InfraGard CEO: Satellite Operators Need to be Ready for Cyber Attacks
[Via Satellite 02-23-2016] Satellite companies should be ready for increased attention from cyber criminals that will very likely lead to an increase in cyber attacks, according to Jerry Bowman, president and CEO of the InfraGard National Members Alliance. InfraGard is a partnership between the U.S. Federal Bureau of Investigation (FBI) and individuals from the private sector that work together to prevent attacks against the country. The organization covers all 16 critical infrastructures, as defined by the U.S. Department of Homeland Security (DHS), creating a collaborative environment to protect against cyber-intrusions and firm up vulnerabilities.
Bowman told Via Satellite that because satellites influence so many sectors —transportation, finance, military, energy, the environment and more — and consequently cuts across most, if not all, of the 16 critical infrastructures, that satellites are incredibly important to personal, business and government activities. Attempts to interrupt, block or manipulate satellite communications could have serious detrimental effects, and the satellite industry should be ready for more attempts of this nature in the coming years.
“If I were able to give advice to the satellite industry and its companies, it would be to look at the creative and extremely damaging cyber events that have occurred in other areas of technology and business,” Bowman said. “As we harden other areas of our critical infrastructure following successful cyber attacks, it is inevitable that sooner or later the full attention of organized crime, state actors or terrorists will turn to the satellite industry. I would encourage satellite companies to be ready for what’s coming. It’s no longer a question of ‘if,’ it’s a question of ‘when.’”
Bowman said the reputation of the satellite industry is unproven when it comes to cybersecurity. Media reports of vulnerabilities in satellite systems have caused some unease about the industry’s ability to thwart hackers and cybercriminals.
“The general perception of the satellite industry’s preparedness is mixed — with many experts suggesting that it is lagging behind the rest of the communications sector. Events targeting satellites are not isolated and they are likely to increase. The industry needs to spend money on security, to avoid both potential larger financial loss and threats to safety,” he said.
Bowman said cybersecurity strategies are changing today to be more comprehensive. The practice of cybersecurity has shifted from focusing on the “soft aspect of information assurance,” where the mission was protection of data from attacks that compromised its integrity or confidentiality, to expanding to include protection of infrastructure for processing, transporting and storing critical data. According to Bowman, this ranges from the building and building systems that house the data center or enterprise offices, to the factory and production lines that manufacture products.
Bowman said security standards are also shifting away from letting past attacks form the primary basis for new rules, and that this shift has influenced greater collaboration between industry and government.
“Every breach or discovery of a new threat actor has led to a response that attempts to protect against that threat,” he explained. “The evolution of the threat actor has forced government and the private sector to begin to collaborate under the assumption that pooled resources will allow us to get ahead of the bad guys. The objective is to move beyond reactive into proactive cybersecurity, where standards provide both government and industry a reliable roadmap that gives protection against the professional/organized-crime, state-sponsored and terrorist threat actors.”
The FBI supported the creation of InfraGard nearly 20 years ago for this purpose, and today its membership exceeds 44,000 members. Bowman said companies are not members, though industry partners do receive benefits similar to what corporate members would get. He said that, at this stage, he was unaware of satellite companies that are members, but this could be changing as InfraGard is growing at a pace of roughly 1,000 new members per month. Bowman said 4,000 prospective members are being processed, so it is very likely that InfraGard has employees of satellite companies who are among its ranks. These would most likely be in InfraGard’s critical communications sector, which is the organization’s largest group of members.
As InfraGard’s numbers swell, Bowman said Special Interest Groups (SIGs) are growing in importance. He highlighted SIGs as a way satellite professionals could rally together within InfraGard to address cybersecurity concerns unique to the industry.
“SIGs are a growth area for us, which permits communities of professionals to develop a cross-sector mission and organize themselves. Our best example of a successful SIG is our Electromagnetic Pulse (EMP) special interest group. The EMP SIG has gained national attention for the work it has done in identifying the risk and mitigation of EMP threats and threat actors. In fact, they actively hold working group meetings across the U.S. and have released a number of publications that are available via Internet websites. We would be open to facilitating a satellite communications SIG if enough interest was identified within our membership,” said Bowman.