The Era of Hybrid Warfare: How Space Became the Latest Dimension in Conflict
PARIS — Speaking at the Cysat event in Paris, France, Greg Wyler, founder and CEO of E-Space, said that gateways are the biggest security vulnerability in today’s satellite networks.
“We [E-Space] have no gateways. This is the largest attack surface,” said Wyler, who is also speaking at the CyberLEO event next month. “The gateway is a giant, vulnerable elephant to be eaten. Gateways are a huge topic. I don’t think many satellite companies have really looked through every attack vector. The Viasat [attack in Europe] came through the gateway. The gateways are really easy [to attack]. They have a fence around them. It is a key point, and weakness. They are easy to access for a foreign actor.”
Even though it was over a year ago, the attack on Viasat’s network at the dawn of Russia’s invasion of the Ukraine was a topic that dominated discussion at the event. Clémence Poirier, research fellow at the European Space Policy Institute (ESPI), talked in-depth about the numbers of attacks and the significance of them. She called the Viasat hack a ‘Black Swan’ moment for the industry. “Companies understood they need to allocate budgets for cybersecurity. They understood the need to implement cybersecurity measures. But, it will take time for things to change. It was an alarm raising event for the industry,” she said.
Poirier sees supply chains becoming a “very weak link” in the security chain due to New Space companies often not investing enough in security, as well as the use of commercial off-the-shelf components.
As a result, attacks against VPN networks are becoming “rather common” in the aerospace sector, which Poirier claims has not heeded warnings. She said, “In the past decade, security researchers and cybersecurity companies, such as IOActive, have warned the satellite industry over the presence of critical software and hardware vulnerabilities. These have been largely ignored.”
So, what were the other lessons learned from the Viasat hack? Poirer said it showed that commercial space systems were easy targets for cyberattacks during a conflict. She said it showed that there are “endless vulnerabilities” in commercial space infrastructure. “There needs to be dedicated cybersecurity budget. The lack of space capabilities also creates cybersecurity issues in armed conflict. Russia demonstrated a much lower use of secure satcom use than expected. Ukraine has been able to eavesdrop on them. You need to have satellite capabilities to secure the battlefield.”
One of the main speakers on day one of Cysat was Oleksandr Potii, Brig. Gen. Deputy General Head of the SSSCIP (State Service of Special Communications and Information Protection) of Ukraine, who spoke via a video link from Kyiv. He said that Russia’s full-scale invasion of Ukraine was significant because it was the first armed conflict where cyberspace is a fully-fledged war domain. He said that the SSSCIP was tracking activity from 80+ hacking groups. Around 90% of Russian hacking groups are coordinated by Russian military command or linked to the government, he said.
Potii called it “hybrid warfare” on the battlefield. “They use all kind of attacks now. They are combining cyberattacks, PsyOps and conventional warfare. Satellite infrastructure is vulnerable. Cyber protection is vital.”
Potii also hailed the importance of Starlink in areas such as enabling key infrastructure, helping Ukrainian companies have communications, as well as helping in areas such as emergency services. He said, “Starlink terminals have been very important where infrastructure has been destroyed. We are able to give internet service to our citizens at these times. We have maybe 10,000 Starlink terminals in Ukraine, but I don’t have the exact number.” Potii said the cyber attacks that were hitting Ukraine were not “a big surprise to us.”
He added, “We were ready to react to these cyberattacks. Our specialists were not surprised of a cyberattacks on satellites. We quickly reacted. It did not have a huge negative impact on our military communications. Satellites have really helped us to build alternative communications for Internet communications.”
Potii also said that Russia was using satellite technology to spread their propaganda and that they are focusing on some 70 million Russian speaking people from the British Isles to the Urals. “Russia engages the inhabitants of the temporarily controlled areas into the Russian world. There are local channels. Russian sees satellite TV as a way of isolating people from information. Ukraine’s efforts to stop this disinformation is key part of our space efforts.”
Guillaume de La Brosse, head of Space Innovation, Start-Ups, Economics, DG Defence Industry and Space for the European Commission admitted that the stakes are getting “higher and higher” when it comes to security and space. “Space is no longer immune from actors – state or non-state actors. The Commission is aware about this. Space is becoming more contested. Space is becoming a critical infrastructure,” he said.
One of things the EU wants to do is bring a greater collaboration in this area. In this regard, it is proposing an EU-ISAC, or information sharing and analysis center. “We know our U.S. friends have already done it. We want to develop and put it together in Europe. We need to have protection of the industrial value chain. We have tools at the European level. We need to provide a regulatory framework at EU level, even though many member states are developing national space strategies and laws.”