In late February 2022, a cyber attack impacted the international satellite Internet and TV provider Viasat. The attack disrupted services on February 24, coinciding with Russian forces’ assaults on Ukrainian cities. Although as of this writing the full extent of the attack has not been quantified, initial evidence shows that Internet service was cut off for thousands of customers in Europe.

Per an ongoing joint effort of French, Ukraine, and U.S. intelligence, the attack successfully disabled modems to the extent that they could not be turned on, and would need to be reprogrammed, or in some cases, replaced.  The current belief is that malware had allowed the attackers (who had likely already gained access into Viasat networks) to purposefully manipulate the modems Despite the conflict in Ukraine and the impact that resulted, the joint intelligence effort has not attributed the attack to Russian state actors.

On March 17, the Department of Homeland Security (DHS) issued an alert advocating the strengthening of SATCOM network provider cybersecurity – no doubt in response to revelations of the Viasat incident. For a complete analysis of the Viasat Incident and OODA and CISA/FBI recommendations, see CISA, FBI Issue Joint Cybersecurity Advisory for SATCOM Ecosystem Following Viasat Cyberattack.

OODA Loop Sponsor

Satellite Security Has Always Been A Concern

The cyber threat to satellites has been a longstanding concern and one that has, unfortunately, been mixed in with the myriad other cybersecurity issues facing the global community. As a result, it’s not surprising that satellite security has gotten lost in the shuffle, particularly given the need to prioritize and safeguard 16 critical infrastructure sectors.

Complicating matters, the architecture of the satellite system allows for various potential entry points for cyber attackers. According to one research paper on the subject, spacecraft, ground stations (and uplinks/downlinks) were susceptible to cyber attacks. Spacecraft could be vulnerable to command intrusions and denial-of-service attacks, as ground stations offered several entry points for would-be attackers.  And finally, the uplinks/downlinks for satellites were accessible especially if they were transmitting via open telecommunications channels. Compounding the problem are the Internet of Things devices involved in satellite communications that could provide several other possible points of entry for savvy attackers.

As of 2021, according to one geospatial source, there were approximately 6,600 satellites orbiting the earth (though another source has a higher number) with 3,400 of them being active. This number keeps increasing with more launches conducted each year. These satellites provide a range of functionality to include but are not limited to earth observation, technology development and demonstration, navigation and positioning, space science and observation, earth science, and “other” purposes (likely referring to those supporting intelligence activities – with as many as 2,200 communications satellites are in orbit). Of the more than two-thirds of the countries that have launched these satellites, the United States ranks first in satellites put into space (followed by Russia and China).

Satellites Are Mission-Critical Critical Infrastructure

But the recent Viasat attack shows the potential of what can happen when cyberspace and orbital space are intermingled, and while the Internet disruption will likely have a limited impact, it reveals how cyber attacks can be executed against these space assets to impact real-world operations. Satellites support several sectors and industries and contribute substantially to the global economy. Communications, Finance, Logistics, and Defense all rely on satellites to support their operations. Because of its increasing importance to sustain industries, the space sector as a whole is expected to be larger than oil in the next decade with an estimated worth of USD 3 trillion by 2050.  Reliance on satellite functionality will only increase in the coming years.

Therefore, the activities supported by satellites (and the consequences of any adverse impact against them) need to be considered- as damage to these mission-critical satellites can have far-reaching effects beyond the actual satellite. For example, the recent attack did not just impact Internet connections but also connectivity to 5,800 German wind turbines, showing how other industries and sectors can be disrupted as a result of a successful cyberattack against a satellite. As the global community pushes for more green and renewable technologies, green energy proponents need to consider how they may rely on satellites and how they can do their part in securing their connections to them.

Although initial signs point to Russia or at least Russian sponsorship for the recent cyber attack on Viasat, targeting satellites would cross a red line for Moscow. In early March 2022, a top Russian space official stated that any cyberattack on its nation’s satellites would be considered an “act of war.” Interestingly, he made that statement after the hacktivist group Anonymous claimed to have shut down the satellite operations of Russia’s civilian space agency, Roscosmos. Although this attack has not been verified, the pronouncement underscores Russia’s acknowledgment of the vitality of satellites to support a nation’s interests.

Despite not yet being implicated, Moscow understands that targeting communications channels prior to a military maneuver is the exact manner by which disruptive cyber attacks can support a tactical military invasion. Controlling the information space is important to censor certain news from reaching specific audiences  – while replacing it with other more favorable messaging. This is especially helpful in times of conflict when the aggressor state tries to control the narratives that flow to their own domestic audience, the civilian audience in the target country, and the international audience. Russia failed to do that against Georgia in 2008, a mistake it rectified in 2014 against Crimea (when it masterfully annexed the territory without the need of armed coercion).

Like many attacks in cyberspace, practice makes perfect. While the Viasat attack was successful, the effects may not have been what was intended or hoped for. No doubt, the attackers will study the mechanics of the attack chain and applied lessons learned for future efforts. But given the nature of the cyber threat landscape, satellites may ultimately fall in the crosshairs of other well-resourced and capable cybercriminal actors (such as ransomware gangs looking to extort substantial payments). The recent DHS SATCOM alert is a very appropriate corollary to its “Shields Up” strategy, though its applicability extends beyond periods of geopolitical conflict. While space systems may not be deemed “critical infrastructure”, their essential services rely on them. Therefore, it makes sense to prioritize their protection the same way.

Further Resources:

Guide For Business: Final checks for reducing risks in the face of nation-state cyber-attacks based on White House advisory

CISA, FBI Issue Joint Cybersecurity Advisory for SATCOM Ecosystem Following Viasat Cyberattack

A direct link to the CISA/FBI Joint Cyberadvisory:  US-CERT Alert (AA22-076A):  Strengthening Cybersecurity of SATCOM Network Providers and Customers | CISA

Recent Updates from the CISA Shields Up! Initiative:

• Statement by President Biden on our Nation’s Cybersecurity
• White House Fact Sheet: Act Now to Protect Against Potential Cyberattacks
• Strengthening Cybersecurity of SATCOM Network Providers and Customers
• Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability
• Updated: Conti Ransomware Cybersecurity Advisory
• Shields Up Technical Guidance
• UPDATED: Known Exploited Vulnerabilities Catalog

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Open-Source Intelligence Resources

The USGS 2022 List of Critical Minerals:  Moody’s Analytics economist Tim Uy wrote in a recent report:  “The greatest risk facing global supply chains has shifted from the pandemic to the Russia-Ukraine military conflict and the geopolitical and economic uncertainties it has created.”  Our recent “Warning for the U.S. Chip Industry: Russian Retaliation Could Hit Supply of Key Materials” provided a breakdown of the Russian and Ukraine-source material critical to the semiconductor manufacturing process (Neon, Palladium, etc.). In February, The US Geological Survey released the 2022 List of Critical Minerals. Palladium and Scandium are included in the USGS list.

The UNHRC Operational Data Portal – Ukrainian Refugees:  The Human Rights Council is an inter-governmental body within the United Nations system responsible for strengthening the promotion and protection of human rights around the globe and for addressing situations of human rights violations and making recommendations on them. The Operational Data Portal (ODP) was created in 2011 to enable UNHCR’s institutional responsibility to provide any information and data-sharing platform to facilitate the coordination of refugee emergencies.

Bellingcat and the Russia-Ukraine Monitor Map:  Bellingcat (an innovative open-source investigative journalism network and business model) has been in our research arsenal for a while  – ripe for a post to introduce our readers to their tools, investigations, and innovative approach to networked journalism.   The war in Europe has now put Bellingcat in the spotlight, based on the growing popularity of their crowdsourced mapping and monitoring efforts.

Additional Research and Analysis On Ukraine

Russian Use of Battlefield Weapons of Mass Destruction:  Since the early-2000s, an aberrant military doctrine unique to the Russian military has emerged: the use of weapons of mass destruction on a battlefield. The doctrine focuses on tactical-level weapons able to generate massive amounts of firepower to bring about surrender. Weaponized chemical or low-yield nuclear weapons, rather than fall into a special category (or to comply with the fact that one is internationally banned) instead are designed for battlefield use available as an option for warfighting and are justified in terms of an oscillating pair of strategic goals. Chris Flaherty provides a history of the doctrine and its potential impact in Ukraine.

Russia Faces IT Crisis With Only Two Months of Data Storage Capacity Available:  Within two months, Russia will run out of data storage capabilities (for their government and public sector information technology operations) after Western IT service providers pulled their cloud computing capabilities out of the country.

The February 2022 OODA Network Member Meeting: Topics Included Crypto Innovation, Security and Regulation and the Lead Up to Putin’s War:  To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

Why Hasn’t Russia Used More Destructive Cyber Attacks Against Ukraine?:  The malware that has surfaced in the Ukraine conflict has not been the most advanced, an odd development that has raised questions among security professionals. Once committed to a kinetic invasion, a logical presumption would be that more robust cyber weaponry would be deployed to match Russia’s military might to quickly subdue Ukraine. But two weeks into the conflict, the attacks that have transpired have been anything but extraordinary.

We Are In The First Open Source Intelligence War:  We are witnessing the world’s first war where open-source intelligence is providing more actionable insights than classified sources. Here are views on what this shift means for governments, businesses, NGOs, and Citizens.

What The C-Suite Needs To Know About The Annual Threat Assessment of the US Intelligence Community:  Every year the US intelligence community produces a succinct report designed to provide a high-level overview of threats. This is issued to coincide with testimony by the Director of National Intelligence and the biggest agencies of the IC, CIA, DIA, NSA, and FBI.  This year’s report follows the theme that the world is growing in complexity and uncertainty. This complexity and uncertainty occur in an interconnected world where great power competition is clearly underway.

Dr. Scott Shumate Profiles Russian President Vladimir Putin:  This OODAcast is a special edition focused on profiling Russian President Vladimir Putin with Dr. Scott Shumate, who has over 30 years of experience evaluating national leaders, terrorists, spies, and insiders.  Scott shares his unique perspective’s on Putin informed by his extensive experience and insight. Is Putin suicidal? Is he a rational actor? Will he escalate to cyber-attacks? These questions and more are discussed with Dr. Shumate.  Here are the major takeaways from the interview to inform your perspective:  The Putin Profile: Takeaways from our Interview with a CIA, FBI, and Military Psychologist.

Ukraine-Russia War Threat to Space Security Update –  The space security and space war aspects of the current Russian invasion of Ukraine have manifested in various ways since the beginning of the war. However, it was preceded by months of build-up, as massive military vehicle parks were created at various places along the Russian and Belarusian borders – all viewed from space.  The following is an overview list of the various issues that have arisen since the inception of the conflict.

A No-Hype Assessment on Starlink Security: Starlink is a great system, but it was not designed for combat and has limitations when being used in this role. Many mitigation measures are in place that can make it harder on adversaries to exploit these limitations. This post reviews provides insights onto these mitigation measures.

The OODA C-Suite Report: Operational Intelligence for Decision-MakersWhat is the value of an informed decision? At OODA Loop, we seek to surface decision intelligence that provides meaningful perspective for leaders and analysts looking to make the most informed decisions possible. The topics examined in this assessment represent developments that fit the category of operating in a VUCA world, identifying and responding to Gray Rhino risks, or opportunities from advancements in emerging technology domains. These are issues we think our members should be tracking and map to collection requirements for our team to keep you as informed as possible.

John Boyd on Patterns of Conflict and the OODA Loop John Boyd studied. He studied fighter pilot tactics, studied aeronautical engineering, studied bureaucrats and how to avoid their traps, studied evolution and biology, and studied history. And Boyd synthesized in a way that only a real practitioner of war could to produce a briefing called Patterns of Conflict that is still having a big impact on the world today.This post summarizes some key points worth reflecting on as the world views and reacts to the Russian invasion of Ukraine.

Thinking Strategically About What Comes Next and How To Mitigate Risk As we have previously mentioned, the Russian aggression against Ukraine will have impacts far beyond the region. All companies and all government organizations (including those at local and state levels) should evaluate the potential impact of these hostilities on operations. We are a nation interconnected with the world by complex supply chains and a global high speed internet and must be ready to deal with impacts.

Twitter List For Tactical Information: This Twitter list of vetted resources that have reported accurately on tactical moves in the Ukrainian theater can be used to quickly capture the gist of a dynamic military situation.

C-Suite Guide: Improving Cybersecurity Posture Before Russia Invades Ukraine: The capabilities of Russia to conduct cyber espionage and cyber attack have been battle tested and are hard to thwart even during daily “peacetime” operations. They include well resourced capabilities of the military and intelligence services and also deep technical expertise in the Russian business ecosystem and in organized crime which operates as part of Russian national power. Proof points of Russian capabilities include the massive and sophisticated Solar Winds attacks which leveraged low and slow, well thought out plans to achieve access to multiple well-protected targets. Ransomware successes by Russian based criminal networks are also instructive as to the capability of Russian cyber threat actors. The use of malicious self replicating code (worms/virus/trojan) to spread malicious code into infrastructure is also well proven with decades of practice including fielding software that replicates from unclassified to classified systems in the military and spreads throughout critical infrastructure. This post goes beyond an articulation of the threat into recommendations leaders seeking to mitigate cyber threats from Russia including threats before, during and after a Ukraine invasion.

What The C-Suite Needs To Know About The Threat To Space Based Systems (and what to do about it): OODA recently updated the analysis below on threats to space based assets (with a focus on what the C-Suite needs to know) because of tensions with Russia and continued testing of satellite destruction capabilities the most recent of which (Nov 2021) caused significant increases in dangerous space debris.  We recommend this be read in conjunction with our report on what the C-Suite needs to know about the cybersecurity threats due to the coming Russian invasion of Ukraine, see links in the document for more.

Will China Replicate Russia’s Cyber Offensives in a Taiwan Reunification?: The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.

A Warning for the U.S. Chip Industry: Russian Retaliation Could Hit Supply of Key Materials: Russia may retaliate against the U.S. threat of trade sanctions and export curbs by blocking access to key materials like neon and palladium. Ukraine supplies over 90% of U.S. semiconductor-grade neon. This type of supply chain-based retaliation has become a priority concern for the White House, which is encouraging a broad diversification of the supply chain in the event Russia limits access to these key materials.

Russia’s Long Game, Leadership Lessons, and Learning from Failure: In February of 2021, Matt Devost spoke to Rob Richer, a highly regarded advisor to international executives and global government leaders including several heads of state. Rob has a well-informed perspective on international risks and opportunities and an ability to analyze and distill observations in a way that is meaningful for your decision-making process. In light of the conditions in Europe, this portion of their initial OODAcast conversation is timely and includes a discussion of Richer’s time as the head of CIA Russian Operations, his perspective on U.S./Russian relations (especially the role of cyber), leadership, the role of failure, and decision-making.

Charity Wright on China’s Digital Colonialism: Charity Wright is a Cyber Threat Intelligence Analyst with over 15 years of experience at the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in dark web cyber threat intelligence, counter-disinformation, and strategic intelligence at Recorded Future. Her analysis has provided deep insights into a variety of incidents, activities, and strategic moves by well-resourced adversaries, primarily actors operating in China.

The January 2022 OODA Network Member Meeting: Putin, Russia, Gray Zone Conflict Capabilities and The Future of Europe: To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks:In what felt like coordinated attacks last Friday, data-wiping malware (masquerading as ransomware) hit Ukrainian government organizations and was quickly followed by an aggressive unattributed cyber attack on Ukrainian government sites. The attacks prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity defenses.

Additional Context on OODA Reporting on Russia’s Military-Technical Maneuvers in Europe: We are conscious of our need to keep our usual variety of News Brief and OODA Analysis, but for obvious reasons, this week is top-heavy with Russian, NATO, and Ukrainian coverage. We intend on keeping our focus on providing the context you need vice the blow-by-blow of major moves. Like in other domains we endeavor to provide the “So What?” and “What’s Next?” you need to help drive your decisions.

OODA Research Report- The Russian Threat: This special report captures insights into the capabilities and intent of the Russian Threat, with a special focus on the cyber domain. Our objective: provide insights that are actionable for business and government leaders seeking to mitigate risks through informed decisions.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community