Latest News

Cybersecurity

Experts Say Viasat Cyber Attack Exposed Ground Terminal, Satellite Supply Chain Vulnerabilities

By Mark Holmes | April 11, 2022

      Via Satellite/Freepik illustration

      Space systems face growing security threats, as evidenced by Viasat’s recent security incident. On April 6 in Paris, speakers at CySat, a European event dedicated to cybersecurity for the space industry, discussed how the industry can mitigate such threats. Although the type of attack Viasat experienced is not new, it could be considered a wake up call for the satellite industry, said Adrian Nish, head of Cyber Propositions, BAE Systems Digital Intelligence.

      “It is important to realize, they didn’t access the satellite. Is this the watershed moment for the satellite industry? Only time will tell. It shows we need to raise our game,” he said.

      Nish compared where the satellite industry is now and where the financial services sector was a few years ago. He recalled the hack in 2016 on the Central Bank of Bangladesh in which hackers used the SWIFT network to attempt to steal $1 billion of currency reserves from the Federal Reserve Bank of New York. Five fraudulent instructions were successful in transferring $101 million, but the rest of the attack was thwarted.

      “Everyone was concerned that that SWIFT system itself could be hacked. It opened up doubts about the whole financial ecosystem,” Nish said. “How did the financial system react? SWIFT took the lead. They invested a huge amount even though they weren’t directly hacked. Even though they are not a regulator, they had enough power to get banks to raise their level of security. We need something like that in the satellite industry. Who is that central body or agency who can drive forward with those standards?”

      Nish believes there are two sides to the conversation about the likelihood of attacks on space systems. While it is not impossible to hack a satellite, it requires a significant amount of effort.

      “For hacktivists and criminals, they will go after easy targets, rather than hardened systems,” he said. “Nation states are motivated differently. They have the resources to do reconnaissance, to do months of research. I think it is possible for those high-end actors to get into space systems. I don’t think we will see lots of ransomware attacks against space systems.”

      Nish believes the ground segment of the network is the weakest link. “You need to keep things up to date and patched. The ground segment is what gets targeted. That is where we have seen real world attacks. Your whole system is only as secure as the weakest link.”

      Adrian Perrig, co-founder and board member of Anapaya Systems, a Swiss provider of private networks, said the industry is seeing growing threats to satellite links and that inter-satellite links could be quite vulnerable.

      “[These type of attacks] could remove the availability for communications. We have studied this. There are different types of attacks. The easiest attack is the jamming of uplinks,” Perrig said. “The Viasat attack shows the terminal is vulnerable. These are the most exploited threat vectors. With upcoming LEO [Low-Earth Orbit] constellations, there will be shared inter-satellite links. These links could be susceptible to attacks, as the satellite network will cover the whole globe. The attacker can use these global communications links to their advantage.”

      Florent Rizzo, CEO and analyst of CyberInflight, echoed these sentiments. He said direct attacks are more likely to take place on the ground segment, whereas the indirect attack could happen on the supply chain. “Most attacks on satellites have targeted the signal itself. Very few have targeted the payload. There is really an interest for the signal. It is the easiest way to impact the signal. When we see geopolitical events, we see attacks on the signal,” he said.

      Etienne Gérain, CEO of Priamos, which provides information security guidance for organizations, said the industry needs to build security into its designs.

      “We need to build software and materials, space segment and ground segment that is secured by default. This is the main point. Security by darkness is not sufficient. Here we are talking about satellite security and interaction with the ground. We need to secure the ground systems first. We cannot avoid to secure space,” Gérain said. “The ground system is a priority.”

      Gérain also talked about the needs to secure the whole supply chain, before thinking of operational models and activities. He believes companies that are building constellations need to be supported by an ecosystem with a number of suppliers. He believes this can be difficult to request all companies to secure their own infrastructure and supply chains. Doing strong and proper risk analysis is key.

      “We don’t have to ask ourselves that an attack will be performed, but when it will be performed. Do we underestimate or overestimate threats?” Gérain said. “Risk analysis means we can estimate threats correctly. We need to share information together. When we are assessing risk, we are trying to assess the likelihood of an event and when it can occur or not. We need to assess the probability of that. Firstly, we have the likelihood, and secondly the impact.”

      Perrig spoke about the costs involved in security, and how this will be a major issue going forward. Security has a cost and perfect security can be extremely expensive. Some may try to invest less in the hope that they won’t suffer a catastrophic incident. One of the interesting developments, he said, is that startups can take advantage of new service offerings and outsource some of their needs to more experienced companies. He highlighted the number of ground segment as a service offerings, which can offer solutions to new companies where costs need to be kept in check, but can still have high levels of security.

      Nish believes startups have some advantages, even if they don’t have huge budgets. He points to the fact that they can use the latest technologies, and not constrained by decades old technologies. He said he would encourage them to embrace the cloud, talk with others, and develop best practices.

      Rizzo believes better information will be key to the space industry avoiding highly damaging attacks, and the research community will play an increasingly important role.

      “Maturity is linked to the quality of information sharing and the quality of discussion between different groups. You have the Space ISAC. This is very important. I think that is interesting to have this in mind. The quality of information sharing is linked to the quality of the ecosystem.”

      Comments