Latest News

Cybersecurity Talk with Intelsat CISO Vinit Duggal

By Juliet Van Wagenen | February 24, 2016
Cyber Security

Photo: Intelsat

[Via Satellite 02-24-2015] In the advent of rising Internet connectivity, satellite operators are working to keep pace and ensure satellite networks are secure for all users across the value chain. To delve further into how operators are ensuring cybersecurity alongside fast-paced Internet adoption, Via Satellite sat down with Intelsat Director and Chief Information Security Officer Vinit Duggal to see how the operator is coping with challenges that arise alongside rapid connectivity uptake, and how the company prepares for cyber threats in even the most difficult of environments: mobility platforms.

Via Satellite: How has the rapid uptake for Internet connectivity impacted a satellite operator’s ability to keep up with cyber threats?

Duggal: A good security posture is not just defined by what it stops, but also how quickly it is able to react to and address the threats when they are discovered. At Intelsat, we know that threats are increasing in sophistication and as such, we constantly upgrade our networks and keep abreast of the emerging threats that we and our customers could face in the future. We also seek outside counsel and compliance measures to ensure that we are consistently hardening our security posture.  We are the only satellite operator that has gone through independent auditing firm KPMG and completed a Service Organization Control 3 (SOC3) review of our security controls. This successful review process provides commercially accepted validation that our products are offered in an appropriately secure environment and provides a level of confidence for our customers that the satellite portion of their network is operated as securely as possible.

As for keeping up with cyber threats, as Wi-Fi connectivity rapidly becomes more widespread, a network can only be as secure as the security posture of each vendor that is working within the network. For a satellite operator, that means we need to have open conversations with our vendors and partners to discuss the threat landscape, what they are facing and how they are managing the exchange of data that passes through the collective network. Resiliency is of utmost importance. When you create public access at the Internet Protocol (IP) level, you are opening the door for different types of attacks and you must be prepared to stop them at every level of the network ecosystem.

Via Satellite: How does ensuring cybersecurity differ between fixed and mobile environments?

Duggal: Intelsat’s infrastructure for both fixed and mobile networks is the same. Some hardware technology may differ slightly, but for us, it will be continuing to focus on our core security measures and ensuring that functional countermeasures and policies are the same. For a network to be as secure as possible, partners need to work together closely to build a comprehensive security posture and strategy in order to protect a customer’s data as it moves through every layer of the network.

Via Satellite: How do you design satellites and systems to ensure that all satellite networks are reliable and can withstand attacks?

Duggal: The three core tenets of security are availability, confidentiality and integrity. Each tenet is the responsibility of a different network partner, and network security is the strongest when all involved parties understand their role and what is required. The satellite operator is responsible for ensuring the availability of the service — or making sure the path between the end users and the teleport is always available.

The second tenet, confidentiality — or how the data passing through the network is stored and in what form it is transmitted and managed — is the responsibility of our customer, usually the service provider. The third piece, integrity of the data passing through the network, is a joint effort between the network provider and the end user. This can involve tasks such as encrypting data moving along the network as well as educating network users to their individual responsibilities when accessing a network via a personal device.

Via Satellite: Are there any specific regions, globally, that present particular threats?

Vinit Duggal, Director and Chief Information Security Officer, Intelsat

Vinit Duggal, Director and Chief Information Security Officer, Intelsat. Photo: Intelsat

Duggal: The typical satellite network architecture is global and spans terrestrial and satellite links as well as cellular, Internet and/or microwave connections. And in today’s communications environment, cybersecurity threats are local, regional and global, and you have to prepare for all three. Our view of the world is that it is an extremely dynamic landscape, and you do not make any assumptions. You want to be ready for any kind of attempt to breach your system wherever it comes from, with no preconception, and you want your security posture to be as comprehensive as possible.

Via Satellite: Can you speak to how new capabilities such as steerable spot beams and High Throughput Satellites (HTS) can help to further communications while protecting against cyber threats?

Duggal: The architecture of our high throughput Intelsat EpicNG platform, combined with our focus on satellite network security, provides a strong basis for hardening a network. The capabilities of our digital payload, the most advanced in the commercial satellite sector today, provide improved jamming and interference protection by helping to identify potential issues and being able to rapidly shift customers out of the impacted spot beams and into beams in which there is no sign of trouble.

Via Satellite: Are there differences in security measures between protecting the space segment and ground segment?

Vinit Duggal: More and more it is hybrid networks that we are operating, and the services that we are selling use both terrestrial and space assets. The types of attacks and responses can vary, but the theory behind protecting both segments is identical. For example, a Distributed Denial of Service (DDOS) attack could take place against the ground segment, while you could have interference issues that create problems with the space segment. Because of the hybrid nature of the network, we are also vulnerable to the threats on terrestrial infrastructure in general, so we have to take care of the entire system.

Via Satellite: Preventing cybersecurity risks requires the whole industry. In your opinion, how can industry as a whole work together to have a stronger defense?

Duggal: We are working together, and there are several working groups in in the satellite and telecommunications sector working on this. Intelsat takes great pride in working with multiple groups — in the private sector and the government — on crafting a stronger global defense posture.

Via Satellite: Can you speak to how increased demand for Airborne Intelligence Surveillance and Reconnaissance (ISR) and Unmanned Aircraft Systems (UAS) applications, as well as higher data rates to support applications is growing the need for mobile satellite capabilities? Are new cyber threats emerging in these areas? And how do you go about combatting new threats?

Duggal: Remotely Piloted Aircraft (RPA) usage continues to grow, both in numbers and sensor capability, escalating the need for bandwidth. This bandwidth requirement can be met with what Intelsat EpicNG can offer, and the digital payload provides the same interference protection to government customers. In addition, the spot beams and wider bandwidth segments support a greater range of protected waveforms, including those being developed by the U.S. military. We also participate in government-industry forums like the Commercial Space Information Security (INFOSEC) Working Group to both ensure we are compliant and to make certain that we help shape the policy to achieve the desired results with the least amount of business disruption. Overall, we are very well positioned to not just meet, but in many cases exceed, security requirements mandated by the Department of Defense (DOD) and our other customers.

Via Satellite: With Intelsat primarily delivering satellite connectivity to passengers in the cabin on aircraft, are you concerned about the connection between In-Flight Entertainment (IFE) and operational connectivity for the cockpit?

Duggal: The bandwidth provided by Intelsat EpicNG would be able to deliver tracking-style services, but “aviation tracking” and “broadband connectivity” are quite distinct services. We do not provide services to the cockpit for operations. We also believe that those two systems on the aircraft should use completely physically independent networks, as this provides the simplest way to alleviate passengers’ fears about whether airplane operations are secure.

Via Satellite: How do you go about securing a Wi-Fi connection for passengers on board an aircraft?

Duggal: Intelsat ensures that the network connection between the satellite and the aircraft is secure. But again, the passengers also play an important role, as the majority connects to the network using their personal devices. Often, the most likely cause of a security breach is users unwittingly introducing security risks via previously penetrated devices that access the network. Each passenger should be made aware of his or her responsibility in securing their devices, and there is plenty of technology available to them to assist with this.