EMI and RFI disturbances, trying to geolocate them, and then trying to make sense of them,” Hoene said during a March 23 panel at the Satellite 2022 conference. “This information is shared to some extent. There is some sensitivity there, but I think it’s an improvement and the inter-agency processes have also improved over the last few years.
Along with the growing partnership on the operations side, Hoene said there is a need to establish long-term cooperation on requirements and procurement so that companies can ensure they are investing in the kinds of resilient capacities that the government needs. He praised the efforts of the Space Force Commercial SATCOM Office – the entity responsible for purchasing commercial SATCOM services – but said companies needed more flexibility and appropriate contractual structures to meet service needs.
For SATCOM operators and users, resiliency measures can range from things like cyber-hygiene and automated network monitoring to the availability of a diverse network of providers operating in multiple orbits.
Miller said that for the Department of Defense, having the “optionality” that comes with multiple vendors operating in different frequency bands is a key line of defense against a range of threats – from cyber disruptions and jamming. from satellites to kinetic attacks.
“The more you diversify it and the more options you create, the harder it is for the opponent,” he said.
Viasat is under contract with the Air Force Research Laboratory to explore how hybrid or diverse satellite communication architectures can help make DoD systems more resilient. AFRL awarded the $50.8 million contract in 2021, and Miller said the company was developing several proof-of-concepts in the ground and space domains.
Rick Lober, vice president and general manager of defense and intelligence systems at Hughes Network Systems, told C4ISRNET this week that the company recently demonstrated the ability to switch Internet traffic from a satellite based in geosynchronous orbit to a satellite in low earth orbit and to share the traffic between several orbits.
The demo was aimed at commercial users, but Lober noted that it applied to military customers as well, especially when it comes to resiliency.
“The military can do this to make it very difficult to determine which path the signal is actually following,” he said.
Courtney Albon is C4ISRNET’s Space and Emerging Technologies Journalist. She previously covered the US Air Force and US Space Force for Inside Defense.