ArchiveOODA OriginalSecurity and Resiliency

Cyber Attack Against Satellite Calls into Question Satellite Security

In late February 2022, a cyber attack impacted the international satellite Internet and TV provider Viasat. The attack disrupted services on February 24, coinciding with Russian forces’ assaults on Ukrainian cities. Although as of this writing the full extent of the attack has not been quantified, initial evidence shows that Internet service was cut off for thousands of customers in Europe. Per an ongoing joint effort of French, Ukraine, and U.S. intelligence, the attack successfully disabled modems to the extent that they could not be turned on, and would need to be reprogrammed, or in some cases, replaced.  Current belief is that malware had allowed the attackers, who had likely already gained access into Viasat networks, to purposefully manipulate the modems.  Despite the conflict in Ukraine and the impact that resulted, the joint intelligence effort has not attributed the attack to Russian state actors.

On March 17, the Department of Homeland Security (DHS) issued an alert advocating the strengthening of SATCOM network provider cybersecurity, no doubt in response to revelations of the Viasat incident. The cyber threat to satellites has been a longstanding concern, and one that has unfortunately got mixed in with the myriad other cybersecurity issues facing the global community. As a result, it’s not surprising that satellite security has gotten lost in the shuffle, particularly given the need to prioritize and safeguard 16 critical infrastructure sectors.

Complicating matters, the architecture of the satellite system allows for various potential entry points for cyber attackers. According to one research paper on the subject, space craft, ground stations, and uplinks/downlinks were susceptible to cyber attacks. Space craft could be vulnerable to command intrusions and denial-of-service attacks. Ground stations offered several entry points for would-be attackers.  And finally, the uplinks/downlinks for satellites were accessible especially if they transmitted via open telecommunications channels. Compounding the problem are the Internet of Things devices involved in satellite communications that could provide several other possible points of entry for savvy attackers.

As of 2021, according to one geospatial source, there were approximately 6,600 satellites orbiting the earth (though another source has a higher number) with 3,400 of them being active. This number keeps increasing with more launches conducted each year. These satellites provide a range of functionality to include but not limited to earth observation, technology development and demonstration, navigation and positioning, space science and observation, earth science, and “other” purposes, likely referring to those supporting intelligence activities (as many as 2,200 communications satellites are in orbit). Of the more than two-thirds of the countries that have launched them, the United States ranks first in satellites put into space, followed by Russia and China.

But the recent attack shows the potential of what can happen when cyberspace and orbital space are intermingled, and while the Internet disruption will likely have a limited impact, it reveals how cyber attacks can be executed against these space assets to impact real world operations. Satellites support several sectors and industries and contribute substantially to the global economy. Communications, Finance, Logistics, and Defense all rely on satellites to support their operations. Because of its increasing importance to sustain industries, the space sector as a whole is expected to be larger than oil in the next decade with an estimated worth of USD 3 trillion by 2050.  Reliance on satellite functionality will only increase in the coming years.

Therefore, the activities supported by satellites, and the consequences of any adverse impact against them, need to be considered, as damage can have far reaching effects beyond the actual satellite. For example, the recent attack did not just impact Internet connections but also connectivity to 5,800 German wind turbines, showing how other industries and sectors can be disrupted as a result of a successful cyber attack against a satellite. As the global community pushes for more green and renewable technologies, green energy proponents need to consider how they may rely on satellites and how they can do their part in securing their connections to them.

Although initial signs point to Russia or at least Russian sponsorship for the recent cyber attack on Viasat, targeting satellites would cross a red line for Moscow. In early March 2022, a top Russian space official stated that any cyber attack on its nation’s satellites would be considered an “act of war.” Interestingly, he made that statement after the hacktivist group Anonymous claimed to have shut down the satellite operations of Russian’s civilian space agency, Roscosmos. Although this attack has not been verified, the pronouncement underscores Russia’s acknowledgement of the vitality of satellites to support a nation’s interests.

Despite not yet being implicated, Moscow understands that targeting communications channels prior to a military maneuver is one way disruptive cyber attacks can support a tactical military invasion. Controlling the information space is important to censor certain news from reaching specific audiences while replacing it with other more favorable messaging. This is especially helpful in times of conflict when the aggressor state tries to control the narratives that flow to their own domestic audience, the civilian audience in the target country, and the international audience. Russia failed to do that against Georgia in 2008, a mistake it rectified in 2014 against Crimea when it masterfully annexed the territory without need of armed coercion.

Like many attacks in cyberspace, practice makes perfect. While the Viasat attack was successful, the effects may not have been what was intended or hoped for. No doubt whomever the attackers, they will have studied the mechanics of the attack chain and applied lessons-learned for future efforts. But given the nature of the cyber threat landscape, satellites may ultimately fall in the crosshairs of other well-resourced and capable cyber criminal actors such as ransomware gangs looking to extort substantial payments. The recent DHS SATCOM alert is a very appropriate corollary to its “Shields Up” strategy, though its applicability extends beyond periods of geopolitical conflict. While space systems may not be deemed a critical infrastructure, their essential services rely on them. Therefore, it makes sense to prioritize their protection the same way.

 

Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.