Why CISOs should be concerned about space-based attacks

Why CISOs should be concerned about space-based attacks

Space-based data communications are reliable and useful links for users, but they’re also targets for hackers and other hostile actors.

Credit: Shutterstock

Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space.

On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022.

According to the satellite services provider, “the cyber-attack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe.”

They included the remote monitoring and control of 5,800 wind turbines owned by Germany's Enercon, with a total capacity of 11 gigawatts.

An after-attack report from Sentinel Labs concluded that “the threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers.

A wiper for this kind of device would overwrite key data in the modem’s flash memory, rendering it inoperable and in need of re-flashing or replacing.” Sentinel Labs also reported that the wiper in question was AcidRain, “an ELF MIPS malware designed to wipe modems and routers.”

Conflict-related attacks can hit civilians too

Viasat itself has not confirmed the characterisation of this as a “supply-chain" attack was accurate and maintains that there has been no evidence this was the case, according to a Viasat representative via email.

The attack “primarily impacted the Ukrainian civilian population as they were not able to access reliable information from the government during the conflict,” according to the Cyber Threats section of the CyberPeace Institute website. “The recovery time varied, though some were without internet for two weeks.”

The response: “We worked with the operator to implement immediate updates to stabilise the network and defend against additional tactics,” says Craig Miller, president of Viasat Government Systems.

“Viasat’s in-house cyber expertise and capability is how we were able to maintain the safety and security of the majority of KA-SAT users, as well as initiate a rapid logistical response to get impacted users back online as quickly as possible.”

Satellites are attractive targets for hackers

Beyond providing satellite broadband, space-based communications satellites provide a wide and varied range of services to academic, business, commercial, government, and military users. This makes them an attractive target for hackers with many points of attack, including the satellite’s onboard control software, the data links between them and their Earth stations, and ground-based data networks and equipment such as modems that connect to them.

Although the Viasat KA-SAT malware attack was apparently aimed at blocking internet access to Ukrainian civilians many kinds of cyberattacks make sense concerning space-based data systems.

“My first thought — because of the global impact on commercial and military assets — would be satellite communications attacks on GNSS/GPS navigation signals by jamming, and more the powerful threat of signal spoofing,” says Randall K. Nichols, vice-chair of an Institute of Electrical and Electronics Engineers (IEEE) subcommittee on self-healing systems.

“From an IT point of view, all space vehicles requiring navigation assistance …are essentially SCADA (supervisory control and data acquisition) systems with all the attendant vulnerabilities and subject to a host of IT/cyber/system threats,” he said.

“There have certainly been more cyberattacks against space assets and services, with government and commercial networks defending against threats daily,” Miller says.

“However, the environment everyone is operating in today is different from five, 10, or 15 years ago. Attacks from all types of adversaries are increasing in frequency and sophistication, which means government and commercial networks need to adapt their defenses.”

The danger of ‘dual use’ satellites

Making matters worse is the tendency for many satellites to be ‘dual use’ carriers, in that they provide services that are used by both commercial and military clients.

As such, “US commercial satellites may be seen as legitimate targets in case they are used in the conflict in Ukraine,” reported the Russian state-owned news agency TASS on October 27, 2022.

Speaking before the UN General Assembly’s First Committee, Russian Foreign Ministry official Konstantin Vorontsov threatened that, “Quasi-civil infrastructure may be a legitimate target for a retaliation strike.”

This has certainly been true for SpaceX’s Starlink satellite broadband service in Ukraine. "Some Starlink terminals near conflict areas were being jammed for several hours at a time,” SpaceX CEO Elon Musk said in a Twitter message posted on March 5, 2022. “Our latest software update bypasses the jamming. Am curious to see what’s next!”

Such threats and actions come as no surprise to Laurent Franck, a satellite consultant and ground systems expert with the Euroconsult Group. Whenever a commercial satellite “can be used on a battlefield and used in a war context, it becomes a target,” he says.

As a result, threats like those issued by Russia against US commercial satellites and actual jamming of Starlink terminals are to be expected, especially due to the trend of “space getting militarized.”

“Until recently, the space segment (i.e. spacecraft) were considered to be safe because of their very location in space,” he adds. “This is not true anymore, thanks to the development of dedicated spacecraft meant to inspect/disrupt other spacecraft.”

Coping with Space-Based Threats

There is nothing CSOs can do about military threats against the satellites/satellite services that their companies rely on. But they do have an opportunity to analyse and assess where the weak links in their communications chains are — both within their own enterprises and within third-party satellite services providers — and prepare contingency plans accordingly. 

n fact, “it is incumbent on CSOs and senior program management to perform effective risk assessments to reach a legal level of due diligence for their organisations,” Nichols says.

To achieve this level of awareness, it's very, very important to take a full system, end-to-end view of your satellite communications systems,” says Franck Perrin, head of Thales Group’s cybersecurity, platform, and infrastructure division.

This includes every connection point, piece of equipment, and data access point/user interface along the entire signal chain both on Earth and in space.

“The risk analysis will also have to take into consideration the different operational uses that your system may be put to, both for today and in the future.” Backup data routes, both via other satellites and on the ground, should also be planned and ready for switchover at a moment’s notice.

Remember: “The greatest threats to space communication are those that result in the disruption of the ability to communicate, such as through a cyber-attack, disruption of ground infrastructure (gateways and fiber), RF interference, or through direct attacks against the spacecraft,” says Viasat’s Miller.

Moreover, just because cyberattacks are against space-based communications doesn’t mean the satellite/spacecraft itself or ground station infrastructure haven’t been affected or involved as the network itself is often the real target.

“This is not necessarily different from cyber threats that target more traditional communications networks, government agencies, or large commercial providers of other services to disrupt communication or access valuable data or intellectual property information,” Miller says. “With these types of goals, the concern of an insider threat is also possible and something space providers need to be thinking about too.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber attacks


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments