Russian invasion of Ukraine exposes cybersecurity threat to commercial satellites

by

Months before Russian armored vehicles rolled into Ukraine on Feb. 24, companies monitoring satellite networks noticed an uptick in activity.

Hackers were trying to penetrate Ukraine’s communications satellite infrastructure, including networks that relay commands to Ukrainian military drones. Meanwhile, Earth observation satellites detected intensifying GPS interference in the region.

When the invasion began, cyberattacks escalated. SpaceX CEO Elon Musk reported jamming of Starlink communications near Ukrainian conflict areas. And hackers infiltrated Viasat’s KA-SAT satellite internet network, disabling modems that provide tens of thousands of customers in Ukraine and nearby countries with internet links.

“The current situation is absolutely shedding light on the fact that space systems are being attacked because of their role as critical infrastructure and critical communication channels out to the broader population in the country,” Frank Backes, Kratos Federal Space senior vice president and chairman of the Space Information Sharing and Analysis Center (ISAC), said March 6 on the Defense and Aerospace Daily Downlink podcast. “We’re seeing that in real time in this regional conflict in a way that we’ve never seen it before.”

That message was backed up by a March 17 alert from the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigations. The alert warned of “possible threats to U.S. and international satellite communications networks” and asked all organizations to report any “indications of malicious cyber activity.”

SENSE OF URGENCY

Cybersecurity experts have been warning for years of increasing attacks on commercial satellites and working with companies to enhance security. The day before the Russian invasion began, Christopher Scolese, National Reconnaissance Officer director, warned that organizations tied to the Russian military were likely to target government and commercial satellites.

Still, the war in Ukraine is adding a sense of urgency to ongoing initiatives like the Space ISAC’s creation of a Watch Center and informing discussion on how to safeguard space systems.

Viasat relies on KA-SAT to provide internet coverage for Europea and the Mediterranean market. Credit: Viasat

“I regard space systems as critical to our national security and to our economic security,” said Sam Visner, Mitre Corp. technical fellow and Space ISAC vice chair. “To the extent that anybody would want to damage our infrastructure, either directly or indirectly, space systems are conceivably a target.”

The Space ISAC, based in Colorado Springs, was established in 2019 to notify members of cyber threats and mitigation strategies. Now, the nonprofit group is working to establish a round-the-clock Watch Center to ingest a variety of data sources, including declassified intelligence, radio frequency interference reports and details of ransomware attacks coming from commercial sources as well as U.S. government and international government agencies.

The Watch Center, scheduled to open this fall, will provide a platform for members to share information on threats or vulnerabilities, Erin Miller, Space ISAC executive director, said March 4 at the AFCEA Rocky Mountain Chapter’s Cyberspace Symposium.

CRITICAL DESIGNATION

Meanwhile, the Space ISAC is among the groups encouraging the Biden Administration to add space systems to the government’s list of 16 critical infrastructure sectors. U.S. Reps. Ted W. Lieu (D-Calif.) and Ken Calvert (R-Calif.) introduced the Space Infrastructure Act in June, which calls for moving space systems, services and technology under the critical-infrastructure umbrella.

If that happens, the Department of Homeland Security would assign an executive branch agency to work closely with space companies to establish cybersecurity standards and to reinforce safeguards with the support of U.S. defense and intelligence agencies.

Being designated as critical infrastructure would get the space sector more attention and support from the executive branch and “stand as a statement of U.S. policy that this is critical infrastructure and that the country stands behind its security and resilience,” Visner said.

The Aerospace Corp.’s Slingshot satellite will host 19 different payloads on a 12-unit Blue Canyon cubesat bus. Credit: The Aerospace Corp.

While space has not been designated a critical infrastructure sector, the Department of Homeland Security established a Space Critical Infrastructure Working Group last year to enhance the security and resilience of space systems, James Platt, U.S. Department of Homeland Security, Strategic Defense Initiative said March 21 at the Satellite 2022 conference.

CYBER HYGIENE

While the Biden administration studies the matter and Congress considers the Space Infrastructure Act, cybersecurity experts are urging satellite operators to pay heightened attention to what they call “cyber hygiene.”

“Make sure your corporate systems and your business systems are secure,” Visner said. “Take a look at your supply chain to make sure you know where things are coming from, not only the hardware but certainly the software.”

In addition, Visner said, companies should scrutinize all the systems they rely on to launch and operate satellites. That includes making sure anyone with authority to communicate with spacecraft and operate onboard payloads is focused on cybersecurity.

HEIGHTENED RISK

Ryan Speelman, Aerospace Corp. Information Systems and Cyber Division principal director, said it’s important for companies “to understand their threat vectors and their place in the world.”

For example, commercial satellites operating in conflict zones or supporting military maneuvers face different risks than satellites serving customers in peaceful locales. Equipment and communications infrastructure designed to support military operations follow more stringent cybersecurity standards than commercial infrastructure.

“If you’re designing for commercial applications and then inserting yourself into a military conflict, there are all kinds of potential problems there,” said Josh Lospinoso, CEO and co-founder of Shift5, a cybersecurity startup based in Arlington, Virginia. “Several very well-funded groups coming out of the Russian intelligence apparatus are very skilled in cyberspace. It’s not clear to me that even well-funded and smart commercial entities could stand up to the might of a nation-state advanced persistent threat. You’re inviting a level of cyber attacker that your information-security apparatus is not prepared for.”

Not all companies are seeking to insert themselves into conflicts, though.

When Viasat acquired KA-SAT from its joint venture with Eutelsat Communications in 2020, the satellite had been providing internet service in Europe for a decade before Russia invaded Ukraine.

Since the cyberattack, Viasat has been working with law enforcement partners and government agencies to determine exactly what happened and to restore service in affected areas.

Cybersecurity experts like to call cybersecurity “a team sport,” meaning that no single organization can protect itself from rapidly evolving cyber threats alone.

This article originally appeared in the April 2022 issue of SpaceNews magazine.