Latest News

Information Assurance for Mobile Satellite Services

By Rodrigo J. Gomez | July 17, 2014

      Government and large enterprises worldwide have ever-expanding needs for both fixed and mobile satellite services, and the need to adhere to the strictest security; whether the user is an entrepreneur, a soldier, or a field energy engineer, all must maintain the highest levels of security for their satcom deployments. Enterprises have an increasing demand for resilient, assured communications infrastructures, but many organizations are insisting upon networks that meet more robust Operational Security (OPSEC) and Information Assurance (IA) requirements. Concerns of possible interception or interruption of sensitive voice and data traffic, and sensitive operational information must be addressed.

      This article focuses on commercial satellite systems supporting both the government and the commercial enterprise user. In both cases the objective is to protect the security of satcom users and their information. We examine the different threats within a typical network infrastructure, and will discuss the differences among, and relationships between, the terms Secure, Ensure and Assure as they apply to mobile satellite services (MSS).

      We will note how an IA-compliant infrastructure is not sufficient to address all vulnerabilities without the proper Operational Security (OPSEC) support, and how the new role of the term “Assured” communications is driving new developments in the satellite industry.

       

      Global Demand and the Changing Landscape

      Enterprise applications (commercial and military) with large amounts of remote sharing broadband networks have taken over the fixed satellite services (FSS) market, previously dominated by very specialized applications like voice backhaul, video distribution, and Internet access. The MSS market followed the same trend, morphing from basic voice and low-bandwidth data services to highly mobile broadband users. The introduction of next-generation satellites provides more power to the user terminal and allows operators better on-board capabilities. This allows reuse of spectrum while using more aggressive modulation schemes for higher data rates. Machine-to-Machine (M2M) and tracking applications are leading the growth in volume of narrowband communications.

      In the past, FSS networks featured small numbers of high bandwidth terminals, while MSS networks were characterized by high numbers of low bandwidth terminals.  The gap between the two types of networks is closing and MSS operators need to be more concerned with the application layers as the throughput of MSS terminals increases.

      The security posture is usually subjective when the implementation requires commercial satellite systems, because too often network managers are forced to reduce or waive security requirements in order to allow access to commercially available systems, simply because there are no alternatives.

       

      Secure, Ensure and Assure

      When security terms are misinterpreted, they create vulnerabilities at the operational level. The challenge for OPSEC strategists is to find the right balance and mitigating measures between Securing, Ensuring and Assuring the information. It is important to clarify that the approach depends 100 percent on the context of the mission.

      Securing is directly related to protecting the information from direct attacks. Controls are implemented to create boundaries around the sensitive information. The ultimate goal is to protect the confidentiality, integrity and accessibility of the information system. The role of the security expert is to understand the context of the mission and craft the appropriate posture that will address all necessary IA controls.

      However, a wise security manager needs to assume that traditional shared and foreign MSS networks do not enforce or implement many of the controls. This factor pushes the need of encrypting the data streams from end-to-end, and voice users are expected to ride unsecure networks full of mousetraps capturing information ready for collection and analysis.

      Therefore, the security expert needs to rely on a second factor: Ensuring that the users are capable of executing their missions securely. Security experts are challenged to warrant that their understanding of the vulnerabilities identified in the system is sufficient to certify that the controls in place will deal with a variable and dynamic environment, such as a commercial MSS network.

      The role of trust in ensuring security is important. Users must assume that vulnerabilities have not morphed into something not mitigated since the controls were implemented. It is difficult for security experts to anticipate changes that will impact the risk profile and adjust the design in a timely manner. Security experts also have to assume that users will use the system and guidelines as specified. Training programs, regular audits and vulnerability assessments reinforce this assumption.

      Finally, Assuring this is only achieved through the combination of Securing and Ensuring capability, a term that wraps up the concept of creating an OPSEC “bubble” around an MSS network. Assuring is making certain that something actually happens. In other words, security experts must make sure that the objectives for an effective IA implementation incorporate a proper OPSEC strategy. As this is a relationship between the user and the MSS provider, the relationship needs to have a holistic framework for a proper OPSEC environment.

       

      Closing the Gap in Security

      Historically, the U.S. government follows the IA Certification and Accreditation (C&A) approval, following Department of Defense (DoD) or Department of Homeland Security (DHS) directives. Likewise, commercial enterprises follow commercially rated frameworks, such as National Institute of Standards and Technology or International Organization for Standardization /International Electrotechnical Commission (ISO/IEC) standards.

      IA controls are in system and managerial requirements to meet the confidentiality, integrity and availability standards set forth by the information owner to meet the mission-assurance objectives.

      A “certifier” is the entity that defines the IA posture and confirms that the information system meets the stated requirements. The “auditor” will verify that the design and implementation plan introduced by the certifier meets the requirements. Any framework recommends IA control sets are reviewed annually to verify that changes have not modified the baseline, and changes to baseline do not affect the IA posture of the information system. This approach closes the gap between development and implementation, and lifecycle management.

       

      Security in the Space Systems

      Countries and large enterprises have very high dependency on satellites for communications, whether reporting, navigation, or intelligence gathering. Some threats considered unintentional, such as space debris, must be monitored to protect orbiting assets. Other threats, considered intentional, make satellite systems a primary target for adversaries carrying out attacks on military operations.

      Users have a general acceptance of the fact that the air interface in the satellite services operate as any commercial wireless link, and is a prime candidate for collection of data and denial of service. However, all elements (spacecraft, ground segment and air interface) should be protected to minimize threats on mission success.

       

      In-Orbit Security

      In-orbit threats are commonly caused by debris, either outer-space particles or mission-related fragments generated after collisions or explosions. Commercial and military satellite operators are constantly tracking more than 23,000 orbiting objects (debris) and anticipating possible collisions.

      In-orbit intentional attacks —usually aimed at government communications — damage in-orbit assets. Lasers can be aimed to damage thermal control, electro-optical, structural and power-generation components. Due to distance (related to power) and mission specifications, LEO satellites are most vulnerable to this kind of attack.

      Other in-orbit threats are direct attacks to payload, Telemetry Tracking and Control (TT&C) links, or the actual hardware. Jamming is the most common form of attack aimed to interrupt the link on the uplink, downlink, or both.

       

      Security on the Ground

      Service providers build systems to protect the infrastructure. Protecting user and control data over the air interface will ensure confidentiality and integrity of the information. The goal of the user is to minimize information that can be snooped if signals are intercepted and collected, and to establish robust protocols to minimize man-in-the-middle attacks.

      The role of the industry is to satisfy the requirements of the users. The role of the users is to define these requirements. The paradigm is to implement services in commercial MSS infrastructure, where resources might be available for the mission but the security requirements do not meet the mission’s minimum criteria.

       

      The Security Posture of the Users

      The security posture is the holistic approach implemented in the organization to operate and maintain an information system. It includes the human factor, the technological infrastructure and the operational support for a robust three-layered protection: Protect, Detect and React.

      OPSEC is the process that implements safeguards in the system to protect critical information and observable actions that might not necessarily be considered sensitive or classified, but that could give adversaries an advantage if that information is pieced together with other information to create a bigger picture.

      It is estimated that about 90 percent of the information collected and used to perform large-scale attacks is exploited OPSEC vulnerabilities from open sources. This is called Open Source Intelligence (OSINT), referred to intelligence collected from publicly available places such as social media, trade shows and events, web sites and newspapers.

      Unfortunately, the human factor and OSINT are not the only sources of OPSEC-related information that can be exploited. MSS and to some extent FSS systems operate mainly as a shared infrastructure. Systems operating overseas share critical systems that also process and store information overseas, which require following local regulation.

      The paradigm that users face is how to meet their mission requirements when they know that their mission can only be achieved using systems that create vulnerabilities. The users might not even know the extent of these vulnerabilities and the value that information can provide to adversaries.

       

      Building the Proper OPSEC Environment

      The industry clearly understands the need to change and is adjusting to meet new requirements. Service providers understand that threats and vulnerabilities in their systems will affect missions and lives. They have demonstrated interest in allocating funds to meet contractual OPSEC requirements and build-up infrastructure that facilitates implementation of the proper IA controls.

      The industry also understands now that the impact of exposing critical information is beyond economic or commercial competition. Exposure of critical information can be exploited if it reveals mission or strategy details affecting national-security interests.

      With the introduction of OPSEC objectives, industry and technical evaluators can start thinking about impact in their contract selection process and anticipating mitigation plans. In other words, OPSEC must be incorporated in the contracting process to ensure it gets implemented into a program from the beginning.

       

      The Satellite Industry’s Response

      The industry is currently addressing three fronts. The first is enhancements in the system to mitigate certain mission vulnerabilities. These include: more robust air interface; full key management and hardened encryption algorithms in the SIM cards and authentication protocols; better protection on the ground infrastructure; partitioning and compartmentalization of traffic and information stores; and improvement of processing and user control.

      The second front is the implementation of additional internal controls to protect and safeguard sensitive information (minimizing OPSEC exposure). The industry has implemented tactics such as: full control of the lifecycle support (firmware and hardware) of the user terminals; compartmentalization of call detail, transactions and other sensitive records; protection of real-time geo-location details; and keeping subscriber control in U.S. hands, thus reducing details that can be used by foreigners (friendly or unfriendly) for collection and analysis or denial of service.

      The third front is the cooperation between the industry and government agencies to better understand user requirements — to effectively shape the roadmap for the industry.

      It is clear that as the baseline user requirements for MSS changed, the technology was enhanced, and the industry made progress in assimilating the requirements to use technology wisely.

      At the same time, the MSS industry segment is helping government and enterprises understand what works best for the mission. Customization is becoming the standard and regardless whether MSS services  are used by energy, telecommunications, first responder, intelligence or military markets, OPSEC and IA  hold top priority. VS

       

      Rodrigo J. Gomez has more than 17 years’ experience as a telecommunications engineer. He joined TrustComm as Chief Technology Officer in 2012. He leads the development of TrustComm’s assured satcom services, terrestrial and end-to end networks.