Cyber warfare gets real for satellite operators

by
Recent network attacks in Ukraine have been 'an eye opener for everybody'

WASHINGTON — The U.S. government on March 17 advised satellite operators to put their guard up in the wake of a cyberattack that disrupted internet services in Europe provided by Viasat’s KA-SAT.

“Given the current geopolitical situation, the Cybersecurity and Infrastructure Security Agency requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity,” said CISA, an organization within the Department of Homeland Security. 

Following CISA’s advisory, the Satellite Industry Association on March 18 issued a statement of “commitment to cybersecurity best practices” and expressed concern about “evolving attacks by criminals, terrorists, and nation states.”

The February cyberattack on Viasat’s network, first reported by Reuters, is being investigated by French, U.S. and Ukrainian intelligence services as a potential act by Russian hackers.

Viasat in a statement last week said the company believes “this was a deliberate, isolated and external cyber event” and customer data was not compromised. Because the attacks directly targeted modems, the company is providing some customers over-the-air updates and replacing other customer modems. 

Our commercial network is very well secured and we’ve learned a lot of lessons over the last few weeks,” Craig Miller, Viasat’s president of government systems, told SpaceNews.

Miller said he could not discuss details of the KA-SAT incident. Any attack on a network is a reminder of why satellite operators pursue “multifaceted strategies” to protect their systems, he said. 

“Any network is only as strong as its weakest link. In some cases, that may be the satellite, in some cases that may be the terminal. In some cases, it may be the ground infrastructure. Or it may be the cyber posture of the system,” Miller said. “So you have to protect against every one of them because you’ll get attacks across the whole spectrum.”

Government concerns

The resilience of satellite networks is becoming a major concern for the Defense Department, which relies on a mix of government-owned and commercial satellites for internet and global communications.

Miller said military communications services are resilient by virtue of using multiple providers that operate satellites in different orbits. “I think resilience through diversity is going to be a hot topic,” he said. “I’m encouraged to see that the DoD is investing in geostationary, medium and proliferated low Earth orbit satcom simultaneously. I think it’s important that you don’t throw all your eggs in one basket and that’s going to be an important conversation.”

While the KA-SAT disruption was caused by a cyber attack, a different type of satellite internet system, SpaceX’s Starlink in low Earth orbit, experienced “signal jamming” in user terminals in Ukraine, according to CEO Elon Musk

Electronic radio-frequency jamming is typically done from the ground when a jammer sends a signal to the satellite that’s more powerful than the terminals. “A simple analogy is two people are in a room whispering to each other. If someone next door to them is screaming and you can’t hear the two people whispering because someone is much louder, and that’s how jamming works,” Miller explained. 

The U.S. military has to worry about all types of threats, he noted. Not just cyber and jamming attacks but also kinetic threats such as ground-to-air missiles that can blow a satellite to pieces.

“It’s virtually impossible to build a single system that is resistant to all threats simultaneously,” said Miller. “Some systems may not be as resistant to jamming but may be very resistant to cyber. Even the military’s most exquisite satellites “can be destroyed with an ASAT [ant-satellite] weapon and you only have to shoot out a couple of satellites and the whole system’s gone.”

Viasat is working with the Air Force Research Laboratory under a seven-year $50.8 million contract to develop concepts for “hybrid networks” of commercial satcom and government-owned satellites. 

DoD wants hybrid networks because it allows them to take advantage of commercial systems and gives them options especially in a crisis, said Miller. “DoD is embracing the concept of using lots of different services at different orbits and at different frequencies and that’s really the key to resilience, it’s having optionality and freedom to maneuver.”

Under the AFRL contract, Viasat will conduct demonstrations of hybrid networks. “They will see how difficult it is to disrupt these types of communications, and how difficult it is for an adversary to even know if their effects are working, because you don’t even know what networks users are on.”

Stronger security in commercial satellites

Ryan Reid, president of Boeing Commercial Satellite Systems, said commercial operators have the same concerns the government has about resilience.

Boeing builds jam-resistant satellites for the U.S. military and many of the technologies are being applied on the commercial side, Reid told SpaceNews

Techniques like beam shaping and frequency allocations give a commercial operator the ability to actively manage interference, said Reid.

The military is increasingly interested in using commercial assets so it’s incumbent on commercial operators to provide “protected features” to add resilience, he said. 

To ensure commercial satcom networks that support the military are cyber secure, the U.S. Space Force started a program called Infrastructure Asset Pre-Assessment Program (IA-Pre). 

The military has always demanded cybersecurity in satcom systems but “they are increasing the level,” said Rick Lober, vice president and general manager of defense and intelligence systems at Hughes Network Systems.

The recent network attacks in Ukraine have been “an eye opener for everybody,” Lober told SpaceNews. “A lot of government networks that are using commercial satellites do have a higher level of protection built into them. But certainly, everyone wants to make sure that they are applying all the latest techniques to protect these systems.”

The use of hybrid networks with multiple transport options is gaining traction not just in DoD but also in private industry because of the added resilience, said Lober. “We in the commercial industry call it software defined networking, where we can put different traffic types over different satellite links or terrestrial links, and that does give you a degree of protection.”