Satellite communications firms remain vigilant as cyber threats evolve
This article originally appeared in the Feb. 12, 2018 issue of SpaceNews magazine.
In early January, computer security experts revealed new vulnerabilities in Intel microprocessors potentially affecting millions of mobile phones and laptop computers connected to cloud networks. The disclosure sent cyber sleuths around the world into overdrive to safeguard networks.
It’s no different in the world of military satellite communications when government or industry experts detect new vulnerabilities, except those discoveries are highly classified.
The commercial satellite networks the U.S. military relies on to carry the portion of its communications traffic that doesn’t flow through the Defense Department’s own satellites are designed, built and operated with an emphasis on information security. Fleet operators like Inmarsat, Intelsat, SES and Eutelsat say they meet or exceed extensive requirements included in government regulations and government contracts, ranging from encryption of spacecraft commands to protecting ground stations from cyber and physical intrusion.
In spite of all the safeguards, companies must continually monitor traffic on their global networks to detect attempted or successful penetration and take steps to mitigate the impact of security breaches.
“Cybersecurity is an active business,” said Rebecca Cowen-Hirsch, senior vice president for government strategy and policy at Inmarsat’s U.S. Government Business Unit in Reston, Virginia. “It’s not something you build and leave. It’s something you are constantly evolving.”
Rory Welch, vice president of engineering and service delivery for Intelsat General Corp. of McLean, Virginia, agrees. “We continuously evaluate the threat landscape,” Welch said. “That allows us to adjust and adapt our countermeasures to address those latest threat actors and attack methods.”
It’s challenging, however, to keep up with the constantly evolving threats, according to security experts.
“Threat actors are becoming more diverse and more capable,” Welch said. “How they are able to attack systems continues to vary.”
One way companies keep abreast of changing threats is by sharing information with one another and with government agencies, including the Department of Homeland Security and Defense Department.
Once they learn of new threats, they determine whether they need to update software, reroute traffic or take portions of a network offline when the threat is serious enough.
“Any system needs to have some degree of continuous review because as new vulnerabilities and new threats come to light, you may have to adjust,” said Patrick Rayermann, director for space and national intelligence, surveillance and reconnaissance at Semper Fortis Solutions, a technology consulting company based in Leesburg, Virginia. “You may have to take a system offline until certain corrections can be applied.”
Satellite communications companies also are responding to growing cyber threats with a variety of actions to make their networks more resilient, including enhancing the security of new satellites.
Eutelsat is working on a new generation of software-defined satellites, called Quantum, which it plans to begin launching in 2019. Quantum’s “security design is particularly well-suited for governmental uses,” David Bair, chief executive of Washington-based Eutelsat America Corp., said by email.
SES and the Luxembourg government launched GovSat-1, also known as SES-16, on Jan. 31, which is the first commercial satellite to meet a new requirement established by the U.S.-led intergovernmental Committee on National Security Systems to encrypt satellite telemetry downlinks as well as command uplinks, said Tim Deaver, corporate vice president for SES Government Solutions of Reston, Virginia. That level of encryption is a baseline requirement for O3b mPower, the constellation of high-throughput satellites in medium-Earth orbit SES plans to begin launching in 2021, Deaver said by email.
To bolster security throughout the company, SES recently hired its first chief information officer. “Part of his primary job is to ensure all of our information technology and networks meet the most stringent of requirements and to protect our assets,” Deaver said.
Inmarsat designed its Global Xpress fleet, which it began launching in 2013, with U.S. government customers in mind, Cowen-Hirsch said. Inmarsat encrypts Global Xpress satellite commands. It operates Global Xpress ground stations in NATO and Five Eyes nations. (Five Eyes is a multilateral intelligence alliance that includes the United States, Canada, the United Kingdom, Australia and New Zealand.) Inmarsat’s network includes redundant fiber networks, which travel through U.S. allied nations. Within the Global Xpress network, Inmarsat can separate government traffic into its own “secure enclave,” she added.
Similarly, Intelsat’s Epic NG high-throughput satellite fleet and associated ground network are built for security and resiliency with “redundancy in its infrastructure and diversity in its operations,” Welch said.
Intelsat evaluates the information security recommendations of the Defense Department, National Institute of Standards and Technology and the International Organization for Standards. Intelsat’s information security team “takes the most stringent of all of those and applies them against our network design,” Welch said.
Independent third parties audit Intelsat’s space-based and terrestrial network annually to certify that it meets stringent international security standards known as Systems and Organization Controls 3, Welch said.